Skip to content
Snippets Groups Projects
Commit 3d2b5125 authored by Tania Fecheta's avatar Tania Fecheta
Browse files

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday...

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday into HIN-1166-admin-delete-manuscript
parents 2b231d56 bfce0617
No related branches found
No related tags found
3 merge requests!222Sprint #26,!217Sprint #26,!198Hin 1166 admin delete manuscript
const config = require('config')
const logger = require('@pubsweet/logger')
const { get, pickBy, last, has, pick } = require('lodash')
const statuses = config.get('statuses')
......@@ -66,6 +65,10 @@ function unauthenticatedUser(operation, object, userId) {
return false
}
const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
const filterNoFragmentCollections = c => c.fragments.length !== 0
const createPaths = ['/collections', '/collections/:collectionId/fragments']
async function applyAuthenticatedUserPolicy(user, operation, object, context) {
......@@ -288,16 +291,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
return unauthenticatedUser(operation, object, user.id)
}
async function applyEditorInChiefPolicy(user, operation, object, context) {
async function applyAdminPolicy(user, operation, object, context) {
if (operation === 'GET') {
if (get(object, 'type') === 'collection') {
return {
filter: collection => ({
...collection,
visibleStatus: get(
statuses,
`${collection.status}.editorInChief.label`,
),
visibleStatus: get(statuses, `${collection.status}.admin.label`),
}),
}
}
......@@ -312,25 +312,60 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
if (get(object, 'path') === '/api/collections') {
const collections = await context.models.Collection.all()
const modifiedCollections = await Promise.all(
collections.map(async coll => {
if (coll.fragments.length === 0) {
logger.error(`Collection ${coll.id} does not have any fragments!`)
return null
}
return Promise.all(
collections.filter(filterNoFragmentCollections).map(async coll => {
const latestFragmentId = coll.fragments[coll.fragments.length - 1]
coll.currentVersion = await context.models.Fragment.find(
latestFragmentId,
)
const status = get(coll, 'status', 'draft')
coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
coll.visibleStatus = get(statuses, `${status}.admin.label`)
return coll
}),
)
}
}
return true
}
return modifiedCollections.filter(Boolean)
async function applyEditorInChiefPolicy(user, operation, object, context) {
if (operation === 'GET') {
if (get(object, 'type') === 'collection') {
return {
filter: collection => ({
...collection,
visibleStatus: get(
statuses,
`${collection.status}.editorInChief.label`,
),
}),
}
}
if (get(object, 'path') === '/api/users') {
return helpers.getUsersList({ UserModel: context.models.User, user })
}
if (get(object, 'type') === 'user') {
return helpers.parseUser({ user: object })
}
if (get(object, 'path') === '/api/collections') {
const collections = await context.models.Collection.all()
return Promise.all(
collections
.filter(filterDraftCollections)
.filter(filterNoFragmentCollections)
.map(async coll => {
const latestFragmentId = coll.fragments[coll.fragments.length - 1]
coll.currentVersion = await context.models.Fragment.find(
latestFragmentId,
)
const status = get(coll, 'status', 'draft')
coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
return coll
}),
)
}
}
return true
......@@ -353,7 +388,11 @@ const authsomeMode = async (userId, operation, object, context) => {
// authorization/authsome mode, e.g.
const user = await context.models.User.find(userId)
if (get(user, 'admin') || get(user, 'editorInChief')) {
if (get(user, 'admin')) {
return applyAdminPolicy(user, operation, object, context)
}
if (get(user, 'editorInChief')) {
return applyEditorInChiefPolicy(user, operation, object, context)
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment