feat(authsome-mode):Hide-draft-EiC

ed05fe4f · Mihail Hagiu · 406b2094 · ed05fe4f
Commit ed05fe4f authored 6 years ago by Mihail Hagiu
--- a/packages/xpub-faraday/config/authsome-mode.js
+++ b/packages/xpub-faraday/config/authsome-mode.js
@@ -288,6 +288,51 @@ async function applyAuthenticatedUserPolicy(user, operation, object, context) {
  return unauthenticatedUser(operation, object, user.id)
 }
+async function applyAdminPolicy(user, operation, object, context) {
+  if (operation === 'GET') {
+    if (get(object, 'type') === 'collection') {
+      return {
+        filter: collection => ({
+          ...collection,
+          visibleStatus: get(statuses, `${collection.status}.admin.label`),
+        }),
+      }
+    }
+    if (get(object, 'path') === '/api/users') {
+      return helpers.getUsersList({ UserModel: context.models.User, user })
+    }
+    if (get(object, 'type') === 'user') {
+      return helpers.parseUser({ user: object })
+    }
+    if (get(object, 'path') === '/api/collections') {
+      const collections = await context.models.Collection.all()
+      const modifiedCollections = await Promise.all(
+        collections.map(async coll => {
+          if (coll.fragments.length === 0) {
+            logger.error(`Collection ${coll.id} does not have any fragments!`)
+            return null
+          }
+          const latestFragmentId = coll.fragments[coll.fragments.length - 1]
+          coll.currentVersion = await context.models.Fragment.find(
+            latestFragmentId,
+          )
+          const status = get(coll, 'status', 'draft')
+          coll.visibleStatus = get(statuses, `${status}.admin.label`)
+          return coll
+        }),
+      )
+      return modifiedCollections.filter(Boolean)
+    }
+  }
+  return true
+}
 async function applyEditorInChiefPolicy(user, operation, object, context) {
  if (operation === 'GET') {
    if (get(object, 'type') === 'collection') {
@@ -316,7 +361,6 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
        collections.map(async coll => {
          if (coll.fragments.length === 0) {
            logger.error(`Collection ${coll.id} does not have any fragments!`)
            return null
          }
          const latestFragmentId = coll.fragments[coll.fragments.length - 1]
@@ -324,12 +368,11 @@ async function applyEditorInChiefPolicy(user, operation, object, context) {
            latestFragmentId,
          )
          const status = get(coll, 'status', 'draft')
+          if (status === 'draft') return null
          coll.visibleStatus = get(statuses, `${status}.editorInChief.label`)
          return coll
        }),
      )
      return modifiedCollections.filter(Boolean)
    }
  }
@@ -353,7 +396,11 @@ const authsomeMode = async (userId, operation, object, context) => {
  // authorization/authsome mode, e.g.
  const user = await context.models.User.find(userId)
-  if (get(user, 'admin') || get(user, 'editorInChief')) {
+  if (get(user, 'admin')) {
+    return applyAdminPolicy(user, operation, object, context)
+  }
+  if (get(user, 'editorInChief')) {
    return applyEditorInChiefPolicy(user, operation, object, context)
  }