mirror of
https://github.com/mattermost/focalboard.git
synced 2025-01-11 18:13:52 +02:00
(cherry picked from commit d10e4070ba
)
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
This commit is contained in:
parent
7d75aee495
commit
ce23928745
@ -54,6 +54,10 @@ func (a *Auth) IsValidReadToken(boardID string, readToken string) (bool, error)
|
|||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !a.config.EnablePublicSharedBoards {
|
||||||
|
return false, errors.New("public shared boards disabled")
|
||||||
|
}
|
||||||
|
|
||||||
if sharing != nil && (sharing.ID == boardID && sharing.Enabled && sharing.Token == readToken) {
|
if sharing != nil && (sharing.ID == boardID && sharing.Enabled && sharing.Token == readToken) {
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
@ -581,6 +581,35 @@ func TestPermissionsGetBoard(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPermissionsGetBoardPublic(t *testing.T) {
|
||||||
|
ttCases := []TestCase{
|
||||||
|
{"/boards/{PRIVATE_BOARD_ID}?read_token=invalid", methodGet, "", userAnon, http.StatusUnauthorized, 0},
|
||||||
|
{"/boards/{PRIVATE_BOARD_ID}?read_token=valid", methodGet, "", userAnon, http.StatusUnauthorized, 1},
|
||||||
|
{"/boards/{PRIVATE_BOARD_ID}?read_token=invalid", methodGet, "", userNoTeamMember, http.StatusForbidden, 0},
|
||||||
|
{"/boards/{PRIVATE_BOARD_ID}?read_token=valid", methodGet, "", userTeamMember, http.StatusForbidden, 1},
|
||||||
|
}
|
||||||
|
t.Run("plugin", func(t *testing.T) {
|
||||||
|
th := SetupTestHelperPluginMode(t)
|
||||||
|
defer th.TearDown()
|
||||||
|
cfg := th.Server.Config()
|
||||||
|
cfg.EnablePublicSharedBoards = false
|
||||||
|
th.Server.UpdateAppConfig()
|
||||||
|
clients := setupClients(th)
|
||||||
|
testData := setupData(t, th)
|
||||||
|
runTestCases(t, ttCases, testData, clients)
|
||||||
|
})
|
||||||
|
t.Run("local", func(t *testing.T) {
|
||||||
|
th := SetupTestHelperLocalMode(t)
|
||||||
|
defer th.TearDown()
|
||||||
|
cfg := th.Server.Config()
|
||||||
|
cfg.EnablePublicSharedBoards = false
|
||||||
|
th.Server.UpdateAppConfig()
|
||||||
|
clients := setupLocalClients(th)
|
||||||
|
testData := setupData(t, th)
|
||||||
|
runTestCases(t, ttCases, testData, clients)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestPermissionsPatchBoard(t *testing.T) {
|
func TestPermissionsPatchBoard(t *testing.T) {
|
||||||
ttCases := []TestCase{
|
ttCases := []TestCase{
|
||||||
{"/boards/{PRIVATE_BOARD_ID}", methodPatch, "{\"title\": \"test\"}", userAnon, http.StatusUnauthorized, 0},
|
{"/boards/{PRIVATE_BOARD_ID}", methodPatch, "{\"title\": \"test\"}", userAnon, http.StatusUnauthorized, 0},
|
||||||
|
Loading…
Reference in New Issue
Block a user