yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Viewer should be allowed to subscribe to a document (#4814)

Browse Source 
* fix: viewer should be allowed to subscribe to a document

* fix: allow subscribe only if the user has read permission for collection
This commit is contained in:
Apoorv Mishra
2023-01-31 19:46:10 +05:30
committed by GitHub
parent a2e07e9593
commit 1caa51f58e
2 changed files with 57 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/policies/document.test.ts
View File

@@ -59,6 +59,8 @@ describe("read_write collection", () => {
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
});
});
@@ -85,6 +87,8 @@ describe("read collection", () => {
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
});
});
@@ -111,6 +115,8 @@ describe("private collection", () => {
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
});
});

80
server/policies/document.ts
View File

@@ -180,36 +180,58 @@ allow(User, "move", Document, (user, document) => {
return user.teamId === document.teamId;
});
allow(
User,
["pin", "unpin", "subscribe", "unsubscribe"],
Document,
(user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
return false;
}
return user.teamId === document.teamId;
allow(User, ["pin", "unpin"], Document, (user, document) => {
if (!document) {
return false;
}
);
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
return false;
}
return user.teamId === document.teamId;
});
allow(User, ["subscribe", "unsubscribe"], Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "read", document.collection)) {
return false;
}
return user.teamId === document.teamId;
});
allow(User, ["pinToHome"], Document, (user, document) => {
if (!document) {