From 3ce7b7890c01a5fc1727a13b74db634e07a34a12 Mon Sep 17 00:00:00 2001
From: Mihail Hagiu <mihail.hagiu@thinslices.com>
Date: Tue, 11 Dec 2018 16:27:42 +0200
Subject: [PATCH] fix(authsome-mode): deny manuscript access from link for
 reviewers too

---
 packages/xpub-faraday/config/authsome-mode.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index a01f22101..fd0acf1f4 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -81,6 +81,11 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
     }
 
     if (get(object, 'type') === 'collection') {
+      if (
+        !filterDraftCollections(object) ||
+        !filterTechnicalChecksCollections(object)
+      )
+        return false
       return {
         filter: async collection => {
           const userPermissions = await helpers.getUserPermissions({
-- 
GitLab