GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc01deeefda2c893ad5f2790bde84ea9c99f1d5e
outline/server/utils/permissions.test.ts
T
dependabot[bot] fc01deeefd chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1 (#12320) 
* chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1

Bumps [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) from 0.14.2 to 0.22.1.
- [Release notes](https://github.com/oxc-project/tsgolint/releases)
- [Commits](https://github.com/oxc-project/tsgolint/compare/v0.14.2...v0.22.1)

---
updated-dependencies:
- dependency-name: oxlint-tsgolint
  dependency-version: 0.22.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Switch tsconfig to bundler resolution for tsgolint 0.22.1

oxlint-tsgolint 0.22.1 removed support for moduleResolution=node10
(the alias for "node"). Switch to "bundler" with resolvePackageJsonExports
disabled so packages whose exports field omits a types condition still
resolve. Update markdown-it type imports to sub-paths since the package's
.d.mts entry only re-exports a subset of named types.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: Resolve type-aware lint errors caught by tsgolint 0.22.1

oxlint-tsgolint 0.22.1 catches several await-thenable, no-floating-promises,
and no-meaningless-void-operator cases the prior 0.14.2 missed:

- Drop redundant inner `await` from Promise.all([await x, await y]) call sites
  so the array entries are real Promises rather than already-resolved values.
- Replace Promise.all wrappers around synchronous presenters (presentEvent,
  presentTemplate, presentPublicTeam) with plain map / direct calls.
- Wrap non-promise branches of ternaries inside Promise.all with
  Promise.resolve so the array remains thenable across both arms.
- Add `void` to the unawaited provider.connect() in the auth-failed retry
  chain, and remove `void` from the disconnect() call which returns void.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-12 07:59:13 -04:00

306 lines
8.7 KiB
TypeScript
Raw Blame History

import { CollectionPermission, DocumentPermission } from "@shared/types";
import { GroupMembership, UserMembership } from "@server/models";
import {
buildCollection,
buildDocument,
buildGroup,
buildGroupUser,
buildUser,
} from "@server/test/factories";
import { getDocumentPermission, isElevatedPermission } from "./permissions";
describe("permissions", () => {
describe("isElevatedPermission", () => {
it("should return false when user has higher permission through collection", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
await UserMembership.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.ReadWrite,
});
const isElevated = await isElevatedPermission({
userId: user.id,
documentId: document.id,
permission: DocumentPermission.Read,
});
expect(isElevated).toBe(false);
});
it("should return false when user has higher permission through document", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const group = await buildGroup();
await Promise.all([
buildGroupUser({
groupId: group.id,
userId: user.id,
teamId: user.teamId,
}),
UserMembership.create({
createdById: user.id,
documentId: document.id,
userId: user.id,
permission: DocumentPermission.Read,
}),
GroupMembership.create({
createdById: user.id,
documentId: document.id,
groupId: group.id,
permission: DocumentPermission.ReadWrite,
}),
]);
const isElevated = await isElevatedPermission({
userId: user.id,
documentId: document.id,
permission: DocumentPermission.Read,
});
expect(isElevated).toBe(false);
});
it("should return false when user has the same permission", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const group = await buildGroup();
await Promise.all([
buildGroupUser({
groupId: group.id,
userId: user.id,
teamId: user.teamId,
}),
UserMembership.create({
createdById: user.id,
documentId: document.id,
userId: user.id,
permission: DocumentPermission.Read,
}),
GroupMembership.create({
createdById: user.id,
documentId: document.id,
groupId: group.id,
permission: DocumentPermission.ReadWrite,
}),
]);
const isElevated = await isElevatedPermission({
userId: user.id,
documentId: document.id,
permission: DocumentPermission.ReadWrite,
});
expect(isElevated).toBe(false);
});
it("should return true when user has lower permission", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const group = await buildGroup();
await Promise.all([
buildGroupUser({
groupId: group.id,
userId: user.id,
teamId: user.teamId,
}),
UserMembership.create({
createdById: user.id,
documentId: document.id,
userId: user.id,
permission: DocumentPermission.Read,
}),
GroupMembership.create({
createdById: user.id,
documentId: document.id,
groupId: group.id,
permission: DocumentPermission.ReadWrite,
}),
]);
const isElevated = await isElevatedPermission({
userId: user.id,
documentId: document.id,
permission: DocumentPermission.Admin,
});
expect(isElevated).toBe(true);
});
it("should return true when user does not have access", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const isElevated = await isElevatedPermission({
userId: user.id,
documentId: document.id,
permission: DocumentPermission.Admin,
});
expect(isElevated).toBe(true);
});
});
describe("getDocumentPermission", () => {
it("should return the highest provided permission through collection", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
await UserMembership.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.ReadWrite,
});
const permission = await getDocumentPermission({
userId: user.id,
documentId: document.id,
});
expect(permission).toEqual(DocumentPermission.ReadWrite);
});
it("should return the highest provided permission through document", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const group = await buildGroup();
await Promise.all([
buildGroupUser({
groupId: group.id,
userId: user.id,
teamId: user.teamId,
}),
UserMembership.create({
createdById: user.id,
documentId: document.id,
userId: user.id,
permission: DocumentPermission.Read,
}),
GroupMembership.create({
createdById: user.id,
documentId: document.id,
groupId: group.id,
permission: DocumentPermission.ReadWrite,
}),
]);
const permission = await getDocumentPermission({
userId: user.id,
documentId: document.id,
});
expect(permission).toEqual(DocumentPermission.ReadWrite);
});
it("should return the highest provided permission with skipped membership", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const group = await buildGroup();
const [, , groupMembership] = await Promise.all([
buildGroupUser({
groupId: group.id,
userId: user.id,
teamId: user.teamId,
}),
UserMembership.create({
createdById: user.id,
documentId: document.id,
userId: user.id,
permission: DocumentPermission.Read,
}),
GroupMembership.create({
createdById: user.id,
documentId: document.id,
groupId: group.id,
permission: DocumentPermission.ReadWrite,
}),
]);
const permission = await getDocumentPermission({
userId: user.id,
documentId: document.id,
skipMembershipId: groupMembership.id,
});
expect(permission).toEqual(DocumentPermission.Read);
});
it("should return undefined when user does not have access", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const document = await buildDocument({
collectionId: collection.id,
teamId: user.teamId,
});
const permission = await getDocumentPermission({
userId: user.id,
documentId: document.id,
});
expect(permission).toBeUndefined();
});
});
});
Reference in New Issue View Git Blame Copy Permalink