yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Additional policy regarding comments on a document (#5130)

Browse Source 
* feat: comment policy on document

* fix: add alongside read
This commit is contained in:
Apoorv Mishra
2023-04-02 19:21:13 +05:30
committed by GitHub
parent 1be1371171
commit 16a5be1aa6
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/policies/document.test.ts
View File

@@ -34,6 +34,7 @@ describe("read_write collection", () => {
expect(abilities.delete).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.move).toEqual(true);
expect(abilities.comment).toEqual(true);
});
it("should allow read permissions for viewer", async () => {
@@ -61,6 +62,7 @@ describe("read_write collection", () => {
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.comment).toEqual(true);
});
});
@@ -89,6 +91,7 @@ describe("read collection", () => {
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.comment).toEqual(true);
});
});
@@ -117,6 +120,7 @@ describe("private collection", () => {
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});
@@ -149,5 +153,6 @@ describe("no collection", () => {
expect(abilities.unstar).toEqual(true);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.update).toEqual(true);
expect(abilities.comment).toEqual(true);
});
});

2
server/policies/document.ts
View File

@@ -10,7 +10,7 @@ allow(User, "createDocument", Team, (user, team) => {
return true;
});
allow(User, "read", Document, (user, document) => {
allow(User, ["read", "comment"], Document, (user, document) => {
if (!document) {
return false;
}

2
server/routes/api/comments/comments.ts
View File

@@ -29,7 +29,7 @@ router.post(
userId: user.id,
transaction,
});
authorize(user, "read", document);
authorize(user, "comment", document);
const comment = await commentCreator({
id,