mirror of
https://github.com/mattermost/focalboard.git
synced 2024-12-21 13:38:56 +02:00
(cherry picked from commit d10e4070ba
)
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
This commit is contained in:
parent
7d75aee495
commit
ce23928745
@ -54,6 +54,10 @@ func (a *Auth) IsValidReadToken(boardID string, readToken string) (bool, error)
|
||||
return false, err
|
||||
}
|
||||
|
||||
if !a.config.EnablePublicSharedBoards {
|
||||
return false, errors.New("public shared boards disabled")
|
||||
}
|
||||
|
||||
if sharing != nil && (sharing.ID == boardID && sharing.Enabled && sharing.Token == readToken) {
|
||||
return true, nil
|
||||
}
|
||||
|
@ -581,6 +581,35 @@ func TestPermissionsGetBoard(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestPermissionsGetBoardPublic(t *testing.T) {
|
||||
ttCases := []TestCase{
|
||||
{"/boards/{PRIVATE_BOARD_ID}?read_token=invalid", methodGet, "", userAnon, http.StatusUnauthorized, 0},
|
||||
{"/boards/{PRIVATE_BOARD_ID}?read_token=valid", methodGet, "", userAnon, http.StatusUnauthorized, 1},
|
||||
{"/boards/{PRIVATE_BOARD_ID}?read_token=invalid", methodGet, "", userNoTeamMember, http.StatusForbidden, 0},
|
||||
{"/boards/{PRIVATE_BOARD_ID}?read_token=valid", methodGet, "", userTeamMember, http.StatusForbidden, 1},
|
||||
}
|
||||
t.Run("plugin", func(t *testing.T) {
|
||||
th := SetupTestHelperPluginMode(t)
|
||||
defer th.TearDown()
|
||||
cfg := th.Server.Config()
|
||||
cfg.EnablePublicSharedBoards = false
|
||||
th.Server.UpdateAppConfig()
|
||||
clients := setupClients(th)
|
||||
testData := setupData(t, th)
|
||||
runTestCases(t, ttCases, testData, clients)
|
||||
})
|
||||
t.Run("local", func(t *testing.T) {
|
||||
th := SetupTestHelperLocalMode(t)
|
||||
defer th.TearDown()
|
||||
cfg := th.Server.Config()
|
||||
cfg.EnablePublicSharedBoards = false
|
||||
th.Server.UpdateAppConfig()
|
||||
clients := setupLocalClients(th)
|
||||
testData := setupData(t, th)
|
||||
runTestCases(t, ttCases, testData, clients)
|
||||
})
|
||||
}
|
||||
|
||||
func TestPermissionsPatchBoard(t *testing.T) {
|
||||
ttCases := []TestCase{
|
||||
{"/boards/{PRIVATE_BOARD_ID}", methodPatch, "{\"title\": \"test\"}", userAnon, http.StatusUnauthorized, 0},
|
||||
|
Loading…
Reference in New Issue
Block a user