diff --git a/server/component-xpub-review-backend/src/reviewBackend.js b/server/component-xpub-review-backend/src/reviewBackend.js
index 8b4110df00c3d7b5ced8616d1422ffc749f83ec9..1132bc19e477e44581e24425e75415f30cdfee8b 100644
--- a/server/component-xpub-review-backend/src/reviewBackend.js
+++ b/server/component-xpub-review-backend/src/reviewBackend.js
@@ -9,10 +9,10 @@ const { AuthorizationError } = require('@pubsweet/errors')
const authBearer = passport.authenticate('bearer', { session: false })
-const { User, Fragment, Team, Collection } = require('@pubsweet/models')
-
module.exports = app => {
app.patch('/api/make-invitation', authBearer, async (req, res, next) => {
+ const { User, Fragment, Team, Collection } = require('@pubsweet/models')
+
try {
const version = await Fragment.find(req.body.versionId)
const project = await Collection.find(req.body.projectId)
@@ -32,7 +32,6 @@ module.exports = app => {
}
const canViewVersion = await authsome.can(req.user, 'GET', version)
-
const canPatchVersion = await authsome.can(
req.user,
'PATCH',
@@ -41,11 +40,9 @@ module.exports = app => {
if (!canPatchVersion || !canViewVersion) throw new AuthorizationError()
let versionUpdateData = req.body.reviewers
-
if (canPatchVersion.filter) {
versionUpdateData = canPatchVersion.filter(versionUpdateData)
}
-
await version.updateProperties({ reviewers: versionUpdateData })
await version.save()
@@ -74,13 +71,11 @@ module.exports = app => {
}
const canViewProject = await authsome.can(req.user, 'GET', project)
-
const canPatchProject = await authsome.can(
req.user,
'PATCH',
currentAndUpdateProject,
)
-
if (!canPatchProject || !canViewProject) throw new AuthorizationError()
await Team.query().upsertGraphAndFetch(
@@ -108,6 +103,8 @@ module.exports = app => {
app.patch('/api/make-decision', authBearer, async (req, res, next) => {
try {
+ const { User, Fragment, Collection } = require('@pubsweet/models')
+
const version = await Fragment.find(req.body.versionId)
const project = await Collection.find(req.body.projectId)
const authors = await Promise.all(version.owners.map(id => User.find(id)))
@@ -121,7 +118,6 @@ module.exports = app => {
}
const canViewVersion = await authsome.can(req.user, 'GET', version)
-
const canPatchVersion = await authsome.can(
req.user,
'PATCH',
@@ -130,17 +126,14 @@ module.exports = app => {
if (!canPatchVersion || !canViewVersion) throw new AuthorizationError()
let versionUpdateData = { decision: req.body.decision }
-
if (canPatchVersion.filter) {
versionUpdateData = canPatchVersion.filter(versionUpdateData)
}
-
await version.updateProperties(versionUpdateData)
let nextVersionData
let projectUpdateData = {}
let message
-
switch (version.decision.recommendation) {
case 'accept':
projectUpdateData.status = 'accepted'
@@ -166,7 +159,6 @@ module.exports = app => {
'files',
'notes',
])
-
nextVersionData = {
fragmentType: 'version',
created: new Date(),
@@ -185,20 +177,16 @@ module.exports = app => {
let nextVersion
let canViewNextVersion
-
if (nextVersionData) {
const canCreateVersion = await authsome.can(req.user, 'POST', {
path: '/collections/:collectionId/fragments',
collection: project,
fragment: nextVersionData,
})
-
if (!canCreateVersion) throw new AuthorizationError()
-
if (canCreateVersion.filter) {
nextVersionData = canCreateVersion.filter(nextVersionData)
}
-
nextVersion = new Fragment(nextVersionData)
canViewNextVersion = await authsome.can(req.user, 'GET', nextVersion)
@@ -207,19 +195,15 @@ module.exports = app => {
currentAndUpdate = { current: project, update: req.body }
const canViewProject = await authsome.can(req.user, 'GET', project)
-
const canPatchProject = await authsome.can(
req.user,
'PATCH',
currentAndUpdate,
)
-
if (!canPatchProject || !canViewProject) throw new AuthorizationError()
-
if (canPatchProject.filter) {
projectUpdateData = canPatchProject.filter(projectUpdateData)
}
-
await project.updateProperties(projectUpdateData)
await Promise.all([