From 44f12bb53a2ecdd7f474592f0e930e4d3466d8f3 Mon Sep 17 00:00:00 2001
From: Mihail Hagiu <mihail.hagiu@thinslices.com>
Date: Tue, 11 Dec 2018 15:36:57 +0200
Subject: [PATCH] fix(authsome-mode): Check for last fragment on back-end when
 editing metadata

---
 packages/xpub-faraday/config/authsome-helpers.js | 4 ++++
 packages/xpub-faraday/config/authsome-mode.js    | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/packages/xpub-faraday/config/authsome-helpers.js b/packages/xpub-faraday/config/authsome-helpers.js
index 39f753c53..a82824279 100644
--- a/packages/xpub-faraday/config/authsome-helpers.js
+++ b/packages/xpub-faraday/config/authsome-helpers.js
@@ -37,6 +37,9 @@ const isOwner = ({ user: { id }, object }) => {
   return !!object.owners.find(own => own.id === id)
 }
 
+const isLastFragment = (collection, fragment) =>
+  get(fragment, 'id', '') === last(get(collection, 'fragments', []))
+
 const hasPermissionForObject = async ({ user, object, Team, roles = [] }) => {
   const userPermissions = await getUserPermissions({
     user,
@@ -333,6 +336,7 @@ module.exports = {
   parseUser,
   getUsersList,
   getCollections,
+  isLastFragment,
   isHandlingEditor,
   getUserPermissions,
   setCollectionStatus,
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 3d9ed009d..936b11dea 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -325,6 +325,15 @@ async function applyAdminPolicy(user, operation, object, context) {
       )
     }
   }
+  if (operation === 'PATCH') {
+    if (get(object, 'current.type') === 'fragment') {
+      const collection = await context.models.Collection.find(
+        get(object, 'current.collectionId'),
+      )
+      const isLast = helpers.isLastFragment(collection, get(object, 'current'))
+      return isLast
+    }
+  }
   return true
 }
 
-- 
GitLab