Skip to content
Snippets Groups Projects
Commit c5fb49ee authored by Andy Nicholson's avatar Andy Nicholson
Browse files

revert

parent 36c24dc0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
server/component-xpub-review-backend/src/reviewBackend.js
+ 4
20
View file @ c5fb49ee
...@@ -9,10 +9,10 @@ const { AuthorizationError } = require('@pubsweet/errors') ...@@ -9,10 +9,10 @@ const { AuthorizationError } = require('@pubsweet/errors')
const authBearer = passport.authenticate('bearer', { session: false }) const authBearer = passport.authenticate('bearer', { session: false })
const { User, Fragment, Team, Collection } = require('@pubsweet/models')
module.exports = app => { module.exports = app => {
app.patch('/api/make-invitation', authBearer, async (req, res, next) => { app.patch('/api/make-invitation', authBearer, async (req, res, next) => {
const { User, Fragment, Team, Collection } = require('@pubsweet/models')
try { try {
const version = await Fragment.find(req.body.versionId) const version = await Fragment.find(req.body.versionId)
const project = await Collection.find(req.body.projectId) const project = await Collection.find(req.body.projectId)
...@@ -32,7 +32,6 @@ module.exports = app => { ...@@ -32,7 +32,6 @@ module.exports = app => {
} }
const canViewVersion = await authsome.can(req.user, 'GET', version) const canViewVersion = await authsome.can(req.user, 'GET', version)
const canPatchVersion = await authsome.can( const canPatchVersion = await authsome.can(
req.user, req.user,
'PATCH', 'PATCH',
...@@ -41,11 +40,9 @@ module.exports = app => { ...@@ -41,11 +40,9 @@ module.exports = app => {
if (!canPatchVersion || !canViewVersion) throw new AuthorizationError() if (!canPatchVersion || !canViewVersion) throw new AuthorizationError()
let versionUpdateData = req.body.reviewers let versionUpdateData = req.body.reviewers
if (canPatchVersion.filter) { if (canPatchVersion.filter) {
versionUpdateData = canPatchVersion.filter(versionUpdateData) versionUpdateData = canPatchVersion.filter(versionUpdateData)
} }
await version.updateProperties({ reviewers: versionUpdateData }) await version.updateProperties({ reviewers: versionUpdateData })
await version.save() await version.save()
...@@ -74,13 +71,11 @@ module.exports = app => { ...@@ -74,13 +71,11 @@ module.exports = app => {
} }
const canViewProject = await authsome.can(req.user, 'GET', project) const canViewProject = await authsome.can(req.user, 'GET', project)
const canPatchProject = await authsome.can( const canPatchProject = await authsome.can(
req.user, req.user,
'PATCH', 'PATCH',
currentAndUpdateProject, currentAndUpdateProject,
) )
if (!canPatchProject || !canViewProject) throw new AuthorizationError() if (!canPatchProject || !canViewProject) throw new AuthorizationError()
await Team.query().upsertGraphAndFetch( await Team.query().upsertGraphAndFetch(
...@@ -108,6 +103,8 @@ module.exports = app => { ...@@ -108,6 +103,8 @@ module.exports = app => {
app.patch('/api/make-decision', authBearer, async (req, res, next) => { app.patch('/api/make-decision', authBearer, async (req, res, next) => {
try { try {
const { User, Fragment, Collection } = require('@pubsweet/models')
const version = await Fragment.find(req.body.versionId) const version = await Fragment.find(req.body.versionId)
const project = await Collection.find(req.body.projectId) const project = await Collection.find(req.body.projectId)
const authors = await Promise.all(version.owners.map(id => User.find(id))) const authors = await Promise.all(version.owners.map(id => User.find(id)))
...@@ -121,7 +118,6 @@ module.exports = app => { ...@@ -121,7 +118,6 @@ module.exports = app => {
} }
const canViewVersion = await authsome.can(req.user, 'GET', version) const canViewVersion = await authsome.can(req.user, 'GET', version)
const canPatchVersion = await authsome.can( const canPatchVersion = await authsome.can(
req.user, req.user,
'PATCH', 'PATCH',
...@@ -130,17 +126,14 @@ module.exports = app => { ...@@ -130,17 +126,14 @@ module.exports = app => {
if (!canPatchVersion || !canViewVersion) throw new AuthorizationError() if (!canPatchVersion || !canViewVersion) throw new AuthorizationError()
let versionUpdateData = { decision: req.body.decision } let versionUpdateData = { decision: req.body.decision }
if (canPatchVersion.filter) { if (canPatchVersion.filter) {
versionUpdateData = canPatchVersion.filter(versionUpdateData) versionUpdateData = canPatchVersion.filter(versionUpdateData)
} }
await version.updateProperties(versionUpdateData) await version.updateProperties(versionUpdateData)
let nextVersionData let nextVersionData
let projectUpdateData = {} let projectUpdateData = {}
let message let message
switch (version.decision.recommendation) { switch (version.decision.recommendation) {
case 'accept': case 'accept':
projectUpdateData.status = 'accepted' projectUpdateData.status = 'accepted'
...@@ -166,7 +159,6 @@ module.exports = app => { ...@@ -166,7 +159,6 @@ module.exports = app => {
'files', 'files',
'notes', 'notes',
]) ])
nextVersionData = { nextVersionData = {
fragmentType: 'version', fragmentType: 'version',
created: new Date(), created: new Date(),
...@@ -185,20 +177,16 @@ module.exports = app => { ...@@ -185,20 +177,16 @@ module.exports = app => {
let nextVersion let nextVersion
let canViewNextVersion let canViewNextVersion
if (nextVersionData) { if (nextVersionData) {
const canCreateVersion = await authsome.can(req.user, 'POST', { const canCreateVersion = await authsome.can(req.user, 'POST', {
path: '/collections/:collectionId/fragments', path: '/collections/:collectionId/fragments',
collection: project, collection: project,
fragment: nextVersionData, fragment: nextVersionData,
}) })
if (!canCreateVersion) throw new AuthorizationError() if (!canCreateVersion) throw new AuthorizationError()
if (canCreateVersion.filter) { if (canCreateVersion.filter) {
nextVersionData = canCreateVersion.filter(nextVersionData) nextVersionData = canCreateVersion.filter(nextVersionData)
} }
nextVersion = new Fragment(nextVersionData) nextVersion = new Fragment(nextVersionData)
canViewNextVersion = await authsome.can(req.user, 'GET', nextVersion) canViewNextVersion = await authsome.can(req.user, 'GET', nextVersion)
...@@ -207,19 +195,15 @@ module.exports = app => { ...@@ -207,19 +195,15 @@ module.exports = app => {
currentAndUpdate = { current: project, update: req.body } currentAndUpdate = { current: project, update: req.body }
const canViewProject = await authsome.can(req.user, 'GET', project) const canViewProject = await authsome.can(req.user, 'GET', project)
const canPatchProject = await authsome.can( const canPatchProject = await authsome.can(
req.user, req.user,
'PATCH', 'PATCH',
currentAndUpdate, currentAndUpdate,
) )
if (!canPatchProject || !canViewProject) throw new AuthorizationError() if (!canPatchProject || !canViewProject) throw new AuthorizationError()
if (canPatchProject.filter) { if (canPatchProject.filter) {
projectUpdateData = canPatchProject.filter(projectUpdateData) projectUpdateData = canPatchProject.filter(projectUpdateData)
} }
await project.updateProperties(projectUpdateData) await project.updateProperties(projectUpdateData)
await Promise.all([ await Promise.all([
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment