From 9c9f5cc3af318f32ba5b583a2329b02afa574d96 Mon Sep 17 00:00:00 2001 From: Tom Moor Date: Sat, 6 Jun 2026 10:23:38 -0400 Subject: [PATCH] Treat legacy boolean commenting preference as disabled Teams not yet migrated to the CommentingAccess enum may still have a boolean `false` stored for the commenting preference. Guard the enabled checks so `false` reads as disabled rather than enabled. Co-Authored-By: Claude Opus 4.8 --- app/models/Team.ts | 6 +++--- server/middlewares/feature.ts | 9 +++++---- server/policies/document.ts | 3 ++- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/app/models/Team.ts b/app/models/Team.ts index d9f6b2637b..a276fa9032 100644 --- a/app/models/Team.ts +++ b/app/models/Team.ts @@ -106,9 +106,9 @@ class Team extends Model { */ @computed get commentingEnabled(): boolean { - return ( - this.getPreference(TeamPreference.Commenting) !== CommentingAccess.None - ); + const access = this.getPreference(TeamPreference.Commenting); + // A legacy boolean `false` (team not yet migrated) means disabled. + return access !== CommentingAccess.None && access !== false; } /** diff --git a/server/middlewares/feature.ts b/server/middlewares/feature.ts index 2a9d06a08d..120db72421 100644 --- a/server/middlewares/feature.ts +++ b/server/middlewares/feature.ts @@ -28,10 +28,11 @@ export function commentingEnabled() { ctx: APIContext, next: Next ) { - if ( - ctx.state.auth.user.team.getPreference(TeamPreference.Commenting) === - CommentingAccess.None - ) { + const commenting = ctx.state.auth.user.team.getPreference( + TeamPreference.Commenting + ); + // A legacy boolean `false` (team not yet migrated) means disabled. + if (commenting === CommentingAccess.None || commenting === false) { throw ValidationError("Commenting is currently disabled"); } return next(); diff --git a/server/policies/document.ts b/server/policies/document.ts index 04313e27a0..eade5da3d6 100644 --- a/server/policies/document.ts +++ b/server/policies/document.ts @@ -56,7 +56,8 @@ allow(User, "comment", Document, (actor, document) => { !!document?.isActive, isTeamMutable(actor), can(actor, "read", document), - commenting !== CommentingAccess.None, + // A legacy boolean `false` (team not yet migrated) means disabled. + commenting !== CommentingAccess.None && commenting !== false, or(!actor.isGuest, commenting === CommentingAccess.Everyone), or(!document?.collection, document?.collection?.commenting !== false) );