Merge pull request #7401 from owncloud/space-quota-permission

Respect space quota permission

changelog/unreleased/bugfix-space-quota-permission

@@ -0,0 +1,6 @@
+Bugfix: Respect space quota permission
+
+By taking the space quota permission into account, we've fixed a bug where a regular space member could see the "Edit space quota" action.
+
+https://github.com/owncloud/web/issues/7400
+https://github.com/owncloud/web/pull/7401

packages/web-app-files/src/helpers/resources.ts

@@ -220,10 +220,6 @@ export function buildSpace(space) {
       ]
       return user && allowedRoles.includes(user.uuid)
     },
-    canEditQuota: function ({ user }: { user?: User } = {}) {
-      const allowedRoles = [...this.spaceRoles[spaceRoleManager.name]]
-      return user && allowedRoles.includes(user.uuid)
-    },
     canCreate: function () {
       return true
     },

packages/web-app-files/src/mixins/spaces/actions/editQuota.js

@@ -29,7 +29,7 @@ export default {
               return false
             }
 
-            return resources[0].canEditQuota({ user: this.user })
+            return this.$permissionManager.canEditSpaceQuota()
           },
           componentType: 'oc-button',
           class: 'oc-files-actions-edit-quota-trigger'

packages/web-app-files/tests/unit/mixins/spaces/editQuota.spec.js

@@ -20,38 +20,43 @@ describe('editQuota', () => {
       const wrapper = getWrapper()
       expect(wrapper.vm.$_editQuota_items[0].isEnabled({ resources: [] })).toBe(false)
     })
-    it('should be true when the current user is a manager', () => {
+    it('should be true when the current user has the "set-space-quota"-permission', () => {
       const spaceMock = {
         id: '1',
         quota: {},
         root: {
           permissions: [{ roles: ['manager'], grantedTo: [{ user: { id: 1 } }] }]
         }
       }
-      const wrapper = getWrapper()
+      const wrapper = getWrapper({ canEditSpaceQuota: true })
       expect(
         wrapper.vm.$_editQuota_items[0].isEnabled({ resources: [buildSpace(spaceMock)] })
       ).toBe(true)
     })
-    it('should be false when the current user is a viewer', () => {
+    it('should be false when the current user does not have the "set-space-quota"-permission', () => {
       const spaceMock = {
         id: '1',
         quota: {},
         root: {
-          permissions: [{ roles: ['viewer'], grantedTo: [{ user: { id: 1 } }] }]
+          permissions: [{ roles: ['manager'], grantedTo: [{ user: { id: 1 } }] }]
         }
       }
-      const wrapper = getWrapper()
+      const wrapper = getWrapper({ canEditSpaceQuota: false })
       expect(
         wrapper.vm.$_editQuota_items[0].isEnabled({ resources: [buildSpace(spaceMock)] })
       ).toBe(false)
     })
   })
 })
 
-function getWrapper() {
+function getWrapper({ canEditSpaceQuota = false } = {}) {
   return mount(Component, {
     localVue,
+    mocks: {
+      $permissionManager: {
+        canEditSpaceQuota: () => canEditSpaceQuota
+      }
+    },
     store: createStore(Vuex.Store, {
       modules: {
         user: {

packages/web-pkg/src/services/permissionManager.ts

@@ -1,6 +1,21 @@
 import { Store } from 'vuex'
+interface Permission {
+  description: string
+  displayName: string
+  id: string
+  name: string
+  permissionValue: {
+    constraint: string
+    operation: string
+  }
+  resource: {
+    id: string
+    type: string
+  }
+}
 interface Role {
   name: 'admin' | 'spaceadmin' | 'user' | 'guest'
+  settings: Array<Permission>
 }
 interface User {
   role: Role
@@ -21,6 +36,10 @@ export class PermissionManager {
     return ['admin', 'spaceadmin'].includes(this.user.role?.name)
   }
 
+  public canEditSpaceQuota() {
+    return !!this.user.role?.settings.find((s) => s.name === 'set-space-quota')
+  }
+
   get user(): User {
     return this.store.getters.user
   }