mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 17:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

security: Enable authorize plugins to grant read-only access

Browse source
This commit is contained in:
Richard Hansen 2020-09-19 15:30:04 -04:00 committed by John McLear
parent 505d67ed1c
commit 180983736d
5 changed files with 41 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

22
tests/backend/specs/socketio.js
View file

@ -252,7 +252,7 @@ describe('socket.io access checks', function() {
assert.equal(clientVars.data.readonly, false);
});
it("level='modify' -> can modify", async () => {
const pad = await padManager.getPad('pad'); // Create the pad.
await padManager.getPad('pad'); // Create the pad.
authorize = () => 'modify';
settings.requireAuthentication = true;
settings.requireAuthorization = true;
@ -282,4 +282,24 @@ describe('socket.io access checks', function() {
const message = await handshake(socket, 'pad');
assert.equal(message.accessStatus, 'deny');
});
it("level='readOnly' -> unable to create", async () => {
authorize = () => 'readOnly';
settings.requireAuthentication = true;
settings.requireAuthorization = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
socket = await connect(res);
const message = await handshake(socket, 'pad');
assert.equal(message.accessStatus, 'deny');
});
it("level='readOnly' -> unable to modify", async () => {
await padManager.getPad('pad'); // Create the pad.
authorize = () => 'readOnly';
settings.requireAuthentication = true;
settings.requireAuthorization = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
socket = await connect(res);
const clientVars = await handshake(socket, 'pad');
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
});