From 19b87a0114fe4913b61a0b8f6e133b3afa83e273 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Wed, 29 Jun 2022 10:57:06 +0200
Subject: [PATCH 1/9] Don't show user management in app switcher if user has
 not role 'admin'

---
 packages/web-app-user-management/src/index.js |  8 ++++
 packages/web-runtime/src/store/user.js        | 46 +++++++++++++++++--
 2 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/packages/web-app-user-management/src/index.js b/packages/web-app-user-management/src/index.js
index be54aeb3fe7..b181afea964 100644
--- a/packages/web-app-user-management/src/index.js
+++ b/packages/web-app-user-management/src/index.js
@@ -9,6 +9,8 @@ function $gettext(msg) {
   return msg
 }
 
+const store = window.Vue.$store
+
 const appInfo = {
   name: $gettext('User management'),
   id: 'user-management',
@@ -41,6 +43,9 @@ const navItems = [
     icon: 'user',
     route: {
       path: `/${appInfo.id}/users?`
+    },
+    enabled: () => {
+      return store.getters.user.role.name === 'admin'
     }
   },
   {
@@ -48,6 +53,9 @@ const navItems = [
     icon: 'group-2',
     route: {
       path: `/${appInfo.id}/groups?`
+    },
+    enabled: () => {
+      return store.getters.user.role.name === 'admin'
     }
   }
 ]
diff --git a/packages/web-runtime/src/store/user.js b/packages/web-runtime/src/store/user.js
index 38ce5de36a5..d96b2f0c007 100644
--- a/packages/web-runtime/src/store/user.js
+++ b/packages/web-runtime/src/store/user.js
@@ -5,6 +5,7 @@ import { router } from '../router'
 import { clientService } from 'web-pkg/src/services'
 
 import { setUser as sentrySetUser } from '@sentry/browser'
+import axios from 'axios'
 
 let vueAuthInstance
 
@@ -20,7 +21,9 @@ const state = {
   groups: [],
   userReady: false,
   quota: null,
-  language: null
+  language: null,
+  role: {},
+  roles: []
 }
 
 const actions = {
@@ -98,12 +101,44 @@ const actions = {
 
         const userGroups = await client.users.getUserGroups(login.id)
         const user = await client.users.getUser(login.id)
+        const {
+          data: { bundles: roles }
+        } = await axios.post(
+          '/api/v0/settings/roles-list',
+          {},
+          {
+            headers: {
+              authorization: `Bearer ${token}`
+            }
+          }
+        )
+
+        context.commit('SET_ROLES', roles)
 
         // FIXME: Can be removed as soon as the uuid is integrated in the OCS api
         let graphUser
+        let role = []
         if (context.state.capabilities.spaces?.enabled) {
           const graphClient = clientService.graphAuthenticated(instance, token)
           graphUser = await graphClient.users.getMe()
+
+          const userAssignmentResponse = await axios.post(
+            '/api/v0/settings/assignments-list',
+            {
+              account_uuid: graphUser.data.id
+            },
+            {
+              headers: {
+                authorization: `Bearer ${token}`
+              }
+            }
+          )
+          const assignments = userAssignmentResponse.data?.assignments
+          const roleAssignment = assignments.find((assignment) => 'roleId' in assignment)
+
+          if (roleAssignment) {
+            role = roles.find((role) => role.id === roleAssignment.roleId)
+          }
         }
 
         let userEmail = ''
@@ -124,6 +159,7 @@ const actions = {
           token,
           isAuthenticated: true,
           groups: userGroups,
+          role,
           language
         })
 
@@ -261,6 +297,7 @@ const mutations = {
     state.token = user.token
     state.groups = user.groups
     state.language = user.language
+    state.role = user.role
     sentrySetUser({ username: user.id })
   },
   SET_CAPABILITIES(state, data) {
@@ -281,6 +318,9 @@ const mutations = {
     quota.total = parseInt(quota.total)
 
     state.quota = quota
+  },
+  SET_ROLES(state, roles) {
+    state.roles = roles
   }
 }
 
@@ -300,8 +340,8 @@ const getters = {
   capabilities: (state) => {
     return state.capabilities
   },
-
-  quota: (state) => state.quota
+  quota: (state) => state.quota,
+  roles: (state) => state.roles
 }
 
 export default {

From 7ee2c9b2d371073a374f05276ebd06dc6560846e Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Wed, 29 Jun 2022 13:03:18 +0200
Subject: [PATCH 2/9] Add permissionManager

---
 packages/web-app-user-management/src/index.js |  8 ++++---
 packages/web-pkg/src/services/index.ts        |  1 +
 .../web-pkg/src/services/permissionManager.ts | 22 +++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 packages/web-pkg/src/services/permissionManager.ts

diff --git a/packages/web-app-user-management/src/index.js b/packages/web-app-user-management/src/index.js
index b181afea964..d1a4517ad60 100644
--- a/packages/web-app-user-management/src/index.js
+++ b/packages/web-app-user-management/src/index.js
@@ -4,12 +4,14 @@ import Users from './views/Users.vue'
 import Groups from './views/Groups.vue'
 import { FilterSearch } from './search'
 import { bus } from 'web-pkg/src/instance'
+import { PermissionManagerService } from 'web-pkg/src/services'
 // just a dummy function to trick gettext tools
 function $gettext(msg) {
   return msg
 }
 
-const store = window.Vue.$store
+const user = window.Vue.$store.getters.user
+const permissionManagerService = new PermissionManagerService(user)
 
 const appInfo = {
   name: $gettext('User management'),
@@ -45,7 +47,7 @@ const navItems = [
       path: `/${appInfo.id}/users?`
     },
     enabled: () => {
-      return store.getters.user.role.name === 'admin'
+      return permissionManagerService.hasUserManagement()
     }
   },
   {
@@ -55,7 +57,7 @@ const navItems = [
       path: `/${appInfo.id}/groups?`
     },
     enabled: () => {
-      return store.getters.user.role.name === 'admin'
+      return permissionManagerService.hasUserManagement()
     }
   }
 ]
diff --git a/packages/web-pkg/src/services/index.ts b/packages/web-pkg/src/services/index.ts
index 83dae7638cc..2f14e295909 100644
--- a/packages/web-pkg/src/services/index.ts
+++ b/packages/web-pkg/src/services/index.ts
@@ -1 +1,2 @@
 export * from './client'
+export * from './permissionManager'
diff --git a/packages/web-pkg/src/services/permissionManager.ts b/packages/web-pkg/src/services/permissionManager.ts
new file mode 100644
index 00000000000..bb1d3e5611f
--- /dev/null
+++ b/packages/web-pkg/src/services/permissionManager.ts
@@ -0,0 +1,22 @@
+interface Role {
+  name: 'admin' | 'spaceadmin' | 'user' | 'guest'
+}
+interface User {
+  role: Role
+}
+
+export class PermissionManagerService {
+  private readonly user: User
+
+  constructor(user: User) {
+    this.user = user
+  }
+
+  public hasUserManagement() {
+    return this.user.role.name === 'admin'
+  }
+
+  public hasSpaceManagement() {
+    return ['admin', 'spaceadmin'].includes(this.user.role.name)
+  }
+}

From 8c31983fa32ade2635889a0785299c66aaf51d1d Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Wed, 29 Jun 2022 13:15:43 +0200
Subject: [PATCH 3/9] Add permission check for create new space action

---
 packages/web-app-files/src/views/spaces/Projects.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/web-app-files/src/views/spaces/Projects.vue b/packages/web-app-files/src/views/spaces/Projects.vue
index 803f5fef6c8..d903b037761 100644
--- a/packages/web-app-files/src/views/spaces/Projects.vue
+++ b/packages/web-app-files/src/views/spaces/Projects.vue
@@ -8,7 +8,7 @@
       :show-actions-on-selection="true"
     >
       <template #actions>
-        <create-space />
+        <create-space v-if="hasCreatePermission" />
       </template>
       <template #content>
         <p v-text="spacesHint" />
@@ -136,7 +136,7 @@ import { useTask } from 'vue-concurrency'
 import { createLocationSpaces } from '../../router'
 import { mapMutations, mapActions, mapGetters } from 'vuex'
 import { buildResource, buildSpace, buildWebDavSpacesPath } from '../../helpers/resources'
-import { clientService } from 'web-pkg/src/services'
+import { clientService, PermissionManagerService } from 'web-pkg/src/services'
 import { loadPreview } from '../../helpers/resource'
 import { ImageDimension } from '../../constants'
 import SpaceContextActions from '../../components/Spaces/SpaceContextActions.vue'
@@ -188,8 +188,8 @@ export default defineComponent({
       return this.$gettext('Store your project related files in Spaces for seamless collaboration.')
     },
     hasCreatePermission() {
-      // @TODO
-      return true
+      const permissionManagerService = new PermissionManagerService(this.user)
+      return permissionManagerService.hasSpaceManagement()
     }
   },
   watch: {

From 3d4bb55bc1660ff1fe18efb0475f8440fc6332a3 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Wed, 29 Jun 2022 14:14:55 +0200
Subject: [PATCH 4/9] Add changelog item

---
 .../bugfix-space-and-user-management-permissions          | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 changelog/unreleased/bugfix-space-and-user-management-permissions

diff --git a/changelog/unreleased/bugfix-space-and-user-management-permissions b/changelog/unreleased/bugfix-space-and-user-management-permissions
new file mode 100644
index 00000000000..bd8e1552474
--- /dev/null
+++ b/changelog/unreleased/bugfix-space-and-user-management-permissions
@@ -0,0 +1,8 @@
+Bugfix: Create space and access user management permission
+
+We've fixed a bug, where users with insufficient permissions could access the user management and were able to see
+the "New Space" button in the space overview.
+
+https://github.com/owncloud/web/pull/7197
+https://github.com/owncloud/web/issues/7181
+https://github.com/owncloud/web/issues/7079

From 5789448950d2bffc73c9debef0d91cefb81093b7 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Thu, 30 Jun 2022 10:57:53 +0200
Subject: [PATCH 5/9] Switch to DI

---
 .../src/views/spaces/Projects.vue             |  5 ++---
 packages/web-app-user-management/src/index.js |  8 +++-----
 .../web-pkg/src/services/permissionManager.ts | 13 ++++++++----
 .../web-runtime/src/container/bootstrap.ts    | 20 ++++++++++++++++++-
 packages/web-runtime/src/index.ts             |  2 ++
 5 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/packages/web-app-files/src/views/spaces/Projects.vue b/packages/web-app-files/src/views/spaces/Projects.vue
index d903b037761..31ebd766c5e 100644
--- a/packages/web-app-files/src/views/spaces/Projects.vue
+++ b/packages/web-app-files/src/views/spaces/Projects.vue
@@ -136,7 +136,7 @@ import { useTask } from 'vue-concurrency'
 import { createLocationSpaces } from '../../router'
 import { mapMutations, mapActions, mapGetters } from 'vuex'
 import { buildResource, buildSpace, buildWebDavSpacesPath } from '../../helpers/resources'
-import { clientService, PermissionManagerService } from 'web-pkg/src/services'
+import { clientService } from 'web-pkg/src/services'
 import { loadPreview } from '../../helpers/resource'
 import { ImageDimension } from '../../constants'
 import SpaceContextActions from '../../components/Spaces/SpaceContextActions.vue'
@@ -188,8 +188,7 @@ export default defineComponent({
       return this.$gettext('Store your project related files in Spaces for seamless collaboration.')
     },
     hasCreatePermission() {
-      const permissionManagerService = new PermissionManagerService(this.user)
-      return permissionManagerService.hasSpaceManagement()
+      return this.$permissionManager.hasSpaceManagement()
     }
   },
   watch: {
diff --git a/packages/web-app-user-management/src/index.js b/packages/web-app-user-management/src/index.js
index d1a4517ad60..dd67c79af8c 100644
--- a/packages/web-app-user-management/src/index.js
+++ b/packages/web-app-user-management/src/index.js
@@ -4,14 +4,12 @@ import Users from './views/Users.vue'
 import Groups from './views/Groups.vue'
 import { FilterSearch } from './search'
 import { bus } from 'web-pkg/src/instance'
-import { PermissionManagerService } from 'web-pkg/src/services'
 // just a dummy function to trick gettext tools
 function $gettext(msg) {
   return msg
 }
 
-const user = window.Vue.$store.getters.user
-const permissionManagerService = new PermissionManagerService(user)
+const permissionManager = window.Vue.$permissionManager
 
 const appInfo = {
   name: $gettext('User management'),
@@ -47,7 +45,7 @@ const navItems = [
       path: `/${appInfo.id}/users?`
     },
     enabled: () => {
-      return permissionManagerService.hasUserManagement()
+      return permissionManager.hasUserManagement()
     }
   },
   {
@@ -57,7 +55,7 @@ const navItems = [
       path: `/${appInfo.id}/groups?`
     },
     enabled: () => {
-      return permissionManagerService.hasUserManagement()
+      return permissionManager.hasUserManagement()
     }
   }
 ]
diff --git a/packages/web-pkg/src/services/permissionManager.ts b/packages/web-pkg/src/services/permissionManager.ts
index bb1d3e5611f..dbc0969b4ca 100644
--- a/packages/web-pkg/src/services/permissionManager.ts
+++ b/packages/web-pkg/src/services/permissionManager.ts
@@ -1,3 +1,4 @@
+import { Store } from 'vuex'
 interface Role {
   name: 'admin' | 'spaceadmin' | 'user' | 'guest'
 }
@@ -5,11 +6,11 @@ interface User {
   role: Role
 }
 
-export class PermissionManagerService {
-  private readonly user: User
+export class PermissionManager {
+  private readonly store: Store<any>
 
-  constructor(user: User) {
-    this.user = user
+  constructor(store: Store<any>) {
+    this.store = store
   }
 
   public hasUserManagement() {
@@ -19,4 +20,8 @@ export class PermissionManagerService {
   public hasSpaceManagement() {
     return ['admin', 'spaceadmin'].includes(this.user.role.name)
   }
+
+  get user(): User {
+    return this.store.getters.user
+  }
 }
diff --git a/packages/web-runtime/src/container/bootstrap.ts b/packages/web-runtime/src/container/bootstrap.ts
index 44a5a63cec3..29423064c2f 100644
--- a/packages/web-runtime/src/container/bootstrap.ts
+++ b/packages/web-runtime/src/container/bootstrap.ts
@@ -13,7 +13,7 @@ import { getBackendVersion, getWebVersion } from './versions'
 import { useLocalStorage } from 'web-pkg/src/composables'
 import { unref } from '@vue/composition-api'
 import { useDefaultThemeName } from '../composables'
-import { clientService } from 'web-pkg/src/services'
+import { clientService, PermissionManager } from 'web-pkg/src/services'
 import { UppyService } from '../services/uppyService'
 
 import { init as SentryInit } from '@sentry/browser'
@@ -253,6 +253,24 @@ export const announceClientService = ({
   vue.prototype.$clientService.owncloudSdk = sdk
 }
 
+/**
+ * announce uppyService and inject it into vue
+ *
+ * @param vue
+ * @param store
+ */
+export const announcePermissionManager = ({
+  vue,
+  store
+}: {
+  vue: VueConstructor
+  store: Store<any>
+}): void => {
+  const permissionManager = new PermissionManager(store)
+  vue.prototype.$permissionManager = permissionManager
+  set(vue, '$permissionManager', permissionManager)
+}
+
 /**
  * announce uppyService and inject it into vue
  *
diff --git a/packages/web-runtime/src/index.ts b/packages/web-runtime/src/index.ts
index 410923938d7..16d6ae5162c 100644
--- a/packages/web-runtime/src/index.ts
+++ b/packages/web-runtime/src/index.ts
@@ -21,6 +21,7 @@ import {
   announceVersions,
   applicationStore,
   announceUppyService,
+  announcePermissionManager,
   startSentry
 } from './container'
 
@@ -29,6 +30,7 @@ export const bootstrap = async (configurationPath: string): Promise<void> => {
   startSentry(runtimeConfiguration, Vue)
   announceClientService({ vue: Vue, runtimeConfiguration })
   announceUppyService({ vue: Vue })
+  announcePermissionManager({ vue: Vue, store })
   await announceClient(runtimeConfiguration)
   await announceStore({ vue: Vue, store, runtimeConfiguration })
   await announceApplications({

From d3a124e3dfd10f7c99982e24a6da605dcf23e2d3 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Thu, 30 Jun 2022 11:29:36 +0200
Subject: [PATCH 6/9] Add permissionManager test

---
 .../unit/services/permissionManager.spec.ts   | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 packages/web-pkg/tests/unit/services/permissionManager.spec.ts

diff --git a/packages/web-pkg/tests/unit/services/permissionManager.spec.ts b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
new file mode 100644
index 00000000000..22453aa63b9
--- /dev/null
+++ b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
@@ -0,0 +1,34 @@
+import { PermissionManager } from '../../../src/services'
+
+beforeEach(jest.resetAllMocks)
+
+describe('permissionManager', () => {
+  describe('method "hasUserManagement"', () => {
+    test('should be true if user has sufficient rights', () => {
+      const permissionManager = new PermissionManager({
+        getters: { user: { role: { name: 'admin' } } }
+      } as any)
+      expect(permissionManager.hasUserManagement()).toBeTruthy()
+    })
+    test('should be false if user has insufficient rights', () => {
+      const permissionManager = new PermissionManager({
+        getters: { user: { role: { name: 'user' } } }
+      } as any)
+      expect(permissionManager.hasUserManagement()).toBeFalsy()
+    })
+  })
+  describe('method "hasSpaceManagement"', () => {
+    test('should be true if user has sufficient rights', () => {
+      const permissionManager = new PermissionManager({
+        getters: { user: { role: { name: 'admin' } } }
+      } as any)
+      expect(permissionManager.hasUserManagement()).toBeTruthy()
+    })
+    test('should be false if user has insufficient rights', () => {
+      const permissionManager = new PermissionManager({
+        getters: { user: { role: { name: 'user' } } }
+      } as any)
+      expect(permissionManager.hasUserManagement()).toBeFalsy()
+    })
+  })
+})

From f3d208ac5be2b81ce9f3903a6ba452af61493801 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Thu, 30 Jun 2022 11:47:36 +0200
Subject: [PATCH 7/9] React on review

---
 packages/web-app-user-management/src/index.js |  4 +--
 packages/web-runtime/src/store/user.js        | 27 ++++++++++---------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/packages/web-app-user-management/src/index.js b/packages/web-app-user-management/src/index.js
index dd67c79af8c..14da6fd510d 100644
--- a/packages/web-app-user-management/src/index.js
+++ b/packages/web-app-user-management/src/index.js
@@ -9,8 +9,6 @@ function $gettext(msg) {
   return msg
 }
 
-const permissionManager = window.Vue.$permissionManager
-
 const appInfo = {
   name: $gettext('User management'),
   id: 'user-management',
@@ -45,6 +43,7 @@ const navItems = [
       path: `/${appInfo.id}/users?`
     },
     enabled: () => {
+      const permissionManager = window.Vue.$permissionManager
       return permissionManager.hasUserManagement()
     }
   },
@@ -55,6 +54,7 @@ const navItems = [
       path: `/${appInfo.id}/groups?`
     },
     enabled: () => {
+      const permissionManager = window.Vue.$permissionManager
       return permissionManager.hasUserManagement()
     }
   }
diff --git a/packages/web-runtime/src/store/user.js b/packages/web-runtime/src/store/user.js
index d96b2f0c007..45d0e28230b 100644
--- a/packages/web-runtime/src/store/user.js
+++ b/packages/web-runtime/src/store/user.js
@@ -101,19 +101,6 @@ const actions = {
 
         const userGroups = await client.users.getUserGroups(login.id)
         const user = await client.users.getUser(login.id)
-        const {
-          data: { bundles: roles }
-        } = await axios.post(
-          '/api/v0/settings/roles-list',
-          {},
-          {
-            headers: {
-              authorization: `Bearer ${token}`
-            }
-          }
-        )
-
-        context.commit('SET_ROLES', roles)
 
         // FIXME: Can be removed as soon as the uuid is integrated in the OCS api
         let graphUser
@@ -122,6 +109,20 @@ const actions = {
           const graphClient = clientService.graphAuthenticated(instance, token)
           graphUser = await graphClient.users.getMe()
 
+          const {
+            data: { bundles: roles }
+          } = await axios.post(
+            '/api/v0/settings/roles-list',
+            {},
+            {
+              headers: {
+                authorization: `Bearer ${token}`
+              }
+            }
+          )
+
+          context.commit('SET_ROLES', roles)
+
           const userAssignmentResponse = await axios.post(
             '/api/v0/settings/assignments-list',
             {

From d9b26ec6616743d0d4ab75ba08c455cd78ba960d Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Thu, 30 Jun 2022 12:13:07 +0200
Subject: [PATCH 8/9] Add tests

---
 .../tests/unit/services/permissionManager.spec.ts    |  8 ++++----
 .../tests/unit/container/bootstrap.spec.ts           | 12 +++++++++++-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/packages/web-pkg/tests/unit/services/permissionManager.spec.ts b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
index 22453aa63b9..9094c075903 100644
--- a/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
+++ b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
@@ -4,13 +4,13 @@ beforeEach(jest.resetAllMocks)
 
 describe('permissionManager', () => {
   describe('method "hasUserManagement"', () => {
-    test('should be true if user has sufficient rights', () => {
+    it('should be true if user has sufficient rights', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'admin' } } }
       } as any)
       expect(permissionManager.hasUserManagement()).toBeTruthy()
     })
-    test('should be false if user has insufficient rights', () => {
+    it('should be false if user has insufficient rights', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'user' } } }
       } as any)
@@ -18,13 +18,13 @@ describe('permissionManager', () => {
     })
   })
   describe('method "hasSpaceManagement"', () => {
-    test('should be true if user has sufficient rights', () => {
+    it('should be true if user has sufficient rights', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'admin' } } }
       } as any)
       expect(permissionManager.hasUserManagement()).toBeTruthy()
     })
-    test('should be false if user has insufficient rights', () => {
+    it('should be false if user has insufficient rights', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'user' } } }
       } as any)
diff --git a/packages/web-runtime/tests/unit/container/bootstrap.spec.ts b/packages/web-runtime/tests/unit/container/bootstrap.spec.ts
index 09ec81a54f1..6371c14968e 100644
--- a/packages/web-runtime/tests/unit/container/bootstrap.spec.ts
+++ b/packages/web-runtime/tests/unit/container/bootstrap.spec.ts
@@ -1,5 +1,6 @@
-import { announceApplications } from '../../../src/container'
+import { announceApplications, announcePermissionManager } from '../../../src/container'
 import { buildApplication } from '../../../src/container/application'
+import { Vue } from './../../../src/defaults'
 
 jest.mock('../../../src/container/application')
 
@@ -40,3 +41,12 @@ describe('announce applications', () => {
     expect(errorSpy.mock.calls[1][0]).toMatchObject(fishyError)
   })
 })
+
+describe('announcePermissionManager', () => {
+  it('should inject vue object contains permissionManager instance', () => {
+    const vue = Vue
+    announcePermissionManager({ vue: Vue, store: {} as any })
+    expect(vue.prototype.$permissionManager).toBeDefined()
+    expect(vue.$permissionManager).toBeDefined()
+  })
+})

From 13e048d3a7cc082da2cb69b1c27461ff23051956 Mon Sep 17 00:00:00 2001
From: JanAckermann <jackermann@owncloud.com>
Date: Thu, 30 Jun 2022 12:51:17 +0200
Subject: [PATCH 9/9] Add tests

---
 .../tests/unit/index.spec.js                  | 22 +++++++++++++++++++
 .../unit/services/permissionManager.spec.ts   |  4 ++--
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 packages/web-app-user-management/tests/unit/index.spec.js

diff --git a/packages/web-app-user-management/tests/unit/index.spec.js b/packages/web-app-user-management/tests/unit/index.spec.js
new file mode 100644
index 00000000000..c278bda40b5
--- /dev/null
+++ b/packages/web-app-user-management/tests/unit/index.spec.js
@@ -0,0 +1,22 @@
+import index from '../../src/index'
+
+describe('navItems', () => {
+  describe('function "enabled"', () => {
+    it('should be true if permissions are sufficient', () => {
+      window.Vue = {}
+      window.Vue.$permissionManager = {
+        hasUserManagement: () => true
+      }
+      expect(index.navItems[0].enabled()).toBeTruthy()
+      expect(index.navItems[1].enabled()).toBeTruthy()
+    })
+    it('should be false if permissions are insufficient', () => {
+      window.Vue = {}
+      window.Vue.$permissionManager = {
+        hasUserManagement: () => false
+      }
+      expect(index.navItems[0].enabled()).toBeFalsy()
+      expect(index.navItems[1].enabled()).toBeFalsy()
+    })
+  })
+})
diff --git a/packages/web-pkg/tests/unit/services/permissionManager.spec.ts b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
index 9094c075903..6dd3a8aecfa 100644
--- a/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
+++ b/packages/web-pkg/tests/unit/services/permissionManager.spec.ts
@@ -22,13 +22,13 @@ describe('permissionManager', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'admin' } } }
       } as any)
-      expect(permissionManager.hasUserManagement()).toBeTruthy()
+      expect(permissionManager.hasSpaceManagement()).toBeTruthy()
     })
     it('should be false if user has insufficient rights', () => {
       const permissionManager = new PermissionManager({
         getters: { user: { role: { name: 'user' } } }
       } as any)
-      expect(permissionManager.hasUserManagement()).toBeFalsy()
+      expect(permissionManager.hasSpaceManagement()).toBeFalsy()
     })
   })
 })