Merge pull request #1495 from hypothesis/patch-fix-split-null-bug

Prevent errors arising from applying private permissions to anonymous annotations

src/sidebar/services/permissions.js

@@ -79,7 +79,14 @@ function Permissions(localStorage) {
    * @return {Permissions}
    */
   this.default = function(userid, groupId) {
-    if (defaultLevel() === 'private') {
+    // FIXME: The `&& userid` guard was put in place to protect against
+    // https://github.com/hypothesis/client/issues/1221 for the short term
+    // It prevents the setting of permissions to a private level, which
+    // will throw Errors if no `userid` is available (i.e. the annotation was
+    // just created by an anonymous user). Translation: default permissions for
+    // a newly-created (but not saved-to-server) annotation created by a
+    // non-authenticated (anonymous) user will always be shared. For now.
+    if (defaultLevel() === 'private' && userid) {
       return self.private(userid);
     } else {
       return self.shared(userid, groupId);

src/sidebar/services/test/permissions-test.js

@@ -52,6 +52,17 @@ describe('permissions', function() {
       );
     });
 
+    it('returns shared permissions if the saved level is "private" but no `userid`', function() {
+      // FIXME: This test is necessary for the patch fix to prevent the "split-null" bug
+      // https://github.com/hypothesis/client/issues/1221 but should be removed when the
+      // code is refactored.
+      fakeLocalStorage.getItem.returns('private');
+      assert.deepEqual(
+        permissions.default(undefined, 'gid'),
+        permissions.shared(undefined, 'gid')
+      );
+    });
+
     it('returns shared permissions if the saved level is "shared"', function() {
       fakeLocalStorage.getItem.returns('shared');
       assert.deepEqual(