From 5832dc62ea3c786a3e76bc77c9c93a97e82d9e91 Mon Sep 17 00:00:00 2001 From: Oskar Hahn Date: Tue, 8 Oct 2024 21:54:37 +0200 Subject: [PATCH] Check organization/enabled_anonymous --- internal/restrict/collection/group_test.go | 1 + .../restrict/collection/mediafile_test.go | 1 + internal/restrict/collection/meeting.go | 10 +++--- .../collection/meeting_mediafile_test.go | 1 + internal/restrict/collection/meeting_test.go | 34 ++++++++++++++++++- internal/restrict/collection/mock_test.go | 2 ++ .../point_of_order_category_test.go | 2 +- internal/restrict/collection/tag_test.go | 2 +- internal/restrict/collection/user_test.go | 16 ++++----- internal/restrict/perm/perm.go | 10 ++++-- internal/restrict/restrict_test.go | 1 + 11 files changed, 62 insertions(+), 18 deletions(-) diff --git a/internal/restrict/collection/group_test.go b/internal/restrict/collection/group_test.go index 5847438f..5bf47a29 100644 --- a/internal/restrict/collection/group_test.go +++ b/internal/restrict/collection/group_test.go @@ -27,6 +27,7 @@ func TestGroupModeA(t *testing.T) { g.Modes("A"), true, `--- + organization/1/enable_anonymous: true group/1/meeting_id: 30 meeting/30/enable_anonymous: true `, diff --git a/internal/restrict/collection/mediafile_test.go b/internal/restrict/collection/mediafile_test.go index f5709d9e..4c28ea26 100644 --- a/internal/restrict/collection/mediafile_test.go +++ b/internal/restrict/collection/mediafile_test.go @@ -58,6 +58,7 @@ func TestMediafileModeA(t *testing.T) { m.Modes("A"), true, `--- + organization/1/enable_anonymous: true mediafile/1: owner_id: organization/1 published_to_meetings_in_organization_id: 1 diff --git a/internal/restrict/collection/meeting.go b/internal/restrict/collection/meeting.go index 3ef63252..d61ec80a 100644 --- a/internal/restrict/collection/meeting.go +++ b/internal/restrict/collection/meeting.go @@ -13,7 +13,7 @@ import ( // // The user can see a meeting if one of the following is True: // -// `meeting/enable_anonymous`. +// `meeting/enable_anonymous` and organization/1/enable_anonymous. // The user is in the meeting. // The user has the CML can_manage of the meeting's committee. // The user has the CML can_manage of any meeting and the meeting is a template meeting. @@ -76,10 +76,12 @@ func (m Meeting) see(ctx context.Context, ds *dsfetch.Fetch, meetingIDs ...int) } lockedMeetings := make([]bool, len(meetingIDs)) - enabledAnonymous := make([]bool, len(meetingIDs)) + enabledMeetingAnonymous := make([]bool, len(meetingIDs)) + var enabledOrgaAnonymous bool + ds.Organization_EnableAnonymous(1).Lazy(&enabledOrgaAnonymous) for i, id := range meetingIDs { ds.Meeting_LockedFromInside(id).Lazy(&lockedMeetings[i]) - ds.Meeting_EnableAnonymous(id).Lazy(&enabledAnonymous[i]) + ds.Meeting_EnableAnonymous(id).Lazy(&enabledMeetingAnonymous[i]) } if err := ds.Execute(ctx); err != nil { @@ -136,7 +138,7 @@ LOOP_MEETINGS: continue } - if enabledAnonymous[i] || oml { + if (enabledOrgaAnonymous && enabledMeetingAnonymous[i]) || oml { allowed = append(allowed, meetingID) continue } diff --git a/internal/restrict/collection/meeting_mediafile_test.go b/internal/restrict/collection/meeting_mediafile_test.go index 8630f47f..63db442c 100644 --- a/internal/restrict/collection/meeting_mediafile_test.go +++ b/internal/restrict/collection/meeting_mediafile_test.go @@ -31,6 +31,7 @@ func TestMeetingMediafileModeA(t *testing.T) { m.Modes("A"), true, `--- + organization/1/enable_anonymous: true meeting_mediafile/1: meeting_id: 7 is_public: false diff --git a/internal/restrict/collection/meeting_test.go b/internal/restrict/collection/meeting_test.go index faedc33e..5ad56f77 100644 --- a/internal/restrict/collection/meeting_test.go +++ b/internal/restrict/collection/meeting_test.go @@ -40,7 +40,36 @@ func TestMeetingModeB(t *testing.T) { t, m.Modes("B"), true, - `meeting/30/enable_anonymous: true`, + `--- + meeting/30/enable_anonymous: true + organization/1/enable_anonymous: true + `, + withElementID(30), + ) + + testCase( + "anonymous enabled only in organization", + t, + m.Modes("B"), + false, + `--- + organization/1/enable_anonymous: true + meeting/30: + committee_id: 3 + `, + withElementID(30), + ) + + testCase( + "anonymous enabled only in meeting", + t, + m.Modes("B"), + false, + `--- + meeting/30: + enable_anonymous: true + committee_id: 3 + `, withElementID(30), ) @@ -50,6 +79,7 @@ func TestMeetingModeB(t *testing.T) { m.Modes("B"), false, `--- + organization/1/enable_anonymous: true meeting/30: enable_anonymous: true group_ids: [7] @@ -197,6 +227,7 @@ func TestMeetingModeB(t *testing.T) { m.Modes("B"), false, `--- + organization/1/enable_anonymous: true meeting/30: enable_anonymous: true group_ids: [7] @@ -242,6 +273,7 @@ func TestMeetingModeB(t *testing.T) { m.Modes("B"), false, ` + organization/1/enable_anonymous: true meeting/30: locked_from_inside: true enable_anonymous: true diff --git a/internal/restrict/collection/mock_test.go b/internal/restrict/collection/mock_test.go index 6ce52ef8..debd9a02 100644 --- a/internal/restrict/collection/mock_test.go +++ b/internal/restrict/collection/mock_test.go @@ -39,6 +39,8 @@ func testCase(name string, t *testing.T, f collection.FieldRestricter, expect bo o(&td) } + td.data[dskey.MustKey("organization/1/id")] = []byte("1") + if td.requestUserID != 0 { userIDKey, err := dskey.FromString(fmt.Sprintf("user/%d/id", td.requestUserID)) if err != nil { diff --git a/internal/restrict/collection/point_of_order_category_test.go b/internal/restrict/collection/point_of_order_category_test.go index c670955e..3c3e1e82 100644 --- a/internal/restrict/collection/point_of_order_category_test.go +++ b/internal/restrict/collection/point_of_order_category_test.go @@ -17,7 +17,6 @@ func TestPointOfOrderCategoryModeA(t *testing.T) { `--- point_of_order_category/1/meeting_id: 5 meeting/5: - enable_anonymous: false committee_id: 404 `, ) @@ -28,6 +27,7 @@ func TestPointOfOrderCategoryModeA(t *testing.T) { p.Modes("A"), true, `--- + organization/1/enable_anonymous: true point_of_order_category/1/meeting_id: 5 meeting/5: enable_anonymous: true diff --git a/internal/restrict/collection/tag_test.go b/internal/restrict/collection/tag_test.go index 5c0a00c7..658066e2 100644 --- a/internal/restrict/collection/tag_test.go +++ b/internal/restrict/collection/tag_test.go @@ -16,6 +16,7 @@ func TestTagModeA(t *testing.T) { true, `--- tag/1/meeting_id: 5 + organization/1/enable_anonymous: true meeting/5: enable_anonymous: true committee_id: 300 @@ -30,7 +31,6 @@ func TestTagModeA(t *testing.T) { `--- tag/1/meeting_id: 5 meeting/5: - enable_anonymous: false committee_id: 300 `, ) diff --git a/internal/restrict/collection/user_test.go b/internal/restrict/collection/user_test.go index 3624bb56..c445b182 100644 --- a/internal/restrict/collection/user_test.go +++ b/internal/restrict/collection/user_test.go @@ -559,14 +559,14 @@ func TestUserModeB(t *testing.T) { meeting_user/20: motion_submitter_ids: [4] meeting_id: 30 - + motion_submitter/4: motion_id: 7 - + motion/7: meeting_id: 30 state_id: 5 - + motion_state/5/id: 5 `, withRequestUser(1), @@ -588,11 +588,11 @@ func TestUserModeB(t *testing.T) { meeting_user/20: supported_motion_ids: [7] meeting_id: 30 - + motion/7: meeting_id: 30 state_id: 5 - + motion_state/5/id: 5 `, withRequestUser(1), @@ -614,7 +614,7 @@ func TestUserModeB(t *testing.T) { meeting_user/20: assignment_candidate_ids: [4] meeting_id: 30 - + assignment_candidate/4/assignment_id: 5 assignment/5/meeting_id: 30 `, @@ -637,7 +637,7 @@ func TestUserModeB(t *testing.T) { meeting_user/20: speaker_ids: [4] meeting_id: 30 - + speaker/4: list_of_speakers_id: 5 meeting_id: 30 @@ -674,7 +674,7 @@ func TestUserModeB(t *testing.T) { state: published meeting_id: 30 - meeting/30/enable_anonymous: true + meeting/30/id: 30 `, withRequestUser(1), withElementID(2), diff --git a/internal/restrict/perm/perm.go b/internal/restrict/perm/perm.go index f5aeab57..3e7e8cf7 100644 --- a/internal/restrict/perm/perm.go +++ b/internal/restrict/perm/perm.go @@ -85,11 +85,15 @@ func New(ctx context.Context, ds *dsfetch.Fetch, userID, meetingID int) (*Permis } func newAnonymous(ctx context.Context, ds *dsfetch.Fetch, meetingID int) (*Permission, error) { - enableAnonymous, err := ds.Meeting_EnableAnonymous(meetingID).Value(ctx) + enabledOrgaAnonymous, err := ds.Organization_EnableAnonymous(1).Value(ctx) if err != nil { - return nil, fmt.Errorf("checking anonymous enabled: %w", err) + return nil, fmt.Errorf("checking orga meeting enabled: %w", err) } - if !enableAnonymous { + enableMeetingAnonymous, err := ds.Meeting_EnableAnonymous(meetingID).Value(ctx) + if err != nil { + return nil, fmt.Errorf("checking anonymous meeting enabled: %w", err) + } + if !(enableMeetingAnonymous && enabledOrgaAnonymous) { return nil, nil } diff --git a/internal/restrict/restrict_test.go b/internal/restrict/restrict_test.go index ad7173dd..14dc24a7 100644 --- a/internal/restrict/restrict_test.go +++ b/internal/restrict/restrict_test.go @@ -12,6 +12,7 @@ import ( func TestRestrict(t *testing.T) { ctx := context.Background() ds := dsmock.Stub(dsmock.YAMLData(`--- + organization/1/enable_anonymous: true meeting: 30: enable_anonymous: true