ItsLastDay
commented
10 years ago I think I made it, but no idea how to test out. Which behaviour should I see?
Open sderickson opened 10 years ago
ItsLastDay
commented
10 years ago I think I made it, but no idea how to test out. Which behaviour should I see?
sderickson
commented
10 years ago Hi @ItsLastDay, sorry for the slow reply! The best way to test this is to write a unit test for it. I set it up now (there were some bugs with the server testing but they're done now). I ran the test and it looks like it's buggy. To run the test:
This should crash the test server with an error. The new test is here. It creates a level, adds broad permissions, removes them, then logs in as another user, then tries to post a new version from the version with broad permissions.
ItsLastDay
commented
10 years ago @sderickson, thank you for the test! When you originally posted it, I've checked it out and saw error. Unit testing is rather new to me, so it is a good experience. However, yesterday I failed to run it, even without changes in Handler.coffee it showed errors (something related to articles), so at the current state I think I can't manage to do updates in versioning system without significant digging. Maybe will come back when I have time!
Read up on Versioning and Permissions for this issue.
Currently it's possible to create a new version based on the permissions of any previous version of a given document, effectively making it impossible to actually revoke permissions on a versioned document. Fix the postNewVersion endpoint in /server/handlers/Handler.coffee to base permissions checking on the latest version rather than on the one passed in.