✨(backend) add subrequest auth view for collaboration server

We need to improve security on the access to The collaboration server We can use the same pattern as for media files leveraging the nginx subrequest feature.
2024-11-18 08:05:54 +01:00
parent 64674b6a73
commit 66553ee236
12 changed files with 118 additions and 18 deletions
--- a/src/backend/core/tests/documents/test_api_documents_retrieve.py
+++ b/src/backend/core/tests/documents/test_api_documents_retrieve.py
@@ -26,6 +26,7 @@ def test_api_documents_retrieve_anonymous_public():
            "ai_transform": document.link_role == "editor",
            "ai_translate": document.link_role == "editor",
            "attachment_upload": document.link_role == "editor",
+            "collaboration_auth": True,
            "destroy": False,
            # Anonymous user can't favorite a document even with read access
            "favorite": False,
@@ -89,6 +90,7 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
            "ai_transform": document.link_role == "editor",
            "ai_translate": document.link_role == "editor",
            "attachment_upload": document.link_role == "editor",
+            "collaboration_auth": True,
            "destroy": False,
            "favorite": True,
            "invite_owner": False,
--- a/src/backend/core/tests/test_models_documents.py
+++ b/src/backend/core/tests/test_models_documents.py
@@ -98,6 +98,7 @@ def test_models_documents_get_abilities_forbidden(is_authenticated, reach, role)
        "ai_transform": False,
        "ai_translate": False,
        "attachment_upload": False,
+        "collaboration_auth": False,
        "destroy": False,
        "favorite": False,
        "invite_owner": False,
@@ -134,6 +135,7 @@ def test_models_documents_get_abilities_reader(is_authenticated, reach):
        "ai_transform": False,
        "ai_translate": False,
        "attachment_upload": False,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": is_authenticated,
        "invite_owner": False,
@@ -170,6 +172,7 @@ def test_models_documents_get_abilities_editor(is_authenticated, reach):
        "ai_transform": True,
        "ai_translate": True,
        "attachment_upload": True,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": is_authenticated,
        "invite_owner": False,
@@ -195,6 +198,7 @@ def test_models_documents_get_abilities_owner():
        "ai_transform": True,
        "ai_translate": True,
        "attachment_upload": True,
+        "collaboration_auth": True,
        "destroy": True,
        "favorite": True,
        "invite_owner": True,
@@ -219,6 +223,7 @@ def test_models_documents_get_abilities_administrator():
        "ai_transform": True,
        "ai_translate": True,
        "attachment_upload": True,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": True,
        "invite_owner": False,
@@ -246,6 +251,7 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
        "ai_transform": True,
        "ai_translate": True,
        "attachment_upload": True,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": True,
        "invite_owner": False,
@@ -275,6 +281,7 @@ def test_models_documents_get_abilities_reader_user(django_assert_num_queries):
        "ai_transform": False,
        "ai_translate": False,
        "attachment_upload": False,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": True,
        "invite_owner": False,
@@ -305,6 +312,7 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
        "ai_transform": False,
        "ai_translate": False,
        "attachment_upload": False,
+        "collaboration_auth": True,
        "destroy": False,
        "favorite": True,
        "invite_owner": False,