fix(systemtags): sanity checks for bulk tagging action

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

2 files changed, 82 insertions, 3 deletions

diff --git a/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts b/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
new file mode 100644
index 00000000000..cd8b5465ac5
--- /dev/null
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.spec.ts
@@ -0,0 +1,74 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import { File, Folder, Permission, View, FileAction } from '@nextcloud/files'
+import { describe, expect, test } from 'vitest'
+import { action } from './bulkSystemTagsAction'
+
+const view = {
+	id: 'files',
+	name: 'Files',
+} as View
+
+describe('Manage tags action conditions tests', () => {
+	test('Default values', () => {
+		expect(action).toBeInstanceOf(FileAction)
+		expect(action.id).toBe('systemtags:bulk')
+		expect(action.displayName([], view)).toBe('Manage tags')
+		expect(action.iconSvgInline([], view)).toMatch(/<svg.+<\/svg>/)
+		expect(action.default).toBeUndefined()
+		expect(action.order).toBe(undefined)
+		expect(action.enabled).toBeDefined()
+	})
+})
+
+describe('Manage tags action enabled tests', () => {
+	test('Disabled without permissions', () => {
+		const file1 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.NONE,
+		})
+
+		const file2 = new File({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/files/admin/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.UPDATE,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file1, file2], view)).toBe(false)
+		expect(action.enabled!([file1], view)).toBe(false)
+		expect(action.enabled!([file2], view)).toBe(true)
+	})
+
+	test('Disabled for non-dav ressources', () => {
+		const file = new File({
+			id: 1,
+			source: 'https://domain.com/foobar.txt',
+			owner: 'admin',
+			mime: 'text/plain',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(false)
+	})
+
+	test('Enabled for files outside the user root folder', () => {
+		const file = new Folder({
+			id: 1,
+			source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878',
+			owner: 'admin',
+			permissions: Permission.ALL,
+		})
+
+		expect(action.enabled).toBeDefined()
+		expect(action.enabled!([file], view)).toBe(true)
+	})
+})
diff --git a/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts b/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
index 1bf323b5de7..3e5fdc41480 100644
--- a/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
+++ b/apps/systemtags/src/files_actions/bulkSystemTagsAction.ts
@@ -2,7 +2,7 @@
  * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
  * SPDX-License-Identifier: AGPL-3.0-or-later
  */
-import { type Node } from '@nextcloud/files'
+import { Permission, type Node } from '@nextcloud/files'
 
 import { defineAsyncComponent } from 'vue'
 import { FileAction } from '@nextcloud/files'
@@ -38,8 +38,13 @@ export const action = new FileAction({
 			return false
 		}
 
-		// If the user is not logged in, the action is not available
-		return true
+		// Disabled for non dav resources
+		if (nodes.some((node) => !node.isDavRessource)) {
+			return false
+		}
+
+		// We need to have the update permission on all nodes
+		return !nodes.some((node) => (node.permissions & Permission.UPDATE) === 0)
 	},
 
 	async exec(node: Node) {