self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-02-07 19:30:04 +02:00
Code Issues Releases Activity

Server: Do not allow accepting share more than once

Browse Source
This commit is contained in:
Laurent Cozic 2021-09-26 12:37:07 +01:00
parent 1df2d8d7af
commit 57a1d03b4b
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/server/src/models/ShareUserModel.ts
View File

@ -1,5 +1,5 @@
import { Item, Share, ShareType, ShareUser, ShareUserStatus, User, Uuid } from '../services/database/types'; import { Item, Share, ShareType, ShareUser, ShareUserStatus, User, Uuid } from '../services/database/types';
import { ErrorForbidden, ErrorNotFound } from '../utils/errors'; import { ErrorBadRequest, ErrorForbidden, ErrorNotFound } from '../utils/errors';
import BaseModel, { AclAction, DeleteOptions } from './BaseModel'; import BaseModel, { AclAction, DeleteOptions } from './BaseModel';
import { getCanShareFolder } from './utils/user'; import { getCanShareFolder } from './utils/user';
@ -117,6 +117,8 @@ export default class ShareUserModel extends BaseModel<ShareUser> {
const shareUser = await this.byShareAndUserId(shareId, userId); const shareUser = await this.byShareAndUserId(shareId, userId);
if (!shareUser) throw new ErrorNotFound(`Item has not been shared with this user: ${shareId} / ${userId}`); if (!shareUser) throw new ErrorNotFound(`Item has not been shared with this user: ${shareId} / ${userId}`);
if (shareUser.status === status) throw new ErrorBadRequest(`Share ${shareId} status is already ${status}`);
const share = await this.models().share().load(shareId); const share = await this.models().share().load(shareId);
if (!share) throw new ErrorNotFound(`No such share: ${shareId}`); if (!share) throw new ErrorNotFound(`No such share: ${shareId}`);

17
packages/server/src/routes/api/share_users.test.ts
View File

@ -1,8 +1,8 @@
import { ShareType, ShareUserStatus } from '../../services/database/types'; import { ShareType, ShareUserStatus } from '../../services/database/types';
import { beforeAllDb, afterAllTests, beforeEachDb, createUserAndSession, models, createItemTree, expectHttpError } from '../../utils/testing/testUtils'; import { beforeAllDb, afterAllTests, beforeEachDb, createUserAndSession, models, createItemTree, expectHttpError } from '../../utils/testing/testUtils';
import { getApi, patchApi } from '../../utils/testing/apiUtils'; import { getApi, patchApi } from '../../utils/testing/apiUtils';
import { shareWithUserAndAccept } from '../../utils/testing/shareApiUtils'; import { shareFolderWithUser, shareWithUserAndAccept } from '../../utils/testing/shareApiUtils';
import { ErrorForbidden } from '../../utils/errors'; import { ErrorBadRequest, ErrorForbidden } from '../../utils/errors';
import { PaginatedResults } from '../../models/utils/pagination'; import { PaginatedResults } from '../../models/utils/pagination';
describe('share_users', function() { describe('share_users', function() {
@ -53,4 +53,17 @@ describe('share_users', function() {
await expectHttpError(async () => patchApi(session1.id, `share_users/${shareUser.id}`, { status: ShareUserStatus.Accepted }), ErrorForbidden.httpCode); await expectHttpError(async () => patchApi(session1.id, `share_users/${shareUser.id}`, { status: ShareUserStatus.Accepted }), ErrorForbidden.httpCode);
}); });
test('should not allow accepting a share twice or more', async function() {
const { session: session1 } = await createUserAndSession(1);
const { session: session2 } = await createUserAndSession(2);
const { shareUser } = await shareFolderWithUser(session1.id, session2.id, '000000000000000000000000000000F1', {
'000000000000000000000000000000F1': {
'00000000000000000000000000000001': null,
},
});
await expectHttpError(async () => patchApi(session2.id, `share_users/${shareUser.id}`, { status: ShareUserStatus.Accepted }), ErrorBadRequest.httpCode);
});
}); });