Disable policy check for now

src/Gargantext/API/Auth/PolicyCheck.hs

@@ -147,9 +147,11 @@ nodeSuper = BConst . Positive . AC_master_user
 nodeDescendant :: NodeId -> BoolExpr AccessCheck
 nodeDescendant = BConst . Positive . AC_node_descendant
 
+-- FIXME(adinapoli) Checks temporarily disabled.
 nodeChecks :: NodeId -> BoolExpr AccessCheck
-nodeChecks nid =
-  nodeUser nid `BOr` nodeSuper nid `BOr` nodeDescendant nid
+nodeChecks _nid = alwaysAllow
+  where
+    _disabled = nodeUser _nid `BOr` nodeSuper _nid `BOr` nodeDescendant _nid
 
 alwaysAllow :: BoolExpr AccessCheck
 alwaysAllow = BConst . Positive $ AC_always_allow

test/Test/API/Private.hs

@@ -116,8 +116,8 @@ tests = sequential $ aroundAll withTestDBAndPort $ do
       it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do
         withApplication app $ do
           withValidLogin port "alice" (GargPassword "alice") $ \token -> do
-            protected token "GET" (mkUrl port "/node/1") ""
-              `shouldRespondWith` 403
+            let _unused = protected token "GET" (mkUrl port "/node/1") "" `shouldRespondWith` 403
+                in liftIO $ pendingWith "POLICY CHECK DISABLED FOR NOW (ISSUE #279)"
 
     describe "GET /api/v1.0/tree" $ do
       it "unauthorised users shouldn't see anything" $ \((_testEnv, port), app) -> do
@@ -133,5 +133,5 @@ tests = sequential $ aroundAll withTestDBAndPort $ do
       it "forbids 'alice' to see others node private info" $ \((_testEnv, port), app) -> do
         withApplication app $ do
           withValidLogin port "alice" (GargPassword "alice") $ \token -> do
-            protected token "GET" (mkUrl port "/tree/1") ""
-              `shouldRespondWith` 403
+            let _unused = protected token "GET" (mkUrl port "/tree/1") "" `shouldRespondWith` 403
+                in liftIO $ pendingWith "POLICY CHECK DISABLED FOR NOW (ISSUE #279)"