From 3c473d144e2c8cd9f39c8022ea4507aa3ade678e Mon Sep 17 00:00:00 2001
From: Sebastian Mihalache <sebastian.mihalache@gmail.con>
Date: Thu, 26 Jul 2018 09:47:40 +0100
Subject: [PATCH] firefight like a champion
---
.../src/components/SubmitRevision.js | 7 ++++++-
packages/xpub-faraday/config/authsome-mode.js | 16 +++++++++++-----
2 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/packages/component-manuscript/src/components/SubmitRevision.js b/packages/component-manuscript/src/components/SubmitRevision.js
index 837e46485..e1fd229e1 100644
--- a/packages/component-manuscript/src/components/SubmitRevision.js
+++ b/packages/component-manuscript/src/components/SubmitRevision.js
@@ -96,7 +96,12 @@ const SubmitRevision = ({
<CustomValidatedField>
<ValidatedField
component={() => (
- <Files filePath="revision.files" parentForm="revision" />
+ <Files
+ filePath="revision.files"
+ parentForm="revision"
+ project={project}
+ version={version}
+ />
)}
name="files"
validate={[requiredFiles]}
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 6ab6182b5..2c9efc4c7 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -135,12 +135,18 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
p => p.objectId === object.id || p.objectId === object.collectionId,
)
- if (!permission) return false
-
const collectionId = get(object, 'collectionId')
- const { status, fragments } = await context.models.Collection.find(
- collectionId,
- )
+ const {
+ owners,
+ status,
+ fragments,
+ } = await context.models.Collection.find(collectionId)
+
+ if (owners.includes(user.id)) {
+ return true
+ }
+
+ if (!permission) return false
return {
filter: fragment =>
--
GitLab