fix(sensitiveEntrance): allow visitor to view sensitive entrance

GrottoCenter · Jun 3, 2022 · a891ea4 · a891ea4
1 parent 070531c
commit a891ea4
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 70 deletions.
diff --git a/api/helpers/remove-sensitive-entrances.js b/api/helpers/remove-sensitive-entrances.js
@@ -2,23 +2,13 @@ const ramda = require('ramda');
 const RightService = require('../services/RightService');
 const getAllPaths = require('../utils/getAllPaths');
 
-const cleanEntrance = (
-  entrance,
-  hasLimitedViewRight,
-  entrancePathsToDelete,
-  keys,
-  idx
-) => {
+const cleanEntrance = (entrance) => {
   if (entrance.isSensitive) {
-    if (hasLimitedViewRight) {
-      /* eslint-disable no-param-reassign */
-      delete entrance.locations;
-      delete entrance.longitude;
-      delete entrance.latitude;
-      /* eslint-enable no-param-reassign */
-    } else {
-      entrancePathsToDelete.push([...keys, idx]);
-    }
+    /* eslint-disable no-param-reassign */
+    delete entrance.locations;
+    delete entrance.longitude;
+    delete entrance.latitude;
+    /* eslint-enable no-param-reassign */
   }
 };
 
@@ -62,18 +52,6 @@ module.exports = {
         )
       : false;
 
-    const hasLimitedViewRight = req.token
-      ? await checkRight({
-          groups: req.token.groups,
-          rightEntity: RightService.RightEntities.ENTRANCE,
-          rightAction: RightService.RightActions.VIEW_LIMITED,
-        }).tolerate('rightNotFound', () =>
-          sails.log.error(
-            'A server error occured when checking your right to have a limited view of a sensitive entrance.'
-          )
-        )
-      : false;
-
     if (!hasCompleteViewRight) {
       const entrancePathsToDelete = [];
       // "entrances" values are array: we need to iterate on them
@@ -86,13 +64,7 @@ module.exports = {
         // Iterate over entrances in list
         for (let idx = 0; idx < entranceList.length; idx += 1) {
           const entrance = entranceList[idx];
-          cleanEntrance(
-            entrance,
-            hasLimitedViewRight,
-            entrancePathsToDelete,
-            keys,
-            idx
-          );
+          cleanEntrance(entrance);
         }
       }
 
@@ -102,12 +74,7 @@ module.exports = {
       for (const path of entrancePaths) {
         const keys = path.split('.');
         const entrance = ramda.pathOr({}, keys, resultData);
-        cleanEntrance(
-          entrance,
-          hasLimitedViewRight,
-          entrancePathsToDelete,
-          keys
-        );
+        cleanEntrance(entrance);
       }
 
       // Perform deletions

diff --git a/sql/2_2021_09_22_2_rights.sql b/sql/2_2021_09_22_2_rights.sql
@@ -14,7 +14,6 @@ VALUES (1, 'Application - view any', NULL),
     (12, 'Caver - delete any', NULL),
     (13, 'Entrance - view complete', NULL),
     (14, 'Caver - view complete', NULL),
-    (19, 'Entrance - view any', NULL),
     (20, 'Entrance - edit any', NULL),
     (21, 'Entrance - delete any', NULL),
     (22, 'Organization - view any', NULL),

diff --git a/sql/2_2021_09_22_3_groups_rights.sql b/sql/2_2021_09_22_3_groups_rights.sql
@@ -38,7 +38,6 @@ VALUES (1, 2),
     (3, 7),
     (3, 8),
     (3, 10),
-    (3, 19),
     (3, 20),
     (3, 22),
     (3, 23),

diff --git a/test/fixtures/tgroup.json b/test/fixtures/tgroup.json
@@ -15,7 +15,7 @@
     "id": 3,
     "name": "User",
     "comments": "Default users group",
-    "rights": [5, 8, 20, 23, 29, 30, 35, 50, 79, 80, 83, 87, 91, 100, 106, 111]
+    "rights": [5, 8, 20, 23, 29, 30, 35, 50, 79, 80, 83, 91, 100, 106, 111]
   },
   {
     "id": 4,

diff --git a/test/fixtures/tright.json b/test/fixtures/tright.json
@@ -55,10 +55,6 @@
     "id": 14,
     "name": "Caver - view complete"
   },
-  {
-    "id": 19,
-    "name": "Entrance - view any"
-  },
   {
     "id": 20,
     "name": "Entrance - edit any"

diff --git a/test/integration/3_helpers/RemoveSensitiveEntrances.test.js b/test/integration/3_helpers/RemoveSensitiveEntrances.test.js
@@ -23,13 +23,17 @@ describe('RemoveSensitiveEntrances helper', () => {
     should(res).deepEqual(sensitiveEntrancesTestData);
   });
 
-  it('should remove coordinates of sensitive entrances for an user', async () => {
-    const res = await removeSensitiveEntrances({
+  it('should remove coordinates of sensitive entrances for an user and a visitor', async () => {
+    const resUser = await removeSensitiveEntrances({
       req: userReq,
       data: sensitiveEntrancesTestData,
     });
+    const resVisitor = await removeSensitiveEntrances({
+      req: visitorReq,
+      data: sensitiveEntrancesTestData,
+    });
 
-    should(res).deepEqual({
+    const expectedResult = {
       ...sensitiveEntrancesTestData,
       entrances: [{ id: 1, isSensitive: true }, { id: 2 }],
       caves: [
@@ -47,25 +51,9 @@ describe('RemoveSensitiveEntrances helper', () => {
         id: 4,
         isSensitive: true,
       },
-    });
-  });
-
-  it('should remove all sensitive entrances for a visitor', async () => {
-    const res = await removeSensitiveEntrances({
-      req: visitorReq,
-      data: sensitiveEntrancesTestData,
-    });
+    };
 
-    should(res).deepEqual({
-      ...sensitiveEntrancesTestData,
-      entrances: [{ id: 2 }],
-      caves: [
-        {
-          id: 1,
-          entrances: [{ id: 2 }],
-        },
-      ],
-      caver: { id: 42, exploredEntrances: [{ id: 2 }], entrance: { id: 1 } },
-    });
+    should(resUser).deepEqual(expectedResult);
+    should(resVisitor).deepEqual(expectedResult);
   });
 });