👔(backend) doc restricted by default

AntoLC · AntoLC · commit cbb6fc740aa9 · 2024-10-25T14:25:48.000+02:00
By default a created document was in "authenticated"
mode, we switch to "restricted" by default.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ and this project adheres to
 ## Changed
 
 - ♻️(frontend) list accesses if user has abilities #376
+- 👔(backend) doc restricted by default #388
 
 ## Fixed
 
diff --git a/src/backend/core/migrations/0008_alter_document_link_reach.py b/src/backend/core/migrations/0008_alter_document_link_reach.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.1.2 on 2024-10-25 11:41
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0007_fix_users_duplicate'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='document',
+            name='link_reach',
+            field=models.CharField(choices=[('restricted', 'Restricted'), ('authenticated', 'Authenticated'), ('public', 'Public')], default='restricted', max_length=20),
+        ),
+    ]
diff --git a/src/backend/core/models.py b/src/backend/core/models.py
@@ -336,7 +336,7 @@ class Document(BaseModel):
     link_reach = models.CharField(
         max_length=20,
         choices=LinkReachChoices.choices,
-        default=LinkReachChoices.AUTHENTICATED,
+        default=LinkReachChoices.RESTRICTED,
     )
     link_role = models.CharField(
         max_length=20, choices=LinkRoleChoices.choices, default=LinkRoleChoices.READER
diff --git a/src/backend/core/tests/documents/test_api_documents_create.py b/src/backend/core/tests/documents/test_api_documents_create.py
@@ -47,6 +47,7 @@ def test_api_documents_create_authenticated_success():
     assert response.status_code == 201
     document = Document.objects.get()
     assert document.title == "my document"
+    assert document.link_reach == "restricted"
     assert document.accesses.filter(role="owner", user=user).exists()
 
 
diff --git a/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts b/src/frontend/apps/e2e/__tests__/app-impress/doc-visibility.spec.ts
@@ -40,20 +40,20 @@ test.describe('Doc Visibility', () => {
       name: 'Visibility',
     });
 
-    await expect(selectVisibility.getByText('Authenticated')).toBeVisible();
+    await expect(selectVisibility.getByText('Restricted')).toBeVisible();
 
-    await expect(page.getByLabel('Read only')).toBeVisible();
-    await expect(page.getByLabel('Can read and edit')).toBeVisible();
+    await expect(page.getByLabel('Read only')).toBeHidden();
+    await expect(page.getByLabel('Can read and edit')).toBeHidden();
 
     await selectVisibility.click();
     await page
       .getByRole('option', {
-        name: 'Restricted',
+        name: 'Authenticated',
       })
       .click();
 
-    await expect(page.getByLabel('Read only')).toBeHidden();
-    await expect(page.getByLabel('Can read and edit')).toBeHidden();
+    await expect(page.getByLabel('Read only')).toBeVisible();
+    await expect(page.getByLabel('Can read and edit')).toBeVisible();
 
     await selectVisibility.click();
 
@@ -87,26 +87,6 @@ test.describe('Doc Visibility: Restricted', () => {
 
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
-    await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();
-
-    await page.locator('.c__modal__backdrop').click({
-      position: { x: 0, y: 0 },
-    });
-
     const urlDoc = page.url();
 
     await page
@@ -133,26 +113,6 @@ test.describe('Doc Visibility: Restricted', () => {
 
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
-    await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();
-
-    await page.locator('.c__modal__backdrop').click({
-      position: { x: 0, y: 0 },
-    });
-
     const urlDoc = page.url();
 
     await page
@@ -182,20 +142,6 @@ test.describe('Doc Visibility: Restricted', () => {
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
     await page.getByRole('button', { name: 'Share' }).click();
-    await page
-      .getByRole('combobox', {
-        name: 'Visibility',
-      })
-      .click();
-    await page
-      .getByRole('option', {
-        name: 'Restricted',
-      })
-      .click();
-
-    await expect(
-      page.getByText('The document visibility has been updated.'),
-    ).toBeVisible();
 
     const inputSearch = page.getByLabel(/Find a member to add to the document/);
 
@@ -389,6 +335,26 @@ test.describe('Doc Visibility: Authenticated', () => {
 
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
     const urlDoc = page.url();
 
     await page
@@ -421,6 +387,26 @@ test.describe('Doc Visibility: Authenticated', () => {
 
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
     const urlDoc = page.url();
 
     await page
@@ -467,6 +453,26 @@ test.describe('Doc Visibility: Authenticated', () => {
 
     await expect(page.getByRole('heading', { name: docTitle })).toBeVisible();
 
+    await page.getByRole('button', { name: 'Share' }).click();
+    await page
+      .getByRole('combobox', {
+        name: 'Visibility',
+      })
+      .click();
+    await page
+      .getByRole('option', {
+        name: 'Authenticated',
+      })
+      .click();
+
+    await expect(
+      page.getByText('The document visibility has been updated.'),
+    ).toBeVisible();
+
+    await page.locator('.c__modal__backdrop').click({
+      position: { x: 0, y: 0 },
+    });
+
     const urlDoc = page.url();
 
     await page.getByRole('button', { name: 'Share' }).click();

Original file line number	Diff line number	Diff line change
`@@ -336,7 +336,7 @@ class Document(BaseModel):`
`336`	`336`	`link_reach = models.CharField(`
`337`	`337`	`max_length=20,`
`338`	`338`	`choices=LinkReachChoices.choices,`
`339`		`- default=LinkReachChoices.AUTHENTICATED,`
	`339`	`+ default=LinkReachChoices.RESTRICTED,`
`340`	`340`	`)`
`341`	`341`	`link_role = models.CharField(`
`342`	`342`	`max_length=20, choices=LinkRoleChoices.choices, default=LinkRoleChoices.READER`