Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday...

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday into HIN-1166-admin-delete-manuscript

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday...
Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday into HIN-1166-admin-delete-manuscript
3d2b5125 · Tania Fecheta · 2b231d56 · bfce0617 · 3d2b5125
Commit 3d2b5125 authored 6 years ago by Tania Fecheta
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
 const config = require('config')
-const logger = require('@pubsweet/logger')
 const { get, pickBy, last, has, pick } = require('lodash')

 const statuses = config.get('statuses')
@@ -66,6 +65,10 @@ function unauthenticatedUser(operation, object, userId) {
  return false
 }

+const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
+
+const filterNoFragmentCollections = c => c.fragments.length !== 0
+
 const createPaths = ['/collections', '/collections/:collectionId/fragments']

 async function applyAuthenticatedUserPolicy(user, operation, object, context) {
@@ -288,16 +291,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
  return unauthenticatedUser(operation, object, user.id)
 }

-async function applyEditorInChiefPolicy(user, operation, object, context) {
+async function applyAdminPolicy(user, operation, object, context) {
  if (operation === 'GET') {
    if (get(object, 'type') === 'collection') {
      return {
        filter: collection => ({
          ...collection,
-          visibleStatus: get(
-            statuses,
-            `${collection.status}.editorInChief.label`,
-          ),
+          visibleStatus: get(statuses, `${collection.status}.admin.label`),
        }),
      }
    }
@@ -312,25 +312,60 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {

    if (get(object, 'path') === '/api/collections') {
      const collections = await context.models.Collection.all()
-      const modifiedCollections = await Promise.all(
-        collections.map(async coll => {
-          if (coll.fragments.length === 0) {
-            logger.error(`Collection ${coll.id} does not have any fragments!`)
-
-            return null
-          }
+      return Promise.all(
+        collections.filter(filterNoFragmentCollections).map(async coll => {
          const latestFragmentId = coll.fragments[coll.fragments.length - 1]
          coll.currentVersion = await context.models.Fragment.find(
            latestFragmentId,
          )
          const status = get(coll, 'status', 'draft')
-          coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
-
+          coll.visibleStatus = get(statuses, `${status}.admin.label`)
          return coll
        }),
      )
+    }
+  }
+  return true
+}

-      return modifiedCollections.filter(Boolean)
+async function applyEditorInChiefPolicy(user, operation, object, context) {
+  if (operation === 'GET') {
+    if (get(object, 'type') === 'collection') {
+      return {
+        filter: collection => ({
+          ...collection,
+          visibleStatus: get(
+            statuses,
+            `${collection.status}.editorInChief.label`,
+          ),
+        }),
+      }
+    }
+
+    if (get(object, 'path') === '/api/users') {
+      return helpers.getUsersList({ UserModel: context.models.User, user })
+    }
+
+    if (get(object, 'type') === 'user') {
+      return helpers.parseUser({ user: object })
+    }
+
+    if (get(object, 'path') === '/api/collections') {
+      const collections = await context.models.Collection.all()
+      return Promise.all(
+        collections
+          .filter(filterDraftCollections)
+          .filter(filterNoFragmentCollections)
+          .map(async coll => {
+            const latestFragmentId = coll.fragments[coll.fragments.length - 1]
+            coll.currentVersion = await context.models.Fragment.find(
+              latestFragmentId,
+            )
+            const status = get(coll, 'status', 'draft')
+            coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
+            return coll
+          }),
+      )
    }
  }
  return true
@@ -353,7 +388,11 @@ const authsomeMode = async (userId, operation, object, context) => {
  // authorization/authsome mode, e.g.
  const user = await context.models.User.find(userId)

-  if (get(user, 'admin') || get(user, 'editorInChief')) {
+  if (get(user, 'admin')) {
+    return applyAdminPolicy(user, operation, object, context)
+  }
+
+  if (get(user, 'editorInChief')) {
    return applyEditorInChiefPolicy(user, operation, object, context)
  }