From ed05fe4fd2dc42344f9227d16b11cbc2b31c88e9 Mon Sep 17 00:00:00 2001
From: Mihail Hagiu <mihail.hagiu@thinslices.com>
Date: Tue, 11 Dec 2018 11:24:35 +0200
Subject: [PATCH] feat(authsome-mode):Hide-draft-EiC
---
packages/xpub-faraday/config/authsome-mode.js | 55 +++++++++++++++++--
1 file changed, 51 insertions(+), 4 deletions(-)
diff --git a/packages/xpub-faraday/config/authsome-mode.js b/packages/xpub-faraday/config/authsome-mode.js
index 4deb7a526..29557c911 100644
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -288,6 +288,51 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
return unauthenticatedUser(operation, object, user.id)
}
+async function applyAdminPolicy(user, operation, object, context) {
+ if (operation === 'GET') {
+ if (get(object, 'type') === 'collection') {
+ return {
+ filter: collection => ({
+ ...collection,
+ visibleStatus: get(statuses, `${collection.status}.admin.label`),
+ }),
+ }
+ }
+
+ if (get(object, 'path') === '/api/users') {
+ return helpers.getUsersList({ UserModel: context.models.User, user })
+ }
+
+ if (get(object, 'type') === 'user') {
+ return helpers.parseUser({ user: object })
+ }
+
+ if (get(object, 'path') === '/api/collections') {
+ const collections = await context.models.Collection.all()
+ const modifiedCollections = await Promise.all(
+ collections.map(async coll => {
+ if (coll.fragments.length === 0) {
+ logger.error(`Collection ${coll.id} does not have any fragments!`)
+
+ return null
+ }
+ const latestFragmentId = coll.fragments[coll.fragments.length - 1]
+ coll.currentVersion = await context.models.Fragment.find(
+ latestFragmentId,
+ )
+ const status = get(coll, 'status', 'draft')
+ coll.visibleStatus = get(statuses, `${status}.admin.label`)
+
+ return coll
+ }),
+ )
+
+ return modifiedCollections.filter(Boolean)
+ }
+ }
+ return true
+}
+
async function applyEditorInChiefPolicy(user, operation, object, context) {
if (operation === 'GET') {
if (get(object, 'type') === 'collection') {
@@ -316,7 +361,6 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
collections.map(async coll => {
if (coll.fragments.length === 0) {
logger.error(`Collection ${coll.id} does not have any fragments!`)
-
return null
}
const latestFragmentId = coll.fragments[coll.fragments.length - 1]
@@ -324,12 +368,11 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
latestFragmentId,
)
const status = get(coll, 'status', 'draft')
+ if (status === 'draft') return null
coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
-
return coll
}),
)
-
return modifiedCollections.filter(Boolean)
}
}
@@ -353,7 +396,11 @@ const authsomeMode = async (userId, operation, object, context) => {
// authorization/authsome mode, e.g.
const user = await context.models.User.find(userId)
- if (get(user, 'admin') || get(user, 'editorInChief')) {
+ if (get(user, 'admin')) {
+ return applyAdminPolicy(user, operation, object, context)
+ }
+
+ if (get(user, 'editorInChief')) {
return applyEditorInChiefPolicy(user, operation, object, context)
}
--
GitLab