feat(manuscript-details): update authsome by filtering authors coll, fragment data

packages/component-fixture-manager/src/fixtures/fragments.js

@@ -86,6 +86,7 @@ const fragments = {
     ],
     authors: [
       {
+        email: chance.email(),
         id: submittingAuthor.id,
         isSubmitting: true,
         isCorresponding: false,
@@ -124,6 +125,7 @@ const fragments = {
     },
     authors: [
       {
+        email: chance.email(),
         id: submittingAuthor.id,
         isSubmitting: true,
         isCorresponding: false,
@@ -162,6 +164,7 @@ const fragments = {
     },
     authors: [
       {
+        email: chance.email(),
         id: submittingAuthor.id,
         isSubmitting: true,
         isCorresponding: false,

packages/xpub-faraday/config/authsome-helpers.js

@@ -4,7 +4,9 @@ const config = require('config')
 
 const statuses = config.get('statuses')
 
+const keysToOmit = ['email', 'id']
 const publicStatusesPermissions = ['author', 'reviewer']
+const authorAllowedStatuses = ['revisionRequested', 'rejected', 'accepted']
 
 const parseAuthorsData = (coll, matchingCollPerm) => {
   if (['reviewer'].includes(matchingCollPerm.permission)) {
@@ -124,6 +126,55 @@ const hasFragmentInDraft = async ({ object, Fragment }) => {
   return isInDraft(fragment)
 }
 
+const filterAuthorRecommendationData = recommendation => {
+  const { comments } = recommendation
+  return {
+    ...recommendation,
+    comments: comments ? comments.filter(c => c.public) : [],
+  }
+}
+
+const stripeCollectionByRole = (coll = {}, role = '') => {
+  if (role === 'author') {
+    const { handlingEditor } = coll
+
+    if (!authorAllowedStatuses.includes(coll.status)) {
+      coll = {
+        ...coll,
+        handlingEditor: handlingEditor && {
+          ...omit(handlingEditor, keysToOmit),
+          name: 'Assigned',
+        },
+      }
+    }
+  }
+  return coll
+}
+
+const stripeFragmentByRole = (fragment = {}, role = '', user = {}) => {
+  const { recommendations, files, authors } = fragment
+  switch (role) {
+    case 'author':
+      return {
+        ...fragment,
+        recommendations: recommendations
+          ? recommendations.map(filterAuthorRecommendationData)
+          : [],
+      }
+    case 'reviewer':
+      return {
+        ...fragment,
+        files: omit(files, ['coverLetter']),
+        authors: authors.map(a => omit(a, ['email'])),
+        recommendations: recommendations
+          ? recommendations.filter(r => r.userId === user.id)
+          : [],
+      }
+    default:
+      return fragment
+  }
+}
+
 module.exports = {
   filterObjectData,
   parseAuthorsData,
@@ -137,4 +188,6 @@ module.exports = {
   hasPermissionForObject,
   isInDraft,
   hasFragmentInDraft,
+  stripeCollectionByRole,
+  stripeFragmentByRole,
 }

packages/xpub-faraday/config/authsome-mode.js

 const config = require('config')
-const { get, pickBy, omit } = require('lodash')
+const { get, pickBy } = require('lodash')
 
 const statuses = config.get('statuses')
 const helpers = require('./authsome-helpers')
@@ -103,9 +103,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
               collection.fragments.includes(p.objectId),
           )
           const visibleStatus = get(statuses, `${status}.${role}.label`)
+          const parsedCollection = helpers.stripeCollectionByRole(
+            collection,
+            role,
+          )
 
           return {
-            ...collection,
+            ...parsedCollection,
             visibleStatus,
           }
         },
@@ -113,11 +117,7 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
     }
 
     if (get(object, 'type') === 'fragment') {
-      if (helpers.isOwner({ user, object })) {
-        return true
-      }
-
-      if (helpers.isInDraft(object)) {
+      if (helpers.isInDraft(object) && !helpers.isOwner({ user, object })) {
         return false
       }
 
@@ -133,17 +133,8 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
       if (!permission) return false
 
       return {
-        filter: fragment => {
-          // handle other roles
-          if (permission.role === 'reviewer') {
-            fragment.files = omit(fragment.files, ['coverLetter'])
-            fragment.authors = fragment.authors.map(a => omit(a, ['email']))
-            fragment.recommendations = fragment.recommendations
-              ? fragment.recommendations.filter(r => r.userId === user.id)
-              : []
-          }
-          return fragment
-        },
+        filter: fragment =>
+          helpers.stripeFragmentByRole(fragment, permission.role, user),
       }
     }
 
@@ -167,7 +158,7 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
   }
 
   if (operation === 'POST') {
-    // allow everytone to create manuscripts and versions
+    // allow everyone to create manuscripts and versions
     if (createPaths.includes(object.path)) {
       return true
     }

packages/xpub-faraday/config/test.js

+const defaultConfig = require('xpub-faraday/config/default')
+
+module.exports = defaultConfig

packages/xpub-faraday/package.json

@@ -63,6 +63,7 @@
     "file-loader": "^1.1.5",
     "html-webpack-plugin": "^2.24.0",
     "joi-browser": "^10.0.6",
+    "jest": "^22.1.1",
     "react-hot-loader": "^3.1.1",
     "string-replace-loader": "^1.3.0",
     "style-loader": "^0.19.0",
@@ -71,6 +72,10 @@
     "webpack-dev-middleware": "^1.12.0",
     "webpack-hot-middleware": "^2.20.0"
   },
+  "jest": {
+    "verbose": true,
+    "testRegex": "/tests/.*.test.js$"
+  },
   "scripts": {
     "setupdb": "pubsweet setupdb ./",
     "start": "pubsweet start",
@@ -79,6 +84,8 @@
     "start-now":
       "echo $secret > config/local-development.json && npm run server",
     "build": "NODE_ENV=production pubsweet build",
-    "clean": "rm -rf node_modules"
+    "clean": "rm -rf node_modules",
+    "debug": "pgrep -f startup/start.js | xargs kill -sigusr1",
+    "test": "jest"
   }
 }

packages/xpub-faraday/tests/authsome-helpers.test.js

+const { cloneDeep, get } = require('lodash')
+const fixturesService = require('pubsweet-component-fixture-service')
+const ah = require('../config/authsome-helpers')
+
+describe('Authsome Helpers', () => {
+  let testFixtures = {}
+  beforeEach(() => {
+    testFixtures = cloneDeep(fixturesService.fixtures)
+  })
+  it('stripeCollection - should return collection', () => {
+    const { collection } = testFixtures.collections
+    const result = ah.stripeCollectionByRole(collection)
+    expect(result).toBeTruthy()
+  })
+  it('stripeFragment - should return fragment', () => {
+    const { fragment } = testFixtures.fragments
+    const result = ah.stripeFragmentByRole(fragment)
+    expect(result).toBeTruthy()
+  })
+
+  it('stripeCollection - author should not see HE name before recommendation made', () => {
+    const { collection } = testFixtures.collections
+    collection.status = 'underReview'
+
+    const result = ah.stripeCollectionByRole(collection, 'author')
+    const { handlingEditor = {} } = result
+
+    expect(handlingEditor.email).toBeFalsy()
+    expect(handlingEditor.name).toEqual('Assigned')
+  })
+
+  it('stripeCollection - author should see HE name after recommendation made', () => {
+    const { collection } = testFixtures.collections
+    collection.status = 'revisionRequested'
+
+    const result = ah.stripeCollectionByRole(collection, 'author')
+    const { handlingEditor = {} } = result
+
+    expect(handlingEditor.name).not.toEqual('Assigned')
+  })
+
+  it('stripeCollection - other user than author should see HE name before recommendation made', () => {
+    const { collection } = testFixtures.collections
+    collection.status = 'underReview'
+
+    const result = ah.stripeCollectionByRole(collection, 'admin')
+    const { handlingEditor = {} } = result
+
+    expect(handlingEditor.name).not.toEqual('Assigned')
+  })
+
+  it('stripeCollection - other user than author should see HE name after recommendation made', () => {
+    const { collection } = testFixtures.collections
+    collection.status = 'revisionRequested'
+
+    const result = ah.stripeCollectionByRole(collection, 'admin')
+    const { handlingEditor = {} } = result
+
+    expect(handlingEditor.name).not.toEqual('Assigned')
+  })
+
+  it('stripeCollection - returns if collection does not have HE', () => {
+    const { collection } = testFixtures.collections
+    delete collection.handlingEditor
+
+    const result = ah.stripeCollectionByRole(collection, 'admin')
+    expect(result.handlingEditor).toBeFalsy()
+  })
+
+  it('stripeFragment - reviewer should not see authors email', () => {
+    const { fragment } = testFixtures.fragments
+    const result = ah.stripeFragmentByRole(fragment, 'reviewer')
+    const { authors = [] } = result
+    expect(authors[0].email).toBeFalsy()
+  })
+  it('stripeFragment - other roles than reviewer should see authors emails', () => {
+    const { fragment } = testFixtures.fragments
+    const result = ah.stripeFragmentByRole(fragment, 'author')
+    const { authors = [] } = result
+
+    expect(authors[0].email).toBeTruthy()
+  })
+
+  it('stripeFragment - reviewer should not see cover letter', () => {
+    const { fragment } = testFixtures.fragments
+    const result = ah.stripeFragmentByRole(fragment, 'reviewer')
+    const { files = {} } = result
+    expect(files.coverLetter).toBeFalsy()
+  })
+  it('stripeFragment - reviewer should not see others reviews', () => {
+    const { fragment } = testFixtures.fragments
+    const result = ah.stripeFragmentByRole(fragment, 'reviewer')
+    const { recommendations } = result
+    expect(recommendations).toEqual([])
+  })
+
+  it('stripeFragment - author should not see private recommendations comments', () => {
+    const { fragment } = testFixtures.fragments
+    fragment.recommendations = [
+      {
+        comments: [
+          {
+            content: 'private',
+            public: false,
+          },
+          {
+            content: 'public',
+            public: true,
+          },
+        ],
+      },
+    ]
+    const result = ah.stripeFragmentByRole(fragment, 'author')
+    const privateComments = get(result, 'recommendations[0].comments')
+    expect(privateComments).toHaveLength(1)
+  })
+})