Merge pull request #49143 from nextcloud/fix/view-in-folder-conditions

2024-11-09 12:01:48 +07:00 · 2024-11-09 12:01:48 +07:00 · 858d24aeab
parent 4a2091ecb7 6b76c7c7a0
commit 858d24aeab
8 changed files with 105 additions and 9 deletions
--- a/apps/files/src/actions/viewInFolderAction.spec.ts
+++ b/apps/files/src/actions/viewInFolderAction.spec.ts
@ -109,6 +109,18 @@ describe('View in folder action enabled tests', () => {
 		expect(action.enabled).toBeDefined()
 		expect(action.enabled!([folder], view)).toBe(false)
 	})
+
+	test('Disabled for files outside the user root folder', () => {
+		const file = new Folder({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878',
+			owner: 'admin',
+			permissions: Permission.READ,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(false)
+	})
 })

 describe('View in folder action execute tests', () => {
--- a/apps/files/src/actions/viewInFolderAction.ts
+++ b/apps/files/src/actions/viewInFolderAction.ts
@ -36,6 +36,11 @@ export const action = new FileAction({
 			return false
 		}

+		// Can only view files that are in the user root folder
+		if (!node.root?.startsWith('/files')) {
+			return false
+		}
+
 		if (node.permissions === Permission.NONE) {
 			return false
 		}
--- a/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
@ -0,0 +1,74 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import { File, Folder, Permission, View, FileAction } from '@nextcloud/files'
+import { describe, expect, test } from 'vitest'
+import { action } from './bulkSystemTagsAction'
+
+const view = {
+	id: 'files',
+	name: 'Files',
+} as View
+
+describe('Manage tags action conditions tests', () => {
+	test('Default values', () => {
+		expect(action).toBeInstanceOf(FileAction)
+		expect(action.id).toBe('systemtags:bulk')
+		expect(action.displayName([], view)).toBe('Manage tags')
+		expect(action.iconSvgInline([], view)).toMatch(/<svg.+<\/svg>/)
+		expect(action.default).toBeUndefined()
+		expect(action.order).toBe(undefined)
+		expect(action.enabled).toBeDefined()
+	})
+})
+
+describe('Manage tags action enabled tests', () => {
+	test('Disabled without permissions', () => {
+		const file1 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.NONE,
+		})
+
+		const file2 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.UPDATE,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file1, file2], view)).toBe(false)
+		expect(action.enabled!([file1], view)).toBe(false)
+		expect(action.enabled!([file2], view)).toBe(true)
+	})
+
+	test('Disabled for non-dav ressources', () => {
+		const file = new File({
+			id: 1,
+			source: 'https://domain.com/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(false)
+	})
+
+	test('Enabled for files outside the user root folder', () => {
+		const file = new Folder({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878',
+			owner: 'admin',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(true)
+	})
+})
--- a/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
@ -2,7 +2,7 @@
 * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
-import { type Node } from '@nextcloud/files'
+import { Permission, type Node } from '@nextcloud/files'

 import { defineAsyncComponent } from 'vue'
 import { FileAction } from '@nextcloud/files'
@ -38,8 +38,13 @@ export const action = new FileAction({
 			return false
 		}

-		// If the user is not logged in, the action is not available
-		return true
+		// Disabled for non dav resources
+		if (nodes.some((node) => !node.isDavRessource)) {
+			return false
+		}
+
+		// We need to have the update permission on all nodes
+		return !nodes.some((node) => (node.permissions & Permission.UPDATE) === 0)
 	},

 	async exec(node: Node) {
--- a/dist/files-init.js
+++ b/dist/files-init.js
--- a/dist/files-init.js.map
+++ b/dist/files-init.js.map
--- a/dist/systemtags-init.js
+++ b/dist/systemtags-init.js
--- a/dist/systemtags-init.js.map
+++ b/dist/systemtags-init.js.map