fix(authsome-mode): Check for last fragment on back-end when editing metadata

44f12bb5 · Mihail Hagiu · a6b28ce8 · 44f12bb5 · 44f12bb5
Commit 44f12bb5 authored 6 years ago by Mihail Hagiu
--- a/packages/xpub-faraday/config/authsome-helpers.js
+++ b/packages/xpub-faraday/config/authsome-helpers.js
@@ -37,6 +37,9 @@ const isOwner = ({ user: { id }, object }) => {
  return !!object.owners.find(own => own.id === id)
 }
+const isLastFragment = (collection, fragment) =>
+  get(fragment, 'id', '') === last(get(collection, 'fragments', []))
 const hasPermissionForObject = async ({ user, object, Team, roles = [] }) => {
  const userPermissions = await getUserPermissions({
    user,
@@ -333,6 +336,7 @@ module.exports = {
  parseUser,
  getUsersList,
  getCollections,
+  isLastFragment,
  isHandlingEditor,
  getUserPermissions,
  setCollectionStatus,

--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -325,6 +325,15 @@ async function applyAdminPolicy(user, operation, object, context) {
      )
    }
  }
+  if (operation === 'PATCH') {
+    if (get(object, 'current.type') === 'fragment') {
+      const collection = await context.models.Collection.find(
+        get(object, 'current.collectionId'),
+      )
+      const isLast = helpers.isLastFragment(collection, get(object, 'current'))
+      return isLast
+    }
+  }
  return true
 }