@@ -18,6 +18,7 @@ import {OpenDocOptions} from 'app/common/DocListAPI';
1818import { SHARE_KEY_PREFIX } from 'app/common/gristUrls' ;
1919import { isLongerThan , pruneArray } from 'app/common/gutil' ;
2020import { UserAPI , UserAPIImpl } from 'app/common/UserAPI' ;
21+ import { AccessTokenResult } from 'app/plugin/GristAPI' ;
2122import { GristObjCode } from 'app/plugin/GristData' ;
2223import { Deps as DocClientsDeps } from 'app/server/lib/DocClients' ;
2324import { DocManager } from 'app/server/lib/DocManager' ;
@@ -27,6 +28,7 @@ import {globalUploadSet} from 'app/server/lib/uploads';
2728import { assert } from 'chai' ;
2829import { cloneDeep , isMatch , pick } from 'lodash' ;
2930import * as sinon from 'sinon' ;
31+ import * as jwt from 'jsonwebtoken' ;
3032import { TestServer } from 'test/gen-server/apiUtils' ;
3133import { createDocTools } from 'test/server/docTools' ;
3234import { GristClient , openClient } from 'test/server/gristClient' ;
@@ -4125,6 +4127,23 @@ describe('GranularAccess', function() {
41254127 await assert . isFulfilled ( owner . getDocAPI ( docId ) . getRows ( 'Table1' ) ) ;
41264128 } ) ;
41274129 } ) ;
4130+
4131+ describe ( "accessToken" , function ( ) {
4132+ it ( 'respects aclAsUser' , async function ( ) {
4133+ await freshDoc ( ) ;
4134+ async function getPayload ( ) {
4135+ const tokenResult : AccessTokenResult = ( await cliOwner . send ( 'getAccessToken' , 0 , { } ) ) . data ;
4136+ const token = tokenResult . token ;
4137+ const payload : any = jwt . decode ( token ) ;
4138+ return payload ;
4139+ }
4140+
4141+ const ownerPayload = await getPayload ( ) ;
4142+ await reopenClients ( { linkParameters :
{ aclAsUser :
'[email protected] ' } } ) ; 4143+ const aclPayload = await getPayload ( ) ;
4144+ assert ( aclPayload ! . userId != ownerPayload ! . userId ) ;
4145+ } )
4146+ } )
41284147} ) ;
41294148
41304149async function closeClient ( cli : GristClient ) {
0 commit comments