Skip to content
Snippets Groups Projects
Commit 3d2b5125 authored by Tania Fecheta's avatar Tania Fecheta
Browse files

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday... 

Merge branch 'develop' of https://gitlab.coko.foundation/xpub/xpub-faraday into HIN-1166-admin-delete-manuscript
parents 2b231d56 bfce0617
No related branches found
No related tags found
3 merge requests!222Sprint #26,!217Sprint #26,!198Hin 1166 admin delete manuscript
Hide whitespace changes
Inline Side-by-side
packages/xpub-faraday/config/authsome-mode.js
+ 56
17
View file @ 3d2b5125
const config = require('config') const config = require('config')
const logger = require('@pubsweet/logger')
const { get, pickBy, last, has, pick } = require('lodash') const { get, pickBy, last, has, pick } = require('lodash')
const statuses = config.get('statuses') const statuses = config.get('statuses')
...@@ -66,6 +65,10 @@ function unauthenticatedUser(operation, object, userId) { ...@@ -66,6 +65,10 @@ function unauthenticatedUser(operation, object, userId) {
return false return false
} }
const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
const filterNoFragmentCollections = c => c.fragments.length !== 0
const createPaths = ['/collections', '/collections/:collectionId/fragments'] const createPaths = ['/collections', '/collections/:collectionId/fragments']
async function applyAuthenticatedUserPolicy(user, operation, object, context) { async function applyAuthenticatedUserPolicy(user, operation, object, context) {
...@@ -288,16 +291,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) { ...@@ -288,16 +291,13 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
return unauthenticatedUser(operation, object, user.id) return unauthenticatedUser(operation, object, user.id)
} }
async function applyEditorInChiefPolicy(user, operation, object, context) { async function applyAdminPolicy(user, operation, object, context) {
if (operation === 'GET') { if (operation === 'GET') {
if (get(object, 'type') === 'collection') { if (get(object, 'type') === 'collection') {
return { return {
filter: collection => ({ filter: collection => ({
...collection, ...collection,
visibleStatus: get( visibleStatus: get(statuses, `${collection.status}.admin.label`),
statuses,
`${collection.status}.editorInChief.label`,
),
}), }),
} }
} }
...@@ -312,25 +312,60 @@ async function applyEditorInChiefPolicy(user, operation, object, context) { ...@@ -312,25 +312,60 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
if (get(object, 'path') === '/api/collections') { if (get(object, 'path') === '/api/collections') {
const collections = await context.models.Collection.all() const collections = await context.models.Collection.all()
const modifiedCollections = await Promise.all( return Promise.all(
collections.map(async coll => { collections.filter(filterNoFragmentCollections).map(async coll => {
if (coll.fragments.length === 0) {
logger.error(`Collection ${coll.id} does not have any fragments!`)
return null
}
const latestFragmentId = coll.fragments[coll.fragments.length - 1] const latestFragmentId = coll.fragments[coll.fragments.length - 1]
coll.currentVersion = await context.models.Fragment.find( coll.currentVersion = await context.models.Fragment.find(
latestFragmentId, latestFragmentId,
) )
const status = get(coll, 'status', 'draft') const status = get(coll, 'status', 'draft')
coll.visibleStatus = get(statuses, `${status}.editorInChief.label`) coll.visibleStatus = get(statuses, `${status}.admin.label`)
return coll return coll
}), }),
) )
}
}
return true
}
return modifiedCollections.filter(Boolean) async function applyEditorInChiefPolicy(user, operation, object, context) {
if (operation === 'GET') {
if (get(object, 'type') === 'collection') {
return {
filter: collection => ({
...collection,
visibleStatus: get(
statuses,
`${collection.status}.editorInChief.label`,
),
}),
}
}
if (get(object, 'path') === '/api/users') {
return helpers.getUsersList({ UserModel: context.models.User, user })
}
if (get(object, 'type') === 'user') {
return helpers.parseUser({ user: object })
}
if (get(object, 'path') === '/api/collections') {
const collections = await context.models.Collection.all()
return Promise.all(
collections
.filter(filterDraftCollections)
.filter(filterNoFragmentCollections)
.map(async coll => {
const latestFragmentId = coll.fragments[coll.fragments.length - 1]
coll.currentVersion = await context.models.Fragment.find(
latestFragmentId,
)
const status = get(coll, 'status', 'draft')
coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
return coll
}),
)
} }
} }
return true return true
...@@ -353,7 +388,11 @@ const authsomeMode = async (userId, operation, object, context) => { ...@@ -353,7 +388,11 @@ const authsomeMode = async (userId, operation, object, context) => {
// authorization/authsome mode, e.g. // authorization/authsome mode, e.g.
const user = await context.models.User.find(userId) const user = await context.models.User.find(userId)
if (get(user, 'admin') || get(user, 'editorInChief')) { if (get(user, 'admin')) {
return applyAdminPolicy(user, operation, object, context)
}
if (get(user, 'editorInChief')) {
return applyEditorInChiefPolicy(user, operation, object, context) return applyEditorInChiefPolicy(user, operation, object, context)
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment