fix(systemtags): sanity checks for bulk tagging action

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2026-04-21 14:23:17 -04:00 · 2024-11-08 09:36:56 +01:00 · 2024-11-08 09:36:56 +01:00 · 56a82faab0
commit 56a82faab0
parent 9571e34182
2 changed files with 82 additions and 3 deletions
--- a/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
@ -0,0 +1,74 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import { File, Folder, Permission, View, FileAction } from '@nextcloud/files'
+import { describe, expect, test } from 'vitest'
+import { action } from './bulkSystemTagsAction'
+
+const view = {
+	id: 'files',
+	name: 'Files',
+} as View
+
+describe('Manage tags action conditions tests', () => {
+	test('Default values', () => {
+		expect(action).toBeInstanceOf(FileAction)
+		expect(action.id).toBe('systemtags:bulk')
+		expect(action.displayName([], view)).toBe('Manage tags')
+		expect(action.iconSvgInline([], view)).toMatch(/<svg.+<\/svg>/)
+		expect(action.default).toBeUndefined()
+		expect(action.order).toBe(undefined)
+		expect(action.enabled).toBeDefined()
+	})
+})
+
+describe('Manage tags action enabled tests', () => {
+	test('Disabled without permissions', () => {
+		const file1 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.NONE,
+		})
+
+		const file2 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.UPDATE,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file1, file2], view)).toBe(false)
+		expect(action.enabled!([file1], view)).toBe(false)
+		expect(action.enabled!([file2], view)).toBe(true)
+	})
+
+	test('Disabled for non-dav ressources', () => {
+		const file = new File({
+			id: 1,
+			source: 'https://domain.com/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(false)
+	})
+
+	test('Enabled for files outside the user root folder', () => {
+		const file = new Folder({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878',
+			owner: 'admin',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(true)
+	})
+})
--- a/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
@ -2,7 +2,7 @@
 * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
-import { type Node } from '@nextcloud/files'
+import { Permission, type Node } from '@nextcloud/files'

 import { defineAsyncComponent } from 'vue'
 import { FileAction } from '@nextcloud/files'
@ -38,8 +38,13 @@ export const action = new FileAction({
 			return false
 		}

-		// If the user is not logged in, the action is not available
-		return true
+		// Disabled for non dav resources
+		if (nodes.some((node) => !node.isDavRessource)) {
+			return false
+		}
+
+		// We need to have the update permission on all nodes
+		return !nodes.some((node) => (node.permissions & Permission.UPDATE) === 0)
 	},

 	async exec(node: Node) {