Merge pull request #11666 from opf/bug/44850-capabilities-for-anonymous-user-are-not-available-via-api

Bug/44850 capabilities for anonymous user are not available via api
pull/11711/head
ulferts 2 years ago committed by GitHub
commit f155412bcc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 24
      app/models/capabilities/scopes/default.rb
  2. 8
      frontend/src/app/features/work-packages/components/wp-single-view-tabs/files-tab/op-files-tab.component.ts
  3. 2
      frontend/src/app/shared/components/storages/storage/storage.component.ts
  4. 41
      spec/models/capabilities/scopes/default_spec.rb

@ -40,10 +40,13 @@ module Capabilities::Scopes
UNION
#{default_sql_by_non_member}
UNION
#{default_sql_by_non_member_with_anonymous}
UNION
#{default_sql_by_admin}
) capabilities
SQL
# binding.pry
select('capabilities.*')
.from(capabilities_sql)
end
@ -117,6 +120,27 @@ module Capabilities::Scopes
WHERE enabled_modules.project_id IS NOT NULL OR "actions".module IS NULL
SQL
end
def default_sql_by_non_member_with_anonymous
<<~SQL.squish
SELECT DISTINCT
actions.id "action",
users.id principal_id,
projects.id context_id
FROM (#{Action.default.to_sql}) actions
JOIN "role_permissions" ON "role_permissions"."permission" = "actions"."permission"
JOIN "roles" ON "roles".id = "role_permissions".role_id AND roles.builtin = #{Role::BUILTIN_ANONYMOUS}
JOIN users ON users.type = '#{AnonymousUser.name}'
JOIN "projects"
ON "projects".active = true
AND "projects".public = true
LEFT OUTER JOIN enabled_modules
ON enabled_modules.project_id = projects.id
AND actions.module = enabled_modules.name
WHERE enabled_modules.project_id IS NOT NULL OR "actions".module IS NULL
SQL
end
end
end
end

@ -33,7 +33,6 @@ import {
} from '@angular/core';
import {
combineLatest,
merge,
Observable,
} from 'rxjs';
import {
@ -86,12 +85,7 @@ export class WorkPackageFilesTabComponent implements OnInit {
return;
}
// ToDo: Needs to be fixed after capabilities are available for anonymous user.
// https://community.openproject.org/projects/openproject/work_packages/44850/activity
const canViewFileLinks = merge(
this.currentUserService.isLoggedIn$.pipe(map((isLoggedIn) => !isLoggedIn)),
this.currentUserService.hasCapabilities$('file_links/view', project.id),
);
const canViewFileLinks = this.currentUserService.hasCapabilities$('file_links/view', project.id);
this.storages$ = this
.storagesResourceService

@ -201,8 +201,6 @@ export class StorageComponent extends UntilDestroyedMixin implements OnInit {
}
private instantiateStorageInformation(fileLinks:IFileLink[]):StorageInformationBox[] {
// ToDo: Replace with anonymous user capabilities check.
// https://community.openproject.org/projects/openproject/work_packages/44850/activity
if (!this.isLoggedIn) {
return [];
}

@ -35,6 +35,7 @@ describe Capabilities::Scopes::Default, type: :model do
let(:permissions) { %i[] }
let(:global_permissions) { %i[] }
let(:non_member_permissions) { %i[] }
let(:anonymous_permissions) { %i[] }
let(:project_public) { false }
let(:project_active) { true }
let!(:project) { create(:project, public: project_public, active: project_active) }
@ -63,6 +64,10 @@ describe Capabilities::Scopes::Default, type: :model do
create(:non_member,
permissions: non_member_permissions)
end
let(:anonymous_role) do
create(:anonymous_role,
permissions: anonymous_permissions)
end
let(:own_role) { create(:role, permissions: []) }
let(:own_member) do
create(:member,
@ -180,6 +185,42 @@ describe Capabilities::Scopes::Default, type: :model do
end
end
context 'with the anonymous role having the action permission in a public project' do
let(:anonymous_permissions) { %i[view_members] }
let(:project_public) { true }
let(:members) { [anonymous_role] }
it_behaves_like 'is empty'
end
context 'with the anonymous user with an action permission' do
let(:anonymous_permissions) { %i[view_members] }
let!(:user) { create(:anonymous) }
let(:members) { [anonymous_role] }
context 'with the project being private' do
it_behaves_like 'is empty'
end
context 'with the anonymous role not having the permission' do
let(:anonymous_permissions) { %i[] }
it_behaves_like 'is empty'
end
context 'with the project being public' do
let(:project_public) { true }
it_behaves_like 'consists of contract actions' do
let(:expected) do
[
['memberships/read', user.id, project.id]
]
end
end
end
end
context 'with a member without a permission and with the non member having a permission' do
let(:non_member_permissions) { %i[view_members] }
let(:members) { [member, non_member_role] }

Loading…
Cancel
Save