From a9f588733f880122d6cdc5d0b547d02a123663cf Mon Sep 17 00:00:00 2001
From: Andrei Cioromila <andrei.cioromila@thinslices.com>
Date: Mon, 15 Oct 2018 18:14:51 +0300
Subject: [PATCH] feat(teams): Use teams to validate user permissions on
 dashboard / manuscript page

---
 packages/component-faraday-selectors/src/index.js      | 10 +++++-----
 .../src/components/ManuscriptPage.js                   |  1 +
 .../src/components/Dashboard/DashboardPage.js          |  6 +++++-
 packages/xpub-faraday/config/authsome-mode.js          |  8 ++++++++
 4 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/packages/component-faraday-selectors/src/index.js b/packages/component-faraday-selectors/src/index.js
index 925aac7a8..85a739881 100644
--- a/packages/component-faraday-selectors/src/index.js
+++ b/packages/component-faraday-selectors/src/index.js
@@ -130,11 +130,11 @@ export const currentUserIsAuthor = (state, id) => {
     .includes(id)
 }
 
-export const getUserPermissions = ({ currentUser }) =>
-  get(currentUser, 'user.teams', []).map(t => ({
-    objectId: t.object.id,
-    objectType: t.object.type,
-    role: t.teamType.permissions,
+export const getUserPermissions = ({ teams = [] }) =>
+  teams.map(t => ({
+    objectId: get(t, 'object.id', ''),
+    objectType: get(t, 'object.type', ''),
+    role: get(t, 'teamType.permissions', ''),
   }))
 
 export const userNotConfirmed = ({ currentUser }) =>
diff --git a/packages/component-manuscript/src/components/ManuscriptPage.js b/packages/component-manuscript/src/components/ManuscriptPage.js
index ac4868da0..e24d81b07 100644
--- a/packages/component-manuscript/src/components/ManuscriptPage.js
+++ b/packages/component-manuscript/src/components/ManuscriptPage.js
@@ -79,6 +79,7 @@ export default compose(
     actions.getCollection({ id: match.params.project }),
     actions.getFragments({ id: match.params.project }),
     actions.getUsers(),
+    actions.getTeams(),
   ]),
   connect(
     (state, { match }) => ({
diff --git a/packages/components-faraday/src/components/Dashboard/DashboardPage.js b/packages/components-faraday/src/components/Dashboard/DashboardPage.js
index eda5819b4..53ddd1086 100644
--- a/packages/components-faraday/src/components/Dashboard/DashboardPage.js
+++ b/packages/components-faraday/src/components/Dashboard/DashboardPage.js
@@ -16,7 +16,11 @@ import { Dashboard } from './'
 import { priorityFilter, orderFilter, withFiltersHOC } from '../Filters'
 
 export default compose(
-  ConnectPage(() => [actions.getCollections(), actions.getUsers()]),
+  ConnectPage(() => [
+    actions.getCollections(),
+    actions.getUsers(),
+    actions.getTeams(),
+  ]),
   connect(
     state => {
       const { collections, conversion } = state
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 6257394fa..5df5dcb14 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -161,6 +161,14 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
         models: context.models,
       })
     }
+
+    if (get(object, 'path', '') === '/teams') {
+      return {
+        filter: teams => {
+          return teams.filter(t => user.teams.includes(t.id))
+        },
+      }
+    }
   }
 
   if (operation === 'POST') {
-- 
GitLab