Fixed a bug where deleting an attachment would cause a nil panic
This commit is contained in:
parent
c203d73b33
commit
dcec9511dc
3 changed files with 65 additions and 8 deletions
|
@ -20,19 +20,13 @@ import "code.vikunja.io/web"
|
||||||
|
|
||||||
// CanRead checks if the user can see an attachment
|
// CanRead checks if the user can see an attachment
|
||||||
func (ta *TaskAttachment) CanRead(a web.Auth) (bool, error) {
|
func (ta *TaskAttachment) CanRead(a web.Auth) (bool, error) {
|
||||||
t, err := GetTaskByIDSimple(ta.TaskID)
|
t := &Task{ID: ta.TaskID}
|
||||||
if err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
return t.CanRead(a)
|
return t.CanRead(a)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CanDelete checks if the user can delete an attachment
|
// CanDelete checks if the user can delete an attachment
|
||||||
func (ta *TaskAttachment) CanDelete(a web.Auth) (bool, error) {
|
func (ta *TaskAttachment) CanDelete(a web.Auth) (bool, error) {
|
||||||
t, err := GetTaskByIDSimple(ta.TaskID)
|
t := &Task{ID: ta.TaskID}
|
||||||
if err != nil {
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
return t.CanWrite(a)
|
return t.CanWrite(a)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -150,3 +150,61 @@ func TestTaskAttachment_Delete(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestTaskAttachment_Rights(t *testing.T) {
|
||||||
|
u := &User{ID: 1}
|
||||||
|
t.Run("Can Read", func(t *testing.T) {
|
||||||
|
t.Run("Allowed", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 1}
|
||||||
|
can, err := ta.CanRead(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.True(t, can)
|
||||||
|
})
|
||||||
|
t.Run("Forbidden", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 14}
|
||||||
|
can, err := ta.CanRead(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.False(t, can)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
t.Run("Can Delete", func(t *testing.T) {
|
||||||
|
t.Run("Allowed", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 1}
|
||||||
|
can, err := ta.CanDelete(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.True(t, can)
|
||||||
|
})
|
||||||
|
t.Run("Forbidden, no access", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 14}
|
||||||
|
can, err := ta.CanDelete(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.False(t, can)
|
||||||
|
})
|
||||||
|
t.Run("Forbidden, shared read only", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 15}
|
||||||
|
can, err := ta.CanDelete(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.False(t, can)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
t.Run("Can Create", func(t *testing.T) {
|
||||||
|
t.Run("Allowed", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 1}
|
||||||
|
can, err := ta.CanCreate(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.True(t, can)
|
||||||
|
})
|
||||||
|
t.Run("Forbidden, no access", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 14}
|
||||||
|
can, err := ta.CanCreate(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.False(t, can)
|
||||||
|
})
|
||||||
|
t.Run("Forbidden, shared read only", func(t *testing.T) {
|
||||||
|
ta := &TaskAttachment{TaskID: 15}
|
||||||
|
can, err := ta.CanCreate(u)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.False(t, can)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
@ -51,6 +51,11 @@ func (t *Task) CanRead(a web.Auth) (canRead bool, err error) {
|
||||||
return l.CanRead(a)
|
return l.CanRead(a)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CanWrite checks if a user has write access to a task
|
||||||
|
func (t *Task) CanWrite(a web.Auth) (canWrite bool, err error) {
|
||||||
|
return t.canDoTask(a)
|
||||||
|
}
|
||||||
|
|
||||||
// Helper function to check if a user can do stuff on a list task
|
// Helper function to check if a user can do stuff on a list task
|
||||||
func (t *Task) canDoTask(a web.Auth) (bool, error) {
|
func (t *Task) canDoTask(a web.Auth) (bool, error) {
|
||||||
// Get the task
|
// Get the task
|
||||||
|
|
Loading…
Reference in a new issue