Skip to content

Commit 3b5fe8c

Browse files
authored
Merge pull request #484 from pryv/fix/reuse-deleted-streamIds-auth
Fix/reuse deleted stream ids auth
2 parents 1dc1c14 + fc1b2f8 commit 3b5fe8c

File tree

3 files changed

+26
-21
lines changed

3 files changed

+26
-21
lines changed

components/api-server/src/methods/accesses.js

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -523,11 +523,9 @@ module.exports = async function produceAccessesApiMethods (api) {
523523
let permissionStream;
524524
async.series([
525525
async function checkId () {
526-
// NOT-OPTIMIZED: could return only necessary fields
527-
const existingStreamArray = await mall.streams.get(context.user.id, { id: permission.streamId });
528-
if (existingStreamArray.length === 1) {
529-
permissionStream = existingStreamArray[0];
530-
permission.name = permissionStream.name;
526+
const existingStream = await mall.streams.getOneWithNoChildren(context.user.id, permission.streamId);
527+
if (existingStream != null) {
528+
permission.name = existingStream.name;
531529
delete permission.defaultName;
532530
}
533531
},

components/api-server/test/accesses-personal.test.js

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,11 @@ describe('accesses (personal)', function () {
205205
level: 'contribute',
206206
defaultName: 'Trashed stream to restore (this should be ignored)'
207207
},
208+
{
209+
streamId: testData.streams[4].id,
210+
level: 'read',
211+
defaultName: 'Deleted stream must be recreated'
212+
},
208213
{
209214
streamId: '*',
210215
level: 'read',
@@ -230,6 +235,7 @@ describe('accesses (personal)', function () {
230235
delete expected.permissions[1].defaultName;
231236
delete expected.permissions[2].defaultName;
232237
delete expected.permissions[3].defaultName;
238+
delete expected.permissions[4].defaultName;
233239
expected.created = res.body.access.created;
234240
expected.createdBy = res.body.access.createdBy;
235241
expected.modified = res.body.access.modified;
@@ -241,13 +247,15 @@ describe('accesses (personal)', function () {
241247
});
242248
},
243249
async function verifyNewStream () {
244-
const streams = await mall.streams.get(user.id, {
245-
id: data.permissions[1].streamId
246-
});
247-
should.exist(streams[0]);
248-
const stream = streams[0];
249-
validation.checkStoredItem(stream, 'stream');
250-
stream.name.should.eql(data.permissions[1].defaultName);
250+
const newStream = await mall.streams.getOneWithNoChildren(user.id, data.permissions[1].streamId);
251+
should.exist(newStream);
252+
validation.checkStoredItem(newStream, 'stream');
253+
newStream.name.should.eql(data.permissions[1].defaultName);
254+
255+
const undeletedStream = await mall.streams.getOneWithNoChildren(user.id, data.permissions[3].streamId);
256+
should.exist(undeletedStream);
257+
validation.checkStoredItem(undeletedStream, 'stream');
258+
undeletedStream.name.should.eql(data.permissions[3].defaultName);
251259
},
252260
async function verifyRestoredStream () {
253261
const streams = await mall.streams.get(user.id, {
@@ -649,17 +657,19 @@ describe('accesses (personal)', function () {
649657
streamId: 'new-stream',
650658
level: 'manage',
651659
defaultName: 'The New Stream, Sir.'
660+
},
661+
{
662+
streamId: testData.streams[4].id,
663+
level: 'read',
664+
defaultName: 'Undeleted stream'
652665
}
653666
]
654667
};
655668
req()
656669
.post(path)
657670
.send(data)
658671
.end(function (res) {
659-
validation.check(res, {
660-
status: 200,
661-
schema: methodsSchema.checkApp.result
662-
});
672+
validation.check(res, { status: 200, schema: methodsSchema.checkApp.result });
663673
should.exist(res.body.checkedPermissions);
664674
const expected = _.cloneDeep(data.requestedPermissions);
665675
expected[0].name = testData.streams[0].name;

components/storage/src/localDataStore/localUserStreams.js

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -50,16 +50,13 @@ module.exports = ds.createUserStreams({
5050
}
5151

5252
if (stream == null) return null;
53-
if (stream.deleted) return null;
5453

5554
// filtering ---
5655
if (!query.includeTrashed) {
5756
if (stream.trashed) return null;
5857
// i.e. === 'default' (return non-trashed items)
5958
stream.children = treeUtils.filterTree(stream.children, false /* no orphans */, (stream) => !stream.trashed);
6059
}
61-
// return non-deleted items
62-
stream.children = treeUtils.filterTree(stream.children, false /* no orphans */, (stream) => stream.deleted == null);
6360
return stream;
6461
},
6562

@@ -87,7 +84,7 @@ module.exports = ds.createUserStreams({
8784
async create (userId, streamData) {
8885
// as we have mixed deletions and non deleted in the same table
8986
// remove eventual deleted items matching this id.
90-
const deletedStreams = await this.getDeletions(userId, Number.MIN_SAFE_INTEGER);
87+
const deletedStreams = await this.getDeletions(userId, { deletedSince: Number.MIN_SAFE_INTEGER });
9188
const deletedStream = deletedStreams.filter(s => s.id === streamData.id);
9289
if (deletedStream.length > 0) {
9390
await bluebird.fromCallback((cb) => this.userStreamsStorage.removeOne({ id: userId }, { id: deletedStream[0].id }, cb));
@@ -121,7 +118,7 @@ module.exports = ds.createUserStreams({
121118
if (allStreamsForAccount != null) return allStreamsForAccount;
122119

123120
// get from DB
124-
allStreamsForAccount = await bluebird.fromCallback((cb) => this.userStreamsStorage.findIncludingDeletionsAndVersions({ id: userId }, {}, null, cb));
121+
allStreamsForAccount = await bluebird.fromCallback((cb) => this.userStreamsStorage.find({ id: userId }, {}, null, cb));
125122
// add system streams
126123
allStreamsForAccount = allStreamsForAccount.concat(visibleStreamsTree);
127124
cache.setStreams(userId, 'local', allStreamsForAccount);

0 commit comments

Comments
 (0)