diff --git a/packages/base-model/test/helpers/authsome_mode.js b/packages/base-model/test/helpers/authsome_mode.js
index 55463f79042dc1de5896553925cd978765c2de9b..41e569116a455ce313a948e752fb66a44968f49e 100644
--- a/packages/base-model/test/helpers/authsome_mode.js
+++ b/packages/base-model/test/helpers/authsome_mode.js
@@ -9,7 +9,11 @@ module.exports = async (userId, operation, object, context) => {
}
if (operation === 'publishManuscript') {
- const isAuthor = object.current.owners.includes(user.id)
+ // Try to fetch the current Manuscript using the context
+ // to verify that you can, in fact, do it.
+ const manuscript = await context.models.Manuscript.find(object.current.id)
+ const isAuthor = manuscript.owners.includes(user.id)
+
if (isAuthor && user.admin) {
return true
} else if (isAuthor) {
diff --git a/packages/server/src/helpers/authsome.js b/packages/server/src/helpers/authsome.js
index 56aca8849b5e81660e0943a9bb93b3509fd44f08..5807d2fd37098eda1d660a165c3398e07490eff8 100644
--- a/packages/server/src/helpers/authsome.js
+++ b/packages/server/src/helpers/authsome.js
@@ -5,26 +5,27 @@ const mode = require(config.get('authsome.mode'))
const models = require('../models')
-const authsome = new Authsome(
- { ...config.authsome, mode },
- {
- // restrict methods passed to mode since these have to be shimmed on client
- // any changes here should be reflected in the `withAuthsome` component of `pubsweet-client`
- models: {
- Collection: {
- find: id => models.Collection.find(id),
- },
- Fragment: {
- find: id => models.Fragment.find(id),
- },
- User: {
- find: id => models.User.find(id),
- },
- Team: {
- find: id => models.Team.find(id),
- },
- },
- },
-)
+// be lenient with custom/extended data models based on BaseModel
+// and allow them through to authsome in their entirety. If you use this
+// you are responsible for providing a similar interface in the client
+// as well - if you want your authsome modes to be usable on both platforms.
+const context = { models: Object.assign({}, models) }
+
+// more restrictive with core models, restrict methods passed to mode since
+// these have to be shimmed in the client (withAuthsome, AuthorizeWithGraphQL)
+context.models.Collection = {
+ find: models.Collection.find.bind(models.Collection),
+}
+context.models.Fragment = {
+ find: models.Fragment.find.bind(models.Fragment),
+}
+context.models.User = {
+ find: models.User.find.bind(models.User),
+}
+context.models.Team = {
+ find: models.Team.find.bind(models.Team),
+}
+
+const authsome = new Authsome({ ...config.authsome, mode }, context)
module.exports = authsome
diff --git a/packages/server/src/models/index.js b/packages/server/src/models/index.js
index 1267f44adabcb37e7843c8b448b1a18aae75d453..f732194641da7d26519757a34d1b0b7bb5e96503 100644
--- a/packages/server/src/models/index.js
+++ b/packages/server/src/models/index.js
@@ -1,3 +1,6 @@
+const config = require('config')
+
+// core models
const models = {
Collection: './Collection',
Fragment: './Fragment',
@@ -8,3 +11,16 @@ const models = {
Object.keys(models).forEach((key, _) => {
module.exports[key] = require(models[key])
})
+
+const requireRelative = m =>
+ require(require.resolve(m, { paths: [process.cwd()] }))
+
+// custom data models
+if (config.has('pubsweet.components')) {
+ config.get('pubsweet.components').forEach(componentName => {
+ const component = requireRelative(componentName)
+ if (component.modelName) {
+ module.exports[component.modelName] = component.model
+ }
+ })
+}