fix authsome

857c3cbf · Sebastian Mihalache · 5b9ac3a9 · 857c3cbf · 857c3cbf · 857c3cbf
Commit 857c3cbf authored 6 years ago by Sebastian Mihalache
--- a/packages/component-invite/config/authsome-mode.js
+++ b/packages/component-invite/config/authsome-mode.js
@@ -102,6 +102,13 @@ async function authenticatedUser(user, operation, object, context) {
    }
  }

+  if (
+    operation === 'POST' &&
+    object.path === '/collections/:collectionId/fragments'
+  ) {
+    return true
+  }
+
  // Allow the authenticated user to GET collections they own
  if (operation === 'GET' && object === '/collections/') {
    return {
@@ -183,7 +190,7 @@ async function authenticatedUser(user, operation, object, context) {
    return false
  }

-  if (user.teams.length !== 0) {
+  if (user.teams.length !== 0 && operation === 'GET') {
    const permissions = await teamPermissions(user, operation, object, context)

    if (permissions) {

--- a/packages/component-manuscript-manager/config/authsome-mode.js
+++ b/packages/component-manuscript-manager/config/authsome-mode.js
@@ -102,6 +102,13 @@ async function authenticatedUser(user, operation, object, context) {
    }
  }

+  if (
+    operation === 'POST' &&
+    object.path === '/collections/:collectionId/fragments'
+  ) {
+    return true
+  }
+
  // Allow the authenticated user to GET collections they own
  if (operation === 'GET' && object === '/collections/') {
    return {
@@ -183,7 +190,7 @@ async function authenticatedUser(user, operation, object, context) {
    return false
  }

-  if (user.teams.length !== 0) {
+  if (user.teams.length !== 0 && operation === 'GET') {
    const permissions = await teamPermissions(user, operation, object, context)

    if (permissions) {

--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -102,6 +102,13 @@ async function authenticatedUser(user, operation, object, context) {
    }
  }

+  if (
+    operation === 'POST' &&
+    object.path === '/collections/:collectionId/fragments'
+  ) {
+    return true
+  }
+
  // Allow the authenticated user to GET collections they own
  if (operation === 'GET' && object === '/collections/') {
    return {
@@ -183,7 +190,7 @@ async function authenticatedUser(user, operation, object, context) {
    return false
  }

-  if (user.teams.length !== 0) {
+  if (user.teams.length !== 0 && operation === 'GET') {
    const permissions = await teamPermissions(user, operation, object, context)

    if (permissions) {