diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 4deb7a526881bade9a937b4e4181811d136202e1..fd332e96828296c39d3bc5bd1e79ffed1dc0c9fb 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -1,5 +1,4 @@
const config = require('config')
-const logger = require('@pubsweet/logger')
const { get, pickBy, last, has, pick } = require('lodash')
const statuses = config.get('statuses')
@@ -66,6 +65,10 @@ function unauthenticatedUser(operation, object, userId) {
return false
}
+const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
+
+const filterNoFragmentCollections = c => c.fragments.length !== 0
+
const createPaths = ['/collections', '/collections/:collectionId/fragments']
async function applyAuthenticatedUserPolicy(user, operation, object, context) {
@@ -288,16 +291,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
return unauthenticatedUser(operation, object, user.id)
}
-async function applyEditorInChiefPolicy(user, operation, object, context) {
+async function applyAdminPolicy(user, operation, object, context) {
if (operation === 'GET') {
if (get(object, 'type') === 'collection') {
return {
filter: collection => ({
...collection,
- visibleStatus: get(
- statuses,
- `${collection.status}.editorInChief.label`,
- ),
+ visibleStatus: get(statuses, `${collection.status}.admin.label`),
}),
}
}
@@ -312,25 +312,60 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
if (get(object, 'path') === '/api/collections') {
const collections = await context.models.Collection.all()
- const modifiedCollections = await Promise.all(
- collections.map(async coll => {
- if (coll.fragments.length === 0) {
- logger.error(`Collection ${coll.id} does not have any fragments!`)
-
- return null
- }
+ return Promise.all(
+ collections.filter(filterNoFragmentCollections).map(async coll => {
const latestFragmentId = coll.fragments[coll.fragments.length - 1]
coll.currentVersion = await context.models.Fragment.find(
latestFragmentId,
)
const status = get(coll, 'status', 'draft')
- coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
-
+ coll.visibleStatus = get(statuses, `${status}.admin.label`)
return coll
}),
)
+ }
+ }
+ return true
+}
- return modifiedCollections.filter(Boolean)
+async function applyEditorInChiefPolicy(user, operation, object, context) {
+ if (operation === 'GET') {
+ if (get(object, 'type') === 'collection') {
+ return {
+ filter: collection => ({
+ ...collection,
+ visibleStatus: get(
+ statuses,
+ `${collection.status}.editorInChief.label`,
+ ),
+ }),
+ }
+ }
+
+ if (get(object, 'path') === '/api/users') {
+ return helpers.getUsersList({ UserModel: context.models.User, user })
+ }
+
+ if (get(object, 'type') === 'user') {
+ return helpers.parseUser({ user: object })
+ }
+
+ if (get(object, 'path') === '/api/collections') {
+ const collections = await context.models.Collection.all()
+ return Promise.all(
+ collections
+ .filter(filterDraftCollections)
+ .filter(filterNoFragmentCollections)
+ .map(async coll => {
+ const latestFragmentId = coll.fragments[coll.fragments.length - 1]
+ coll.currentVersion = await context.models.Fragment.find(
+ latestFragmentId,
+ )
+ const status = get(coll, 'status', 'draft')
+ coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
+ return coll
+ }),
+ )
}
}
return true
@@ -353,7 +388,11 @@ const authsomeMode = async (userId, operation, object, context) => {
// authorization/authsome mode, e.g.
const user = await context.models.User.find(userId)
- if (get(user, 'admin') || get(user, 'editorInChief')) {
+ if (get(user, 'admin')) {
+ return applyAdminPolicy(user, operation, object, context)
+ }
+
+ if (get(user, 'editorInChief')) {
return applyEditorInChiefPolicy(user, operation, object, context)
}