diff --git a/packages/component-invite/src/controllers/assignCollectionRole.js b/packages/component-invite/src/controllers/assignCollectionRole.js
index 7471b3c5449242f6d7833e8c288a04c0f4608109..e810e941147c908584f9b5ec5daaf72aa9c2ad5a 100644
--- a/packages/component-invite/src/controllers/assignCollectionRole.js
+++ b/packages/component-invite/src/controllers/assignCollectionRole.js
@@ -67,7 +67,7 @@ module.exports = async (
try {
let user = await models.User.findByEmail(email)
- let team = teamHelper.getTeamByGroupAndCollection(
+ let team = await teamHelper.getTeamByGroupAndCollection(
collectionId,
role,
models.Team,
@@ -79,11 +79,13 @@ module.exports = async (
collectionId,
role,
)
+ user = await models.User.findByEmail(email)
+ } else {
+ user.teams = user.teams || []
+ user.teams.push(team.id)
+ user = await user.save()
}
- // getting the updated user from the DB - creating a team also updates the user
- user = await models.User.findByEmail(email)
-
if (user.invitations === undefined) {
user = await inviteHelper.setupInvitation(
user,
diff --git a/packages/component-invite/src/helpers/Team.js b/packages/component-invite/src/helpers/Team.js
index 298e0c50834ae3296dda91d19d08de5962df22bc..39bbca5152ab564cbc4e5ac53de18953a962de4a 100644
--- a/packages/component-invite/src/helpers/Team.js
+++ b/packages/component-invite/src/helpers/Team.js
@@ -74,7 +74,7 @@ const setupEiCTeams = async (models, user) => {
const setupManuscriptTeam = async (models, user, collectionId, role) => {
const teams = await models.Team.all()
- user.teams = []
+ user.teams = user.teams || []
const filteredTeams = teams.filter(
team =>
team.group === role &&
@@ -89,12 +89,16 @@ const setupManuscriptTeam = async (models, user, collectionId, role) => {
try {
team = await team.updateProperties(team)
team = await team.save()
+ user.teams.push(team.id)
+ await user.save()
return team
} catch (e) {
logger.error(e)
}
} else {
const team = await createNewTeam(collectionId, role, user.id, models.Team)
+ user.teams.push(team.id)
+ await user.save()
return team
}
}
diff --git a/packages/xpub-faraday/config/authsome.js b/packages/xpub-faraday/config/authsome.js
index ecda1b81754c35d9abf84203860fa5e3d18941d0..978d988cac126e8195a1f26fc9eacc8cdce4f954 100644
--- a/packages/xpub-faraday/config/authsome.js
+++ b/packages/xpub-faraday/config/authsome.js
@@ -3,30 +3,34 @@ const pickBy = require('lodash/pickBy')
const omit = require('lodash/omit')
async function teamPermissions(user, operation, object, context) {
- const collection = get(object, 'collection')
-
- if (collection) {
- // Go through a user's teams, if they belong to a team that's based around
- // this particular collection, check what membership in that team allows
- // and return accordingly
-
- /* eslint-disable */
- for (const teamId of user.teams) {
+ const heTeamsProm = user.teams
+ .map(async teamId => {
const team = await context.models.Team.find(teamId)
-
- if (
- team.teamType.permissions === 'handlingEditor' &&
- team.object.id === collection.id &&
- operation === 'GET'
- ) {
- console.log('team', team)
- return true
+ if (team.teamType.permissions === 'handlingEditor') {
+ return team
}
+ return null
+ })
+ .filter(Boolean)
+
+ const heTeams = await Promise.all(heTeamsProm)
+ const heCollections = heTeams.map(team => team.object.id)
+
+ if (heCollections.length > 0) {
+ return {
+ filter: collections => {
+ if (collections.length > 0) {
+ const correctColl = collections.filter(coll =>
+ heCollections.includes(coll.id),
+ )
+ return correctColl
+ }
+ return collections
+ },
}
- /* eslint-enable */
}
- return false
+ return {}
}
function unauthenticatedUser(operation, object) {