🐛 User is not able to delete or move files that was share with him (#392

)
linagora · Feb 29, 2024 · cb3dcb1 · cb3dcb1
1 parent 4f372ad
commit cb3dcb1
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 38 deletions.
diff --git a/.run/Run all e2e [OpenSearch].run.xml b/.run/Run all e2e [OpenSearch].run.xml
@@ -4,7 +4,7 @@
     <node-options value="--experimental-specifier-resolution=node --experimental-vm-modules" />
     <jest-package value="$PROJECT_DIR$/tdrive/backend/node/node_modules/jest" />
     <working-dir value="$PROJECT_DIR$/tdrive/backend/node" />
-    <jest-options value="--forceExit --coverage --maxWorkers=1" />
+    <jest-options value="--forceExit --coverage --maxWorkers=1 --testTimeout=30000" />
     <envs>
       <env name="DB_DRIVER" value="postgres" />
       <env name="DB_MONGO_URI" value="mongodb://localhost:27017" />

diff --git a/tdrive/backend/node/src/services/documents/services/access-check.ts b/tdrive/backend/node/src/services/documents/services/access-check.ts
@@ -419,7 +419,7 @@ export const getItemScope = async (
   context: CompanyExecutionContext,
 ): Promise<"personal" | "shared"> => {
   let scope: "personal" | "shared";
-  if (item.parent_id === "user_" + context.user?.id) {
+  if (item.parent_id.startsWith("user_")) {
     scope = "personal";
   } else if (item.parent_id === "root") {
     scope = "shared";

diff --git a/tdrive/backend/node/src/services/documents/services/index.ts b/tdrive/backend/node/src/services/documents/services/index.ts
@@ -467,6 +467,7 @@ export class DocumentsService {
         if ((content as any)[key]) {
           if (
             key === "parent_id" &&
+            oldParent !== item.parent_id &&
             !(await canMoveItem(item.id, content.parent_id, this.repository, context))
           ) {
             throw Error("Move operation not permitted");
@@ -495,7 +496,7 @@ export class DocumentsService {
               });
             }
 
-            item.access_info.entities.forEach(async info => {
+            item.access_info.entities.forEach(info => {
               if (!info.grantor) {
                 info.grantor = context.user.id;
               }
@@ -528,14 +529,11 @@ export class DocumentsService {
 
       if (oldParent) {
         item.scope = await getItemScope(item, this.repository, context);
-        this.repository.save(item);
+        await this.repository.save(item);
 
         await updateItemSize(oldParent, this.repository, context);
-        this.notifyWebsocket(oldParent, context);
       }
 
-      this.notifyWebsocket(item.parent_id, context);
-
       if (item.parent_id === this.TRASH) {
         //When moving to trash we recompute the access level to make them flat
         item.access_info = await makeStandaloneAccessLevel(
@@ -715,7 +713,7 @@ export class DocumentsService {
       throw new CrudException("User does not have access to this item or its children", 401);
     }
 
-    if (isInTrash(item, this.repository, context)) {
+    if (await isInTrash(item, this.repository, context)) {
       if (item.is_in_trash != true) {
         if (item.scope === "personal") {
           item.parent_id = "user_" + context.user.id;
@@ -726,9 +724,7 @@ export class DocumentsService {
         item.is_in_trash = false;
       }
     }
-    this.repository.save(item);
-
-    this.notifyWebsocket("trash", context);
+    await this.repository.save(item);
   };
 
   /**
@@ -805,10 +801,9 @@ export class DocumentsService {
         notificationReceiver: item.creator,
       });
 
-      this.notifyWebsocket(item.parent_id, context);
       await updateItemSize(item.parent_id, this.repository, context);
 
-      globalResolver.platformServices.messageQueue.publish<DocumentsMessageQueueRequest>(
+      await globalResolver.platformServices.messageQueue.publish<DocumentsMessageQueueRequest>(
         "services:documents:process",
         {
           data: {
@@ -938,7 +933,7 @@ export class DocumentsService {
       }
     }
 
-    archive.finalize();
+    await archive.finalize();
 
     return archive;
   };

diff --git a/tdrive/backend/node/src/services/user/services/external_links/index.ts b/tdrive/backend/node/src/services/user/services/external_links/index.ts
@@ -42,25 +42,4 @@ export class UserExternalLinksServiceImpl {
 
     return user;
   }
-
-  async createExternalGroup(
-    group: ExternalGroup,
-    context?: ExecutionContext,
-  ): Promise<ExternalGroup> {
-    await this.externalGroupRepository.save(group, context);
-
-    //Save company provider and provider id here
-    const internalCompany = await this.companyRepository.findOne(
-      { id: group.company_id },
-      {},
-      context,
-    );
-    if (internalCompany) {
-      internalCompany.identity_provider = group.service_id;
-      internalCompany.identity_provider_id = group.external_id;
-      this.companyRepository.save(internalCompany, context);
-    }
-
-    return group;
-  }
 }
diff --git a/tdrive/backend/node/test/e2e/common/user-api.ts b/tdrive/backend/node/test/e2e/common/user-api.ts
@@ -366,5 +366,13 @@ export default class UserApi {
 
     return deserialize<UserQuota>(UserQuotaMockClass, response.body);
   }
+
+  async delete(id: string) {
+    return await this.platform.app.inject({
+      method: "DELETE",
+      url: `${UserApi.DOC_URL}/companies/${this.platform.workspace.company_id}/item/${id}`,
+      headers: { "authorization": `Bearer ${this.jwt}` },
+    });
+  }
 }
 
diff --git a/tdrive/backend/node/test/e2e/documents/documents-browser.spec.ts b/tdrive/backend/node/test/e2e/documents/documents-browser.spec.ts
@@ -6,7 +6,6 @@ import UserApi from "../common/user-api";
 describe("The Documents Browser Window and API", () => {
   let platform: TestPlatform;
   let currentUser: UserApi;
-  let dbService: TestDbService;
 
   beforeEach(async () => {
     platform = await init({
@@ -27,7 +26,6 @@ describe("The Documents Browser Window and API", () => {
       ],
     });
     currentUser = await UserApi.getInstance(platform);
-    dbService = await TestDbService.getInstance(platform, true);
   });
 
   afterAll(async () => {
@@ -130,7 +128,6 @@ describe("The Documents Browser Window and API", () => {
     });
 
     it("Should return ALL the files that was share by user at one", async () => {
-      const sharedWIthMeFolder = "shared_with_me";
       const oneUser = await UserApi.getInstance(platform, true, {companyRole: "admin"});
       const anotherUser = await UserApi.getInstance(platform, true, {companyRole: "admin"});
 
@@ -152,6 +149,27 @@ describe("The Documents Browser Window and API", () => {
       //then file become searchable
       expect((await anotherUser.browseDocuments("shared_with_me", {pagination: {limitStr: 100}})).children).toHaveLength(1);
     });
+
+    it("User should be able to delete file that was shared with him with right permissions", async () => {
+      const oneUser = await UserApi.getInstance(platform, true, {companyRole: "admin"});
+      const anotherUser = await UserApi.getInstance(platform, true, {companyRole: "admin"});
+
+      let files = await oneUser.uploadAllFilesOneByOne("user_" + oneUser.user.id);
+      await new Promise(r => setTimeout(r, 5000));
+
+      let toDeleteDoc = files[2];
+      toDeleteDoc.access_info.entities.push({
+        type: "user",
+        id: anotherUser.user.id,
+        level: "manage",
+        grantor: null,
+      });
+      await oneUser.updateDocument(toDeleteDoc.id, toDeleteDoc);
+
+      const response = await anotherUser.delete(toDeleteDoc.id);
+      expect(response.statusCode).toBe(200);
+    });
+
   });
 });