diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e69333c..1651a99f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ and this project adheres to ## Changed - ♻️(frontend) list accesses if user has abilities #376 +- 👔(backend) doc restricted by default #388 ## Fixed diff --git a/src/backend/core/migrations/0008_alter_document_link_reach.py b/src/backend/core/migrations/0008_alter_document_link_reach.py new file mode 100644 index 00000000..001269af --- /dev/null +++ b/src/backend/core/migrations/0008_alter_document_link_reach.py @@ -0,0 +1,18 @@ +# Generated by Django 5.1.2 on 2024-10-25 11:41 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('core', '0007_fix_users_duplicate'), + ] + + operations = [ + migrations.AlterField( + model_name='document', + name='link_reach', + field=models.CharField(choices=[('restricted', 'Restricted'), ('authenticated', 'Authenticated'), ('public', 'Public')], default='restricted', max_length=20), + ), + ] diff --git a/src/backend/core/models.py b/src/backend/core/models.py index 9e5f02a7..c8080b43 100644 --- a/src/backend/core/models.py +++ b/src/backend/core/models.py @@ -336,7 +336,7 @@ class Document(BaseModel): link_reach = models.CharField( max_length=20, choices=LinkReachChoices.choices, - default=LinkReachChoices.AUTHENTICATED, + default=LinkReachChoices.RESTRICTED, ) link_role = models.CharField( max_length=20, choices=LinkRoleChoices.choices, default=LinkRoleChoices.READER diff --git a/src/backend/core/tests/documents/test_api_documents_create.py b/src/backend/core/tests/documents/test_api_documents_create.py index 57ff4455..151724e0 100644 --- a/src/backend/core/tests/documents/test_api_documents_create.py +++ b/src/backend/core/tests/documents/test_api_documents_create.py @@ -47,6 +47,7 @@ def test_api_documents_create_authenticated_success(): assert response.status_code == 201 document = Document.objects.get() assert document.title == "my document" + assert document.link_reach == "restricted" assert document.accesses.filter(role="owner", user=user).exists() diff --git a/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts b/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts index 148a7457..ede359b6 100644 --- a/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts +++ b/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts @@ -40,20 +40,20 @@ test.describe('Doc Visibility', () => { name: 'Visibility', }); - await expect(selectVisibility.getByText('Authenticated')).toBeVisible(); + await expect(selectVisibility.getByText('Restricted')).toBeVisible(); - await expect(page.getByLabel('Read only')).toBeVisible(); - await expect(page.getByLabel('Can read and edit')).toBeVisible(); + await expect(page.getByLabel('Read only')).toBeHidden(); + await expect(page.getByLabel('Can read and edit')).toBeHidden(); await selectVisibility.click(); await page .getByRole('option', { - name: 'Restricted', + name: 'Authenticated', }) .click(); - await expect(page.getByLabel('Read only')).toBeHidden(); - await expect(page.getByLabel('Can read and edit')).toBeHidden(); + await expect(page.getByLabel('Read only')).toBeVisible(); + await expect(page.getByLabel('Can read and edit')).toBeVisible(); await selectVisibility.click(); @@ -87,26 +87,6 @@ test.describe('Doc Visibility: Restricted', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); - await page.getByRole('button', { name: 'Share' }).click(); - await page - .getByRole('combobox', { - name: 'Visibility', - }) - .click(); - await page - .getByRole('option', { - name: 'Restricted', - }) - .click(); - - await expect( - page.getByText('The document visibility has been updated.'), - ).toBeVisible(); - - await page.locator('.c__modal__backdrop').click({ - position: { x: 0, y: 0 }, - }); - const urlDoc = page.url(); await page @@ -133,26 +113,6 @@ test.describe('Doc Visibility: Restricted', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); - await page.getByRole('button', { name: 'Share' }).click(); - await page - .getByRole('combobox', { - name: 'Visibility', - }) - .click(); - await page - .getByRole('option', { - name: 'Restricted', - }) - .click(); - - await expect( - page.getByText('The document visibility has been updated.'), - ).toBeVisible(); - - await page.locator('.c__modal__backdrop').click({ - position: { x: 0, y: 0 }, - }); - const urlDoc = page.url(); await page @@ -182,20 +142,6 @@ test.describe('Doc Visibility: Restricted', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); await page.getByRole('button', { name: 'Share' }).click(); - await page - .getByRole('combobox', { - name: 'Visibility', - }) - .click(); - await page - .getByRole('option', { - name: 'Restricted', - }) - .click(); - - await expect( - page.getByText('The document visibility has been updated.'), - ).toBeVisible(); const inputSearch = page.getByLabel(/Find a member to add to the document/); @@ -389,6 +335,26 @@ test.describe('Doc Visibility: Authenticated', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); + await page.getByRole('button', { name: 'Share' }).click(); + await page + .getByRole('combobox', { + name: 'Visibility', + }) + .click(); + await page + .getByRole('option', { + name: 'Authenticated', + }) + .click(); + + await expect( + page.getByText('The document visibility has been updated.'), + ).toBeVisible(); + + await page.locator('.c__modal__backdrop').click({ + position: { x: 0, y: 0 }, + }); + const urlDoc = page.url(); await page @@ -421,6 +387,26 @@ test.describe('Doc Visibility: Authenticated', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); + await page.getByRole('button', { name: 'Share' }).click(); + await page + .getByRole('combobox', { + name: 'Visibility', + }) + .click(); + await page + .getByRole('option', { + name: 'Authenticated', + }) + .click(); + + await expect( + page.getByText('The document visibility has been updated.'), + ).toBeVisible(); + + await page.locator('.c__modal__backdrop').click({ + position: { x: 0, y: 0 }, + }); + const urlDoc = page.url(); await page @@ -467,6 +453,26 @@ test.describe('Doc Visibility: Authenticated', () => { await expect(page.getByRole('heading', { name: docTitle })).toBeVisible(); + await page.getByRole('button', { name: 'Share' }).click(); + await page + .getByRole('combobox', { + name: 'Visibility', + }) + .click(); + await page + .getByRole('option', { + name: 'Authenticated', + }) + .click(); + + await expect( + page.getByText('The document visibility has been updated.'), + ).toBeVisible(); + + await page.locator('.c__modal__backdrop').click({ + position: { x: 0, y: 0 }, + }); + const urlDoc = page.url(); await page.getByRole('button', { name: 'Share' }).click();