feat: check permissions in realtime code and frontend

Signed-off-by: Philip Molares <philip.molares@udo.edu> Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2025-05-23 11:37:02 -04:00 · 2023-03-26 14:51:18 +02:00 · 2023-03-26 14:51:18 +02:00 · c2f41118b6
commit c2f41118b6
parent 24f1b2a361
27 changed files with 287 additions and 66 deletions
--- a/backend/src/realtime/realtime-note/realtime-connection.spec.ts
+++ b/backend/src/realtime/realtime-note/realtime-connection.spec.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -53,6 +53,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );
    expect(sut.getTransporter()).toBe(mockedMessageTransporter);
  });
@ -62,6 +63,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );
    expect(sut.getRealtimeNote()).toBe(mockedRealtimeNote);
  });
@ -76,6 +78,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );

    expect(sut.getRealtimeUserStateAdapter()).toBe(realtimeUserStatus);
@ -91,6 +94,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );

    expect(sut.getSyncAdapter()).toBe(yDocSyncServerAdapter);
@ -101,6 +105,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );

    const removeClientSpy = jest.spyOn(mockedRealtimeNote, 'removeClient');
@ -115,6 +120,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );

    expect(sut.getUser()).toBe(mockedUser);
@ -127,6 +133,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUserWithUsername,
      mockedRealtimeNote,
+      true,
    );

    expect(sut.getDisplayName()).toBe('MockUser');
@ -143,6 +150,7 @@ describe('websocket connection', () => {
      mockedMessageTransporter,
      mockedUser,
      mockedRealtimeNote,
+      true,
    );

    expect(sut.getDisplayName()).toBe(randomName);
--- a/backend/src/realtime/realtime-note/realtime-connection.ts
+++ b/backend/src/realtime/realtime-note/realtime-connection.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -28,12 +28,14 @@ export class RealtimeConnection {
   * @param messageTransporter The message transporter that handles the communication with the client.
   * @param user The user of the client
   * @param realtimeNote The {@link RealtimeNote} that the client connected to.
+   * @param acceptEdits If edits by this connection should be accepted.
   * @throws Error if the socket is not open
   */
  constructor(
    messageTransporter: MessageTransporter,
    private user: User | null,
    private realtimeNote: RealtimeNote,
+    private acceptEdits: boolean,
  ) {
    this.displayName = user?.displayName ?? generateRandomName();
    this.transporter = messageTransporter;
@ -44,6 +46,7 @@ export class RealtimeConnection {
    this.yDocSyncAdapter = new YDocSyncServerAdapter(
      this.transporter,
      realtimeNote.getRealtimeDoc(),
+      acceptEdits,
    );
    this.realtimeUserStateAdapter = new RealtimeUserStatusAdapter(
      this.user?.username ?? null,