👔(backend) doc restricted by default

By default a created document was in "authenticated" mode, we switch to "restricted" by default.
2026-04-21 13:37:20 +00:00 · 2024-10-25 14:16:29 +02:00 · 2024-10-25 14:16:29 +02:00 · cbb6fc740a
commit cbb6fc740a
parent 31c3dd6119
5 changed files with 87 additions and 61 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -20,6 +20,7 @@ and this project adheres to
 ## Changed

 - ♻️(frontend) list accesses if user has abilities #376
+- 👔(backend) doc restricted by default #388

 ## Fixed

--- a/src/backend/core/migrations/0008_alter_document_link_reach.py
+++ b/src/backend/core/migrations/0008_alter_document_link_reach.py
@ -0,0 +1,18 @@
+# Generated by Django 5.1.2 on 2024-10-25 11:41
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0007_fix_users_duplicate'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='document',
+            name='link_reach',
+            field=models.CharField(choices=[('restricted', 'Restricted'), ('authenticated', 'Authenticated'), ('public', 'Public')], default='restricted', max_length=20),
+        ),
+    ]
--- a/src/backend/core/models.py
+++ b/src/backend/core/models.py
@ -336,7 +336,7 @@ class Document(BaseModel):
    link_reach = models.CharField(
        max_length=20,
        choices=LinkReachChoices.choices,
-        default=LinkReachChoices.AUTHENTICATED,
+        default=LinkReachChoices.RESTRICTED,
    )
    link_role = models.CharField(
        max_length=20, choices=LinkRoleChoices.choices, default=LinkRoleChoices.READER
--- a/src/backend/core/tests/documents/test_api_documents_create.py
+++ b/src/backend/core/tests/documents/test_api_documents_create.py
@ -47,6 +47,7 @@ def test_api_documents_create_authenticated_success():
    assert response.status_code == 201
    document = Document.objects.get()
    assert document.title == "my document"
+    assert document.link_reach == "restricted"
    assert document.accesses.filter(role="owner", user=user).exists()


--- a/src/frontend/apps/e2e/tests/app-impress/doc-visibility.spec.ts
+++ b/src/frontend/apps/e2e/tests/app-impress/doc-visibility.spec.ts
@ -40,20 +40,20 @@ test.describe('Doc Visibility', () => {
      name: 'Visibility',
    });

-    await expect(selectVisibility.getByText('Authenticated')).toBeVisible();
+    await expect(selectVisibility.getByText('Restricted')).toBeVisible();

-    await expect(page.getByLabel('Read only')).toBeVisible();
-    await expect(page.getByLabel('Can read and edit')).toBeVisible();
+    await expect(page.getByLabel('Read only')).toBeHidden();
+    await expect(page.getByLabel('Can read and edit')).toBeHidden();

    await selectVisibility.click();
    await page
      .getByRole('option', {
-        name: 'Restricted',
+        name: 'Authenticated',
      })
      .click();

-    await expect(page.getByLabel('Read only')).toBeHidden();
-    await expect(page.getByLabel('Can read and edit')).toBeHidden();
+    await expect(page.getByLabel('Read only')).toBeVisible();
+    await expect(page.getByLabel('Can read and edit')).toBeVisible();

    await selectVisibility.click();

@ -87,26 +87,6 @@ test.describe('Doc Visibility: Restricted', () => {

    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

-    await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();
-
-    await page.locator('.c__modal__backdrop').click({
-      position: { x: 0, y: 0 },
-    });
-
    const urlDoc = page.url();

    await page
@ -133,26 +113,6 @@ test.describe('Doc Visibility: Restricted', () => {

    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

-    await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();
-
-    await page.locator('.c__modal__backdrop').click({
-      position: { x: 0, y: 0 },
-    });
-
    const urlDoc = page.url();

    await page
@ -182,20 +142,6 @@ test.describe('Doc Visibility: Restricted', () => {
    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

    await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();

    const inputSearch = page.getByLabel(/Find a member to add to the document/);

@ -389,6 +335,26 @@ test.describe('Doc Visibility: Authenticated', () => {

    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
    const urlDoc = page.url();

    await page
@ -421,6 +387,26 @@ test.describe('Doc Visibility: Authenticated', () => {

    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
    const urlDoc = page.url();

    await page
@ -467,6 +453,26 @@ test.describe('Doc Visibility: Authenticated', () => {

    await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();

+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
    const urlDoc = page.url();

    await page.getByRole('button', { name: 'Share' }).click();