Merge branch 'authsome_helper' into 'master'

feat: expand access to custom models in authsome See merge request pubsweet/pubsweet!446

Merge branch 'authsome_helper' into 'master'
feat: expand access to custom models in authsome See merge request pubsweet/pubsweet!446
abe23d86 · Jure · 2632fa8f · 8017fca9 · abe23d86 · abe23d86
Commit abe23d86 authored 6 years ago by Jure
--- a/packages/base-model/test/helpers/authsome_mode.js
+++ b/packages/base-model/test/helpers/authsome_mode.js
@@ -9,7 +9,11 @@ module.exports = async (userId, operation, object, context) => {
  }

  if (operation === 'publishManuscript') {
-    const isAuthor = object.current.owners.includes(user.id)
+    // Try to fetch the current Manuscript using the context
+    // to verify that you can, in fact, do it.
+    const manuscript = await context.models.Manuscript.find(object.current.id)
+    const isAuthor = manuscript.owners.includes(user.id)
+
    if (isAuthor && user.admin) {
      return true
    } else if (isAuthor) {

--- a/packages/server/src/helpers/authsome.js
+++ b/packages/server/src/helpers/authsome.js
@@ -5,26 +5,27 @@ const mode = require(config.get('authsome.mode'))

 const models = require('../models')

-const authsome = new Authsome(
-  { ...config.authsome, mode },
-  {
-    // restrict methods passed to mode since these have to be shimmed on client
-    // any changes here should be reflected in the `withAuthsome` component of `pubsweet-client`
-    models: {
-      Collection: {
-        find: id => models.Collection.find(id),
-      },
-      Fragment: {
-        find: id => models.Fragment.find(id),
-      },
-      User: {
-        find: id => models.User.find(id),
-      },
-      Team: {
-        find: id => models.Team.find(id),
-      },
-    },
-  },
-)
+// be lenient with custom/extended data models based on BaseModel
+// and allow them through to authsome in their entirety. If you use this
+// you are responsible for providing a similar interface in the client
+// as well - if you want your authsome modes to be usable on both platforms.
+const context = { models: Object.assign({}, models) }
+
+// more restrictive with core models, restrict methods passed to mode since
+// these have to be shimmed in the client (withAuthsome, AuthorizeWithGraphQL)
+context.models.Collection = {
+  find: models.Collection.find.bind(models.Collection),
+}
+context.models.Fragment = {
+  find: models.Fragment.find.bind(models.Fragment),
+}
+context.models.User = {
+  find: models.User.find.bind(models.User),
+}
+context.models.Team = {
+  find: models.Team.find.bind(models.Team),
+}
+
+const authsome = new Authsome({ ...config.authsome, mode }, context)

 module.exports = authsome
--- a/packages/server/src/models/index.js
+++ b/packages/server/src/models/index.js
+const config = require('config')
+
+// core models
 const models = {
  Collection: './Collection',
  Fragment: './Fragment',
@@ -8,3 +11,16 @@ const models = {
 Object.keys(models).forEach((key, _) => {
  module.exports[key] = require(models[key])
 })
+
+const requireRelative = m =>
+  require(require.resolve(m, { paths: [process.cwd()] }))
+
+// custom data models
+if (config.has('pubsweet.components')) {
+  config.get('pubsweet.components').forEach(componentName => {
+    const component = requireRelative(componentName)
+    if (component.modelName) {
+      module.exports[component.modelName] = component.model
+    }
+  })
+}