Merge pull request #8334 from owncloud/fix-space-permission-checks

Fix space permission checks

changelog/unreleased/enhancement-spaces-list-in-admin-settings

@@ -22,5 +22,6 @@ https://github.com/owncloud/web/pull/8273
 https://github.com/owncloud/web/pull/8268
 https://github.com/owncloud/web/pull/8233
 https://github.com/owncloud/web/pull/8333
+https://github.com/owncloud/web/pull/8334
 https://github.com/owncloud/web/issues/8219
 https://github.com/owncloud/web/issues/8267

packages/web-client/src/helpers/resource/types.ts

@@ -49,18 +49,18 @@ export interface Resource {
   driveAlias?: string
 
   canCreate?(): boolean
-  canUpload?(): boolean
+  canUpload?({ user }: { user?: User }): boolean
   canDownload?(): boolean
-  canShare?(): boolean
-  canRename?(): boolean
-  canBeDeleted?(): boolean
+  canShare?({ user }: { user?: User }): boolean
+  canRename?({ user }: { user?: User }): boolean
+  canBeDeleted?({ user }: { user?: User }): boolean
   canBeRestored?(): boolean
   canDeny?(): boolean
-  canEditDescription?(): boolean
-  canRestore?(): boolean
-  canDisable?(): boolean
-  canEditImage?(): boolean
-  canEditReadme?(): boolean
+  canEditDescription?({ user }: { user?: User }): boolean
+  canRestore?({ user }: { user?: User }): boolean
+  canDisable?({ user }: { user?: User }): boolean
+  canEditImage?({ user }: { user?: User }): boolean
+  canEditReadme?({ user }: { user?: User }): boolean
   canEditSpaceQuota?(): boolean
   canEditTags?(): boolean
 

packages/web-client/src/helpers/space/functions.ts

@@ -171,26 +171,19 @@ export function buildSpace(data): SpaceResource {
       return true
     },
     canBeDeleted: function ({ user }: { user?: User } = {}) {
-      return (
-        this.disabled && (user?.roles?.find((r) => r.name === 'spaceadmin') || this.isManager(user))
-      )
+      return this.disabled && (user?.role?.name === 'spaceadmin' || this.isManager(user))
     },
     canRename: function ({ user }: { user?: User } = {}) {
-      return user?.roles?.find((r) => r.name === 'spaceadmin') || this.isManager(user)
+      return user?.role?.name === 'spaceadmin' || this.isManager(user)
     },
     canEditDescription: function ({ user }: { user?: User } = {}) {
-      return user?.roles?.find((r) => r.name === 'spaceadmin') || this.isManager(user)
+      return user?.role?.name === 'spaceadmin' || this.isManager(user)
     },
     canRestore: function ({ user }: { user?: User } = {}) {
-      return (
-        this.disabled && (user?.roles?.find((r) => r.name === 'spaceadmin') || this.isManager(user))
-      )
+      return this.disabled && (user?.role?.name === 'spaceadmin' || this.isManager(user))
     },
     canDisable: function ({ user }: { user?: User } = {}) {
-      return (
-        !this.disabled &&
-        (user?.roles?.find((r) => r.name === 'spaceadmin') || this.isManager(user))
-      )
+      return !this.disabled && (user?.role?.name === 'spaceadmin' || this.isManager(user))
     },
     canShare: function ({ user }: { user?: User } = {}) {
       return this.isManager(user)

packages/web-client/tests/unit/helpers/space/functions.spec.ts

@@ -50,4 +50,217 @@ describe('buildSpace', () => {
       expect(space.isManager(mock<User>({ uuid }))).toBe(data.expectedResult)
     })
   })
+
+  it.each([
+    { role: spaceRoleViewer.name, expectedResult: false },
+    { role: spaceRoleEditor.name, expectedResult: true },
+    { role: spaceRoleManager.name, expectedResult: true }
+  ])('canUpload', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.role, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(space.canUpload({ user: mock<User>({ uuid }) })).toBe(data.expectedResult)
+  })
+
+  it.each([
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleManager.name,
+      spaceDisabled: true,
+      expectedResult: true
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleEditor.name,
+      spaceDisabled: true,
+      expectedResult: false
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: true,
+      expectedResult: false
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: true,
+      expectedResult: true
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: false,
+      expectedResult: false
+    }
+  ])('canBeDeleted', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.spaceRole, grantedToIdentities: [{ user: { id: uuid } }] }],
+        ...(data.spaceDisabled && { deleted: { state: 'trashed' } })
+      }
+    }) as ProjectSpaceResource
+    expect(space.canBeDeleted({ user: mock<User>({ uuid, role: { name: data.userRole } }) })).toBe(
+      data.expectedResult
+    )
+  })
+
+  it.each([
+    { userRole: 'user', spaceRole: spaceRoleManager.name, expectedResult: true },
+    { userRole: 'user', spaceRole: spaceRoleEditor.name, expectedResult: false },
+    { userRole: 'user', spaceRole: spaceRoleViewer.name, expectedResult: false },
+    { userRole: 'spaceadmin', spaceRole: spaceRoleViewer.name, expectedResult: true }
+  ])('canRename', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.spaceRole, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(space.canRename({ user: mock<User>({ uuid, role: { name: data.userRole } }) })).toBe(
+      data.expectedResult
+    )
+  })
+
+  it.each([
+    { userRole: 'user', spaceRole: spaceRoleManager.name, expectedResult: true },
+    { userRole: 'user', spaceRole: spaceRoleEditor.name, expectedResult: false },
+    { userRole: 'user', spaceRole: spaceRoleViewer.name, expectedResult: false },
+    { userRole: 'spaceadmin', spaceRole: spaceRoleViewer.name, expectedResult: true }
+  ])('canEditDescription', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.spaceRole, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(
+      space.canEditDescription({ user: mock<User>({ uuid, role: { name: data.userRole } }) })
+    ).toBe(data.expectedResult)
+  })
+
+  it.each([
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleManager.name,
+      spaceDisabled: true,
+      expectedResult: true
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleEditor.name,
+      spaceDisabled: true,
+      expectedResult: false
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: true,
+      expectedResult: false
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: true,
+      expectedResult: true
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: false,
+      expectedResult: false
+    }
+  ])('canRestore', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.spaceRole, grantedToIdentities: [{ user: { id: uuid } }] }],
+        ...(data.spaceDisabled && { deleted: { state: 'trashed' } })
+      }
+    }) as ProjectSpaceResource
+    expect(space.canRestore({ user: mock<User>({ uuid, role: { name: data.userRole } }) })).toBe(
+      data.expectedResult
+    )
+  })
+
+  it.each([
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleManager.name,
+      spaceDisabled: false,
+      expectedResult: true
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleEditor.name,
+      spaceDisabled: false,
+      expectedResult: false
+    },
+    {
+      userRole: 'user',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: false,
+      expectedResult: false
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: false,
+      expectedResult: true
+    },
+    {
+      userRole: 'spaceadmin',
+      spaceRole: spaceRoleViewer.name,
+      spaceDisabled: true,
+      expectedResult: false
+    }
+  ])('canDisable', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.spaceRole, grantedToIdentities: [{ user: { id: uuid } }] }],
+        ...(data.spaceDisabled && { deleted: { state: 'trashed' } })
+      }
+    }) as ProjectSpaceResource
+    expect(space.canDisable({ user: mock<User>({ uuid, role: { name: data.userRole } }) })).toBe(
+      data.expectedResult
+    )
+  })
+
+  it.each([
+    { role: spaceRoleManager.name, expectedResult: true },
+    { role: spaceRoleEditor.name, expectedResult: false },
+    { role: spaceRoleViewer.name, expectedResult: false }
+  ])('canShare', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.role, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(space.canShare({ user: mock<User>({ uuid }) })).toBe(data.expectedResult)
+  })
+
+  it.each([
+    { role: spaceRoleManager.name, expectedResult: true },
+    { role: spaceRoleEditor.name, expectedResult: true },
+    { role: spaceRoleViewer.name, expectedResult: false }
+  ])('canEditImage', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.role, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(space.canEditImage({ user: mock<User>({ uuid }) })).toBe(data.expectedResult)
+  })
+
+  it.each([
+    { role: spaceRoleManager.name, expectedResult: true },
+    { role: spaceRoleEditor.name, expectedResult: true },
+    { role: spaceRoleViewer.name, expectedResult: false }
+  ])('canEditReadme', (data) => {
+    const space = buildSpace({
+      root: {
+        permissions: [{ roles: data.role, grantedToIdentities: [{ user: { id: uuid } }] }]
+      }
+    }) as ProjectSpaceResource
+    expect(space.canEditReadme({ user: mock<User>({ uuid }) })).toBe(data.expectedResult)
+  })
 })