-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Hide download action when file does not provide download permiss…
…ions This is not only a possibility for public shares but also for internal shares, the current code only "checked" public shares. This adds the same logic we use in the files app. Probably something to move to `@nextcloud/sharing` but for the moment lets just reuse here. Signed-off-by: Ferdinand Thiessen <[email protected]> [skip ci]
- Loading branch information
Showing
5 changed files
with
155 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
/** | ||
* SPDX-License: AGPL-3.0-or-later | ||
* SPDX-: Nextcloud GmbH and Nextcloud contributors | ||
*/ | ||
|
||
import type { User } from '@nextcloud/cypress' | ||
import { ShareType } from '@nextcloud/sharing' | ||
|
||
describe('Disable download button if forbidden', { testIsolation: true }, () => { | ||
let sharee: User | ||
|
||
before(() => { | ||
cy.createRandomUser().then((user) => { sharee = user }) | ||
cy.createRandomUser().then((user) => { | ||
// Upload test files | ||
cy.createFolder(user, '/Photos') | ||
cy.uploadFile(user, 'image1.jpg', 'image/jpeg', '/Photos/image1.jpg') | ||
|
||
cy.login(user) | ||
cy.createShare('/Photos', | ||
{ shareWith: sharee.userId, shareType: ShareType.User, attributes: [{ scope: 'permissions', key: 'download', value: false }] }, | ||
) | ||
cy.logout() | ||
}) | ||
}) | ||
|
||
beforeEach(() => { | ||
cy.login(sharee) | ||
cy.visit('/apps/files') | ||
cy.openFile('Photos') | ||
}) | ||
|
||
it('See the shared folder and images in files list', () => { | ||
cy.getFile('image1.jpg', { timeout: 10000 }) | ||
.should('contain', 'image1 .jpg') | ||
}) | ||
|
||
// TODO: Fix no-download files on server | ||
it.skip('See the image can be shown', () => { | ||
cy.getFile('image1.jpg').should('be.visible') | ||
cy.openFile('image1.jpg') | ||
cy.get('body > .viewer').should('be.visible') | ||
|
||
cy.get('body > .viewer', { timeout: 10000 }) | ||
.should('be.visible') | ||
.and('have.class', 'modal-mask') | ||
.and('not.have.class', 'icon-loading') | ||
}) | ||
|
||
it('See the title on the viewer header but not the Download nor the menu button', () => { | ||
cy.getFile('image1.jpg').should('be.visible') | ||
cy.openFile('image1.jpg') | ||
cy.get('body > .viewer .modal-header__name').should('contain', 'image1.jpg') | ||
|
||
cy.get('[role="dialog"]') | ||
.should('be.visible') | ||
.find('button[aria-label="Actions"]') | ||
.click() | ||
|
||
cy.get('[role="menu"]:visible') | ||
.find('button') | ||
.should('have.length', 2) | ||
.each(($el) => { | ||
expect($el.text()).to.match(/(Full screen|Open sidebar)/i) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/*! | ||
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors | ||
* SPDX-License-Identifier: AGPL-3.0-or-later | ||
*/ | ||
|
||
import type { FileInfo } from './fileUtils' | ||
|
||
/** | ||
* Check if download permissions are granted for a file | ||
* @param fileInfo The file info to check | ||
*/ | ||
export function canDownload(fileInfo: FileInfo) { | ||
// TODO: This should probably be part of `@nextcloud/sharing` | ||
// check share attributes | ||
const shareAttributes = JSON.parse(fileInfo.shareAttributes || '[]') | ||
|
||
if (shareAttributes && shareAttributes.length > 0) { | ||
const downloadAttribute = shareAttributes.find(({ scope, key }) => scope === 'permissions' && key === 'download') | ||
// We only forbid download if the attribute is *explicitly* set to 'false' | ||
return downloadAttribute?.value !== false | ||
} | ||
// otherwise return true (as the file needs read permission otherwise we would not have opened it) | ||
return true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters