Fixed a bug where deleting an attachment would cause a nil panic

This commit is contained in:
kolaente 2019-11-19 23:07:48 +01:00
parent c203d73b33
commit dcec9511dc
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
3 changed files with 65 additions and 8 deletions

View file

@ -20,19 +20,13 @@ import "code.vikunja.io/web"
// CanRead checks if the user can see an attachment // CanRead checks if the user can see an attachment
func (ta *TaskAttachment) CanRead(a web.Auth) (bool, error) { func (ta *TaskAttachment) CanRead(a web.Auth) (bool, error) {
t, err := GetTaskByIDSimple(ta.TaskID) t := &Task{ID: ta.TaskID}
if err != nil {
return false, err
}
return t.CanRead(a) return t.CanRead(a)
} }
// CanDelete checks if the user can delete an attachment // CanDelete checks if the user can delete an attachment
func (ta *TaskAttachment) CanDelete(a web.Auth) (bool, error) { func (ta *TaskAttachment) CanDelete(a web.Auth) (bool, error) {
t, err := GetTaskByIDSimple(ta.TaskID) t := &Task{ID: ta.TaskID}
if err != nil {
return false, err
}
return t.CanWrite(a) return t.CanWrite(a)
} }

View file

@ -150,3 +150,61 @@ func TestTaskAttachment_Delete(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
}) })
} }
func TestTaskAttachment_Rights(t *testing.T) {
u := &User{ID: 1}
t.Run("Can Read", func(t *testing.T) {
t.Run("Allowed", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 1}
can, err := ta.CanRead(u)
assert.NoError(t, err)
assert.True(t, can)
})
t.Run("Forbidden", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 14}
can, err := ta.CanRead(u)
assert.NoError(t, err)
assert.False(t, can)
})
})
t.Run("Can Delete", func(t *testing.T) {
t.Run("Allowed", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 1}
can, err := ta.CanDelete(u)
assert.NoError(t, err)
assert.True(t, can)
})
t.Run("Forbidden, no access", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 14}
can, err := ta.CanDelete(u)
assert.NoError(t, err)
assert.False(t, can)
})
t.Run("Forbidden, shared read only", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 15}
can, err := ta.CanDelete(u)
assert.NoError(t, err)
assert.False(t, can)
})
})
t.Run("Can Create", func(t *testing.T) {
t.Run("Allowed", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 1}
can, err := ta.CanCreate(u)
assert.NoError(t, err)
assert.True(t, can)
})
t.Run("Forbidden, no access", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 14}
can, err := ta.CanCreate(u)
assert.NoError(t, err)
assert.False(t, can)
})
t.Run("Forbidden, shared read only", func(t *testing.T) {
ta := &TaskAttachment{TaskID: 15}
can, err := ta.CanCreate(u)
assert.NoError(t, err)
assert.False(t, can)
})
})
}

View file

@ -51,6 +51,11 @@ func (t *Task) CanRead(a web.Auth) (canRead bool, err error) {
return l.CanRead(a) return l.CanRead(a)
} }
// CanWrite checks if a user has write access to a task
func (t *Task) CanWrite(a web.Auth) (canWrite bool, err error) {
return t.canDoTask(a)
}
// Helper function to check if a user can do stuff on a list task // Helper function to check if a user can do stuff on a list task
func (t *Task) canDoTask(a web.Auth) (bool, error) { func (t *Task) canDoTask(a web.Auth) (bool, error) {
// Get the task // Get the task