fix: Fix changing collections of not owned links

Consider that a user A had a link with a given URL in its owned collections. If he opened collections of a link with the same URL but owned by user B, he would not see that the link was already in its collections. Worse: submitting the form would delete the link from its collections if they were not re-selected manually.
flusio · Jul 25, 2022 · 93b817e · 93b817e
1 parent 2c20d92
commit 93b817e
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 0 deletions.
diff --git a/src/controllers/links/Collections.php b/src/controllers/links/Collections.php
@@ -42,6 +42,14 @@ public function index($request)
             return Response::notFound('not_found.phtml');
         }
 
+        $existing_link = models\Link::findBy([
+            'user_id' => $user->id,
+            'url_lookup' => utils\Belt::removeScheme($link->url),
+        ]);
+        if ($existing_link) {
+            $link = $existing_link;
+        }
+
         if (auth\LinksAccess::canUpdate($user, $link)) {
             $collection_ids = array_column($link->collections(), 'id');
         } else {

diff --git a/tests/controllers/links/CollectionsTest.php b/tests/controllers/links/CollectionsTest.php
@@ -116,6 +116,47 @@ public function testIndexRendersCorrectlyInModeNews()
         $this->assertResponseContains($response, 'What do you think?');
     }
 
+    public function testIndexRendersExistingLink()
+    {
+        $user = $this->login();
+        $other_user_id = $this->create('user');
+        $url = $this->fake('url');
+        $link_id_not_owned = $this->create('link', [
+            'user_id' => $other_user_id,
+            'url' => $url,
+            'is_hidden' => 0,
+        ]);
+        $link_id_owned = $this->create('link', [
+            'user_id' => $user->id,
+            'url' => $url,
+        ]);
+        $collection_id_not_owned = $this->create('collection', [
+            'user_id' => $other_user_id,
+            'type' => 'collection',
+        ]);
+        $collection_id_owned = $this->create('collection', [
+            'user_id' => $user->id,
+            'type' => 'collection',
+        ]);
+        $this->create('link_to_collection', [
+            'link_id' => $link_id_not_owned,
+            'collection_id' => $collection_id_not_owned,
+        ]);
+        $this->create('link_to_collection', [
+            'link_id' => $link_id_owned,
+            'collection_id' => $collection_id_owned,
+        ]);
+
+        $response = $this->appRun('get', "/links/{$link_id_not_owned}/collections", [
+            'from' => \Minz\Url::for('bookmarks'),
+        ]);
+
+        $this->assertResponseCode($response, 200);
+        $this->assertResponsePointer($response, 'links/collections/index.phtml');
+        $this->assertResponseContains($response, $link_id_owned);
+        $this->assertResponseNotContains($response, $link_id_not_owned);
+    }
+
     public function testIndexDoesNotCopyNotOwnedAndAccessibleLinks()
     {
         $user = $this->login();