fix(hub-discussions): user can read channel if group is non-discussab…

…le (#1201)
Esri · Sep 7, 2023 · 28d61f3 · 28d61f3
1 parent 1961c7c
commit 28d61f3
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 4 deletions.
diff --git a/packages/discussions/src/utils/channel-permission.ts b/packages/discussions/src/utils/channel-permission.ts
@@ -132,8 +132,14 @@ export class ChannelPermission {
     return groupAccessControls.some((permission) => {
       const group = userGroupsById[permission.key];
 
-      if (!group || !isGroupDiscussable(group)) {
-        return false;
+      if (action === ChannelAction.READ_POSTS) {
+        if (!group) {
+          return false;
+        }
+      } else {
+        if (!group || !isGroupDiscussable(group)) {
+          return false;
+        }
       }
 
       return (

diff --git a/packages/discussions/test/utils/channel-permission.test.ts b/packages/discussions/test/utils/channel-permission.test.ts
@@ -1530,6 +1530,29 @@ describe("ChannelPermission class", () => {
 
         expect(channelPermission.canReadChannel(user)).toBe(false);
       });
+
+      it("returns true if user logged in and in non-discussable group", async () => {
+        const user = buildUser({
+          groups: [buildGroup("groupND", "member", [CANNOT_DISCUSS])],
+        });
+        const channelAcl = [
+          {
+            category: AclCategory.GROUP,
+            subCategory: AclSubCategory.MEMBER,
+            key: "groupND",
+            role: Role.READ, // members write
+          },
+          {
+            category: AclCategory.GROUP,
+            subCategory: AclSubCategory.ADMIN,
+            key: "groupND",
+            role: Role.READ, // members write
+          },
+        ] as IChannelAclPermission[];
+        const channelPermission = new ChannelPermission(channelAcl, "foo");
+
+        expect(channelPermission.canReadChannel(user)).toBe(true);
+      });
     });
 
     describe("Anonymous User Permissions", () => {
@@ -1766,7 +1789,7 @@ describe("ChannelPermission class", () => {
         expect(channelPermission.canReadChannel(user)).toBe(true);
       });
 
-      it("returns false if user is group member in permissions list but the group is not discussable", async () => {
+      it("returns true if user is group member in permissions list but the group is not discussable", async () => {
         const user = buildUser({
           orgId: orgId1,
           groups: [
@@ -1790,7 +1813,7 @@ describe("ChannelPermission class", () => {
 
         const channelPermission = new ChannelPermission(channelAcl, "foo");
 
-        expect(channelPermission.canReadChannel(user)).toBe(false);
+        expect(channelPermission.canReadChannel(user)).toBe(true);
       });
 
       it("returns false if user is group admin but group is not in permissions list", async () => {