cojson 0.14.0 → 0.14.16

package/src/coValues/group.ts

@@ -451,7 +451,9 @@ export class RawGroup<
   }
 
   getCurrentReadKeyId() {
-    if (this.myRole() === "writeOnly") {
+    const myRole = this.myRole();
+
+    if (myRole === "writeOnly") {
       const accountId = this.core.node.getCurrentAgent().id;
 
       const key = this.get(`writeKeyFor_${accountId}`) as KeyID;
@@ -469,6 +471,16 @@ export class RawGroup<
       return key;
     }
 
+    if (!myRole) {
+      const accountId = this.core.node.getCurrentAgent().id;
+
+      const key = this.get(`writeKeyFor_${accountId}`) as KeyID;
+
+      if (key) {
+        return key;
+      }
+    }
+
     return this.get("readKey");
   }
 
@@ -670,22 +682,24 @@ export class RawGroup<
       );
     }
 
+    const value = role === "inherit" ? "extend" : role;
+
+    this.set(`parent_${parent.id}`, value, "trusting");
+    parent.set(`child_${this.id}`, "extend", "trusting");
+
     if (
       parent.myRole() !== "admin" &&
       parent.myRole() !== "writer" &&
       parent.myRole() !== "reader" &&
       parent.myRole() !== "writeOnly"
     ) {
-      throw new Error(
-        "To extend a group, the current account must be a member of the parent group",
+      // Create a writeOnly key in the parent group to be able to reveal the current child key to the parent group
+      parent.internalCreateWriteOnlyKeyForMember(
+        this.core.node.getCurrentAgent().id,
+        this.core.node.getCurrentAgent().currentAgentID(),
       );
     }
 
-    const value = role === "inherit" ? "extend" : role;
-
-    this.set(`parent_${parent.id}`, value, "trusting");
-    parent.set(`child_${this.id}`, "extend", "trusting");
-
     const { id: parentReadKeyID, secret: parentReadKeySecret } =
       parent.core.getCurrentReadKey();
     if (!parentReadKeySecret) {

package/src/exports.ts

@@ -72,6 +72,7 @@ import type {
 import {
   DisconnectedError,
   PingTimeoutError,
+  SyncManager,
   emptyKnownState,
 } from "./sync.js";
 
@@ -102,6 +103,7 @@ export const cojsonInternals = {
   getGroupDependentKeyList,
   getGroupDependentKey,
   disablePermissionErrors,
+  SyncManager,
   CO_VALUE_LOADING_CONFIG,
   setCoValueLoadingRetryDelay(delay: number) {
     CO_VALUE_LOADING_CONFIG.RETRY_DELAY = delay;

package/src/localNode.ts

@@ -548,6 +548,7 @@ export class LocalNode {
     group.processNewTransactions();
 
     group.core.notifyUpdate("immediate");
+    this.syncManager.requestCoValueSync(group.core);
   }
 
   /** @internal */

package/src/permissions.ts

@@ -345,18 +345,6 @@ function determineValidTransactionsForGroup(
       validTransactions.push({ txID: { sessionID, txIndex }, tx });
       continue;
     } else if (isChildExtension(change.key)) {
-      if (
-        memberState[transactor] !== "admin" &&
-        memberState[transactor] !== "writer" &&
-        memberState[transactor] !== "reader" &&
-        memberState[transactor] !== "writeOnly"
-      ) {
-        logPermissionError(
-          "Only admins, writers, readers and writeOnly can set child extensions",
-        );
-        continue;
-      }
-
       validTransactions.push({ txID: { sessionID, txIndex }, tx });
       continue;
     } else if (isWriteKeyForMember(change.key)) {

package/src/tests/group.inheritance.test.ts

@@ -157,6 +157,29 @@ describe("extend", () => {
 
     expect(childGroup.roleOf(node2.accountID)).toEqual(undefined);
   });
+
+  test("should be possible to extend a group without having membership in the parent group", async () => {
+    const { node1, node2, node3 } = await createThreeConnectedNodes(
+      "server",
+      "server",
+      "server",
+    );
+
+    const parentGroup = node1.node.createGroup();
+    const childGroup = node2.node.createGroup();
+
+    const alice = await loadCoValueOrFail(node1.node, node3.accountID);
+    parentGroup.addMember(alice, "writer");
+
+    const parentGroupOnNode2 = await loadCoValueOrFail(
+      node2.node,
+      parentGroup.id,
+    );
+
+    childGroup.extend(parentGroupOnNode2);
+
+    expect(childGroup.roleOf(alice.id)).toBe("writer");
+  });
 });
 
 describe("unextend", () => {
@@ -191,6 +214,78 @@ describe("unextend", () => {
     expect(childGroup.roleOf(alice.id)).toBe(undefined);
   });
 
+  test("should work when the account has no access to the parent group but owns the writeKey", async () => {
+    const { node1, node2, node3 } = await createThreeConnectedNodes(
+      "server",
+      "server",
+      "server",
+    );
+
+    const parentGroup = node1.node.createGroup();
+    const childGroup = node2.node.createGroup();
+
+    const alice = await loadCoValueOrFail(node1.node, node3.accountID);
+    parentGroup.addMember(alice, "writer");
+
+    const parentGroupOnNode2 = await loadCoValueOrFail(
+      node2.node,
+      parentGroup.id,
+    );
+
+    childGroup.extend(parentGroupOnNode2);
+
+    expect(childGroup.roleOf(alice.id)).toBe("writer");
+
+    // `childGroup` no longer has `parentGroup`'s members
+    await childGroup.revokeExtend(parentGroup);
+    expect(childGroup.roleOf(alice.id)).toBe(undefined);
+
+    const map = childGroup.createMap();
+    map.set("test", "Hello!");
+
+    const mapOnAlice = await loadCoValueOrFail(node3.node, map.id);
+
+    expect(mapOnAlice.get("test")).toEqual(undefined);
+  });
+
+  test("should work when the account has no access to the parent group and not owns the writeKey", async () => {
+    const {
+      node1: bobNode,
+      node2: johnNode,
+      node3: aliceNode,
+    } = await createThreeConnectedNodes("server", "server", "server");
+
+    const parentGroup = bobNode.node.createGroup();
+    const childGroup = johnNode.node.createGroup();
+
+    const parentGroupOnJohn = await loadCoValueOrFail(
+      johnNode.node,
+      parentGroup.id,
+    );
+
+    childGroup.extend(parentGroupOnJohn);
+
+    const bob = await loadCoValueOrFail(johnNode.node, bobNode.accountID);
+    const alice = await loadCoValueOrFail(johnNode.node, aliceNode.accountID);
+    childGroup.addMember(alice, "admin");
+
+    const childGroupOnAlice = await loadCoValueOrFail(
+      aliceNode.node,
+      childGroup.id,
+    );
+
+    // `childGroup` no longer has `parentGroup`'s members
+    await childGroupOnAlice.revokeExtend(parentGroup);
+    expect(childGroupOnAlice.roleOf(bob.id)).toBe(undefined);
+
+    const map = childGroupOnAlice.createMap();
+    map.set("test", "Hello!");
+
+    const mapOnBob = await loadCoValueOrFail(bobNode.node, map.id);
+
+    expect(mapOnBob.get("test")).toEqual(undefined);
+  });
+
   test("should do nothing if applied to a group that is not extended", async () => {
     const { node1, node2, node3 } = await createThreeConnectedNodes(
       "server",

package/src/tests/group.invite.test.ts

@@ -323,6 +323,10 @@ describe("Group invites", () => {
 
     expect(groupOnMemberNode.roleOf(member.accountID)).toEqual("reader");
 
+    await waitFor(() => {
+      expect(group.roleOf(member.accountID)).toEqual("reader");
+    });
+
     // Verify read access is restored
     const personOnMemberNode = await loadCoValueOrFail(member.node, person.id);
     expect(personOnMemberNode.get("name")).toEqual("John Doe");

package/src/tests/permissions.test.ts

@@ -1982,40 +1982,6 @@ test("Writers, readers and writeOnly can set child extensions", () => {
   expect(groupAsReader.get(`child_${childGroup.id}`)).toEqual("extend");
 });
 
-test("Invitees can not set child extensions", () => {
-  const { group, node } = newGroupHighLevel();
-  const childGroup = node.createGroup();
-
-  const adminInvite = createAccountInNode(node);
-  const writerInvite = createAccountInNode(node);
-  const readerInvite = createAccountInNode(node);
-
-  group.addMember(adminInvite, "adminInvite");
-  group.addMember(writerInvite, "writerInvite");
-  group.addMember(readerInvite, "readerInvite");
-
-  const groupAsAdminInvite = expectGroup(
-    group.core.contentInClonedNodeWithDifferentAccount(adminInvite),
-  );
-
-  groupAsAdminInvite.set(`child_${childGroup.id}`, "extend", "trusting");
-  expect(groupAsAdminInvite.get(`child_${childGroup.id}`)).toBeUndefined();
-
-  const groupAsWriterInvite = expectGroup(
-    group.core.contentInClonedNodeWithDifferentAccount(writerInvite),
-  );
-
-  groupAsWriterInvite.set(`child_${childGroup.id}`, "extend", "trusting");
-  expect(groupAsWriterInvite.get(`child_${childGroup.id}`)).toBeUndefined();
-
-  const groupAsReaderInvite = expectGroup(
-    group.core.contentInClonedNodeWithDifferentAccount(readerInvite),
-  );
-
-  groupAsReaderInvite.set(`child_${childGroup.id}`, "extend", "trusting");
-  expect(groupAsReaderInvite.get(`child_${childGroup.id}`)).toBeUndefined();
-});
-
 test("Member roles are inherited by child groups (except invites)", () => {
   const { group, node, admin } = newGroupHighLevel();
   const parentGroup = node.createGroup();

package/src/tests/sync.invite.test.ts

@@ -56,6 +56,10 @@ describe("invitations sync", () => {
         "invite-consumer -> server | KNOWN Group sessions: header/5",
         "server -> invite-consumer | CONTENT Map header: true new: After: 0 New: 1",
         "invite-consumer -> server | KNOWN Map sessions: header/1",
+        "invite-consumer -> server | CONTENT Group header: false new: After: 0 New: 2",
+        "server -> invite-consumer | KNOWN Group sessions: header/7",
+        "server -> invite-provider | CONTENT Group header: false new: After: 0 New: 2",
+        "invite-provider -> server | KNOWN Group sessions: header/7",
       ]
     `);
   });
@@ -104,6 +108,10 @@ describe("invitations sync", () => {
         "invite-consumer -> server | KNOWN Group sessions: header/7",
         "server -> invite-consumer | CONTENT Map header: true new: After: 0 New: 1",
         "invite-consumer -> server | KNOWN Map sessions: header/1",
+        "invite-consumer -> server | CONTENT Group header: false new: After: 0 New: 2",
+        "server -> invite-consumer | KNOWN Group sessions: header/9",
+        "server -> invite-provider | CONTENT Group header: false new: After: 0 New: 2",
+        "invite-provider -> server | KNOWN Group sessions: header/9",
       ]
     `);
   });
@@ -148,15 +156,15 @@ describe("invitations sync", () => {
         "invite-consumer -> server | LOAD ParentGroup sessions: empty",
         "server -> invite-consumer | CONTENT ParentGroup header: true new: After: 0 New: 6",
         "invite-consumer -> server | KNOWN ParentGroup sessions: header/6",
+        "invite-consumer -> server | CONTENT ParentGroup header: false new: After: 0 New: 2",
+        "server -> invite-consumer | KNOWN ParentGroup sessions: header/8",
+        "server -> invite-provider | CONTENT ParentGroup header: false new: After: 0 New: 2",
         "invite-consumer -> server | LOAD Map sessions: empty",
+        "invite-provider -> server | KNOWN ParentGroup sessions: header/8",
         "server -> invite-consumer | CONTENT Group header: true new: After: 0 New: 5",
         "invite-consumer -> server | KNOWN Group sessions: header/5",
         "server -> invite-consumer | CONTENT Map header: true new: After: 0 New: 1",
-        "invite-consumer -> server | CONTENT ParentGroup header: false new: After: 0 New: 2",
-        "server -> invite-consumer | KNOWN ParentGroup sessions: header/8",
-        "server -> invite-provider | CONTENT ParentGroup header: false new: After: 0 New: 2",
         "invite-consumer -> server | KNOWN Map sessions: header/1",
-        "invite-provider -> server | KNOWN ParentGroup sessions: header/8",
       ]
     `);
   });