Public links for spaces and folders

apps/web/__tests__/unit/public-collections-policy.test.ts

@@ -0,0 +1,128 @@
+import { describe, expect, it } from "vitest";
+import {
+	getPublicCollectionHref,
+	parsePublicCollectionPage,
+	resolvePublicCollectionAccess,
+	resolvePublicCollectionCandidate,
+} from "@/lib/public-collections-policy";
+
+describe("public collections policy", () => {
+	it("parses invalid collection pages as the first page", () => {
+		expect(parsePublicCollectionPage(undefined)).toBe(1);
+		expect(parsePublicCollectionPage("0")).toBe(1);
+		expect(parsePublicCollectionPage("-2")).toBe(1);
+		expect(parsePublicCollectionPage("1.5")).toBe(1);
+		expect(parsePublicCollectionPage(["3", "4"])).toBe(3);
+	});
+
+	it("builds canonical collection page hrefs", () => {
+		expect(getPublicCollectionHref("abc123", 1)).toBe("/c/abc123");
+		expect(getPublicCollectionHref("abc123", 2)).toBe("/c/abc123?page=2");
+	});
+
+	it("resolves public folder before public space on id collisions", () => {
+		const folder = {
+			kind: "folder" as const,
+			public: true,
+			organizationTombstoneAt: null,
+			name: "Folder",
+		};
+		const space = {
+			kind: "space" as const,
+			public: true,
+			organizationTombstoneAt: null,
+			name: "Space",
+		};
+
+		expect(resolvePublicCollectionCandidate(folder, space)).toBe(folder);
+	});
+
+	it("falls through private or tombstoned folders to public spaces", () => {
+		const privateFolder = {
+			kind: "folder" as const,
+			public: false,
+			organizationTombstoneAt: null,
+		};
+		const tombstonedFolder = {
+			kind: "folder" as const,
+			public: true,
+			organizationTombstoneAt: new Date("2026-01-01T00:00:00.000Z"),
+		};
+		const space = {
+			kind: "space" as const,
+			public: true,
+			organizationTombstoneAt: null,
+		};
+
+		expect(resolvePublicCollectionCandidate(privateFolder, space)).toBe(space);
+		expect(resolvePublicCollectionCandidate(tombstonedFolder, space)).toBe(
+			space,
+		);
+	});
+
+	it("blocks tombstoned spaces", () => {
+		const space = {
+			kind: "space" as const,
+			public: true,
+			organizationTombstoneAt: new Date("2026-01-01T00:00:00.000Z"),
+		};
+
+		expect(resolvePublicCollectionCandidate(null, space)).toBeNull();
+	});
+
+	it("applies email restrictions before password checks", () => {
+		expect(
+			resolvePublicCollectionAccess({
+				allowedEmailDomain: "company.com",
+				viewerEmail: null,
+				passwordHash: "hash",
+				verifiedPasswordHashes: [],
+			}),
+		).toEqual({ state: "email_restriction_login_required" });
+
+		expect(
+			resolvePublicCollectionAccess({
+				allowedEmailDomain: "company.com",
+				viewerEmail: "person@example.com",
+				passwordHash: "hash",
+				verifiedPasswordHashes: [],
+			}),
+		).toEqual({ state: "email_restriction_denied" });
+	});
+
+	it("requires the collection password when present", () => {
+		expect(
+			resolvePublicCollectionAccess({
+				viewerEmail: "person@company.com",
+				passwordHash: "space-hash",
+				verifiedPasswordHashes: [],
+			}),
+		).toEqual({ state: "password_required" });
+
+		expect(
+			resolvePublicCollectionAccess({
+				viewerEmail: "person@company.com",
+				passwordHash: "space-hash",
+				verifiedPasswordHashes: ["space-hash"],
+			}),
+		).toEqual({ state: "allowed" });
+	});
+
+	it("matches the collection password against any verified hash", () => {
+		expect(
+			resolvePublicCollectionAccess({
+				viewerEmail: "person@company.com",
+				passwordHash: "space-hash",
+				verifiedPasswordHashes: ["video-hash", "space-hash"],
+			}),
+		).toEqual({ state: "allowed" });
+
+		expect(
+			resolvePublicCollectionAccess({
+				viewerEmail: "person@company.com",
+				passwordHash: "space-hash",
+				verifiedPasswordHashes: ["video-hash"],
+			}),
+		).toEqual({ state: "password_required" });
+	});
+});

apps/web/__tests__/unit/public-page-settings.test.ts

@@ -0,0 +1,64 @@
+import { PublicCollection } from "@cap/web-domain";
+import { Either, Schema } from "effect";
+import { describe, expect, it } from "vitest";
+
+const decode = Schema.decodeUnknownEither(
+	PublicCollection.PublicPageSettingsUpdate,
+);
+
+describe("PublicPageSettingsUpdate", () => {
+	it("accepts a valid partial patch", () => {
+		const result = decode({ title: "Launch videos", gridColumns: 3 });
+		expect(Either.isRight(result)).toBe(true);
+	});
+
+	it("strips logoUrl — only the upload action may write it", () => {
+		const result = decode({
+			logoUrl: "organizations/other-org/logo.svg",
+			title: "t",
+		});
+		expect(Either.isRight(result)).toBe(true);
+		if (Either.isRight(result)) {
+			expect("logoUrl" in result.right).toBe(false);
+		}
+	});
+
+	it("rejects oversized text fields", () => {
+		const over = (length: number) => "x".repeat(length + 1);
+		expect(
+			Either.isLeft(
+				decode({
+					title: over(PublicCollection.PUBLIC_PAGE_TITLE_MAX_LENGTH),
+				}),
+			),
+		).toBe(true);
+		expect(
+			Either.isLeft(
+				decode({
+					subtitle: over(PublicCollection.PUBLIC_PAGE_SUBTITLE_MAX_LENGTH),
+				}),
+			),
+		).toBe(true);
+		expect(
+			Either.isLeft(
+				decode({
+					ctaLabel: over(PublicCollection.PUBLIC_PAGE_CTA_LABEL_MAX_LENGTH),
+				}),
+			),
+		).toBe(true);
+		expect(
+			Either.isLeft(
+				decode({
+					ctaUrl: over(PublicCollection.PUBLIC_PAGE_CTA_URL_MAX_LENGTH),
+				}),
+			),
+		).toBe(true);
+	});
+
+	it("rejects values outside the literal unions", () => {
+		expect(Either.isLeft(decode({ gridColumns: 7 }))).toBe(true);
+		expect(Either.isLeft(decode({ layout: "carousel" }))).toBe(true);
+		expect(Either.isLeft(decode({ logoMode: "remote" }))).toBe(true);
+		expect(Either.isLeft(decode({ hideTitle: "yes" }))).toBe(true);
+	});
+});

apps/web/__tests__/unit/videos-policy.test.ts

@@ -85,7 +85,7 @@ function makeDeps(config: {
 function runCanView(
 	deps: VideosPolicyDeps,
 	user: Option.Option<CurrentUser["Type"]>,
-	attachedPassword: Option.Option<string> = Option.none(),
+	attachedPasswords: ReadonlyArray<string> = [],
 ): Promise<"allowed" | "denied" | "password"> {
 	const policy = buildCanView(deps, TEST_VIDEO_ID);
 
@@ -99,13 +99,12 @@ function runCanView(
 		),
 	);
 
-	const withPassword = Option.match(attachedPassword, {
-		onNone: () => program,
-		onSome: (password) =>
-			Effect.provideService(program, Video.VideoPasswordAttachment, {
-				password: Option.some(password),
-			}),
-	});
+	const withPassword =
+		attachedPasswords.length === 0
+			? program
+			: Effect.provideService(program, Video.VideoPasswordAttachment, {
+					passwords: attachedPasswords,
+				});
 
 	const withUser = user.pipe(
 		Option.match({
@@ -272,9 +271,9 @@ describe("VideosPolicy.canView", () => {
 				spacePasswords: ["space-one-hash", "space-two-hash"],
 			});
 
-			expect(
-				await runCanView(deps, noUser, Option.some("space-two-hash")),
-			).toBe("allowed");
+			expect(await runCanView(deps, noUser, ["space-two-hash"])).toBe(
+				"allowed",
+			);
 		});
 
 		it("allows access with either video or space password hash", async () => {
@@ -284,11 +283,29 @@ describe("VideosPolicy.canView", () => {
 				spacePasswords: ["space-hash"],
 			});
 
-			expect(await runCanView(deps, noUser, Option.some("video-hash"))).toBe(
-				"allowed",
-			);
-			expect(await runCanView(deps, noUser, Option.some("space-hash"))).toBe(
-				"allowed",
+			expect(await runCanView(deps, noUser, ["video-hash"])).toBe("allowed");
+			expect(await runCanView(deps, noUser, ["space-hash"])).toBe("allowed");
+		});
+
+		it("allows access when the matching hash sits alongside other verified hashes", async () => {
+			const deps = makeDeps({
+				video: makeVideo({ public: true }),
+				password: Option.some("video-hash"),
+			});
+
+			expect(
+				await runCanView(deps, noUser, ["collection-hash", "video-hash"]),
+			).toBe("allowed");
+		});
+
+		it("requires a password when no verified hash matches", async () => {
+			const deps = makeDeps({
+				video: makeVideo({ public: true }),
+				password: Option.some("video-hash"),
+			});
+
+			expect(await runCanView(deps, noUser, ["collection-hash"])).toBe(
+				"password",
 			);
 		});
 	});