From e27a9c1bc52236eeea02f7c668454e68667076f0 Mon Sep 17 00:00:00 2001
From: Mihail Hagiu <mihail.hagiu@thinslices.com>
Date: Tue, 11 Dec 2018 17:40:19 +0200
Subject: [PATCH] fix(authsome-mode): Refactor

---
 packages/xpub-faraday/config/authsome-mode.js | 29 +++++++------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index fd0acf1f4..454a6170d 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -65,10 +65,8 @@ function unauthenticatedUser(operation, object, userId) {
   return false
 }
 
-const filterDraftCollections = c => get(c, 'status', 'draft') !== 'draft'
-
-const filterTechnicalChecksCollections = c =>
-  get(c, 'status', 'draft') !== 'technicalChecks'
+const isCollectionInStatuses = (c, statuses) =>
+  statuses.includes(get(c, 'status', 'draft'))
 
 const filterNoFragmentCollections = c => c.fragments.length !== 0
 
@@ -81,11 +79,11 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
     }
 
     if (get(object, 'type') === 'collection') {
-      if (
-        !filterDraftCollections(object) ||
-        !filterTechnicalChecksCollections(object)
-      )
-        return false
+      if (isCollectionInStatuses(object, ['draft', 'technicalChecks'])) {
+        if (!helpers.isOwner({ user, object })) {
+          return false
+        }
+      }
       return {
         filter: async collection => {
           const userPermissions = await helpers.getUserPermissions({
@@ -347,10 +345,7 @@ async function applyAdminPolicy(user, operation, object, context) {
 async function applyEditorInChiefPolicy(user, operation, object, context) {
   if (operation === 'GET') {
     if (get(object, 'type') === 'collection') {
-      if (
-        !filterDraftCollections(object) ||
-        !filterTechnicalChecksCollections(object)
-      )
+      if (isCollectionInStatuses(object, ['draft', 'technicalChecks']))
         return false
       return {
         filter: collection => ({
@@ -367,10 +362,7 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
       const collection = await context.models.Collection.find(
         get(object, 'collectionId'),
       )
-      if (
-        !filterDraftCollections(collection) ||
-        !filterTechnicalChecksCollections(collection)
-      )
+      if (isCollectionInStatuses(collection, ['draft', 'technicalChecks']))
         return false
     }
 
@@ -386,8 +378,7 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
       const collections = await context.models.Collection.all()
       return Promise.all(
         collections
-          .filter(filterDraftCollections)
-          .filter(filterTechnicalChecksCollections)
+          .filter(c => !isCollectionInStatuses(c, ['draft', 'technicalChecks']))
           .filter(filterNoFragmentCollections)
           .map(async coll => {
             const latestFragmentId = coll.fragments[coll.fragments.length - 1]
-- 
GitLab