chore: Serialize domain policies on team (#1970)
* domain policies exposed on team, consistency * fix: Remove usage of isAdmin in frontend * test
This commit is contained in:
Tom Moor
GitHub
@@ -14,6 +14,20 @@ Object {
|
||||
"name": "User 1",
|
||||
},
|
||||
"ok": true,
|
||||
"policies": Array [
|
||||
Object {
|
||||
"abilities": Object {
|
||||
"activate": true,
|
||||
"delete": true,
|
||||
"demote": false,
|
||||
"promote": true,
|
||||
"read": true,
|
||||
"suspend": true,
|
||||
"update": false,
|
||||
},
|
||||
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
|
||||
},
|
||||
],
|
||||
"status": 200,
|
||||
}
|
||||
`;
|
||||
@@ -50,6 +64,20 @@ Object {
|
||||
"name": "User 1",
|
||||
},
|
||||
"ok": true,
|
||||
"policies": Array [
|
||||
Object {
|
||||
"abilities": Object {
|
||||
"activate": true,
|
||||
"delete": true,
|
||||
"demote": false,
|
||||
"promote": true,
|
||||
"read": true,
|
||||
"suspend": true,
|
||||
"update": false,
|
||||
},
|
||||
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
|
||||
},
|
||||
],
|
||||
"status": 200,
|
||||
}
|
||||
`;
|
||||
@@ -86,6 +114,20 @@ Object {
|
||||
"name": "User 1",
|
||||
},
|
||||
"ok": true,
|
||||
"policies": Array [
|
||||
Object {
|
||||
"abilities": Object {
|
||||
"activate": true,
|
||||
"delete": true,
|
||||
"demote": true,
|
||||
"promote": false,
|
||||
"read": true,
|
||||
"suspend": true,
|
||||
"update": false,
|
||||
},
|
||||
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
|
||||
},
|
||||
],
|
||||
"status": 200,
|
||||
}
|
||||
`;
|
||||
@@ -131,6 +173,20 @@ Object {
|
||||
"name": "User 1",
|
||||
},
|
||||
"ok": true,
|
||||
"policies": Array [
|
||||
Object {
|
||||
"abilities": Object {
|
||||
"activate": true,
|
||||
"delete": true,
|
||||
"demote": false,
|
||||
"promote": false,
|
||||
"read": true,
|
||||
"suspend": true,
|
||||
"update": false,
|
||||
},
|
||||
"id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61",
|
||||
},
|
||||
],
|
||||
"status": 200,
|
||||
}
|
||||
`;
|
||||
|
||||
@@ -15,7 +15,7 @@ router.post("apiKeys.create", auth(), async (ctx) => {
|
||||
ctx.assertPresent(name, "name is required");
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "create", ApiKey);
|
||||
authorize(user, "createApiKey", user.team);
|
||||
|
||||
const key = await ApiKey.create({
|
||||
name,
|
||||
|
||||
@@ -26,6 +26,8 @@ router.post("attachments.create", auth(), async (ctx) => {
|
||||
ctx.assertPresent(size, "size is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
authorize(user, "createAttachment", user.team);
|
||||
|
||||
const s3Key = uuid.v4();
|
||||
const acl =
|
||||
ctx.body.public === undefined
|
||||
|
||||
@@ -53,7 +53,7 @@ router.post("collections.create", auth(), async (ctx) => {
|
||||
}
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "create", Collection);
|
||||
authorize(user, "createCollection", user.team);
|
||||
|
||||
const collections = await Collection.findAll({
|
||||
where: { teamId: user.teamId, deletedAt: null },
|
||||
@@ -139,7 +139,7 @@ router.post("collections.import", auth(), async (ctx) => {
|
||||
ctx.assertUuid(attachmentId, "attachmentId is required");
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "import", Collection);
|
||||
authorize(user, "importCollection", user.team);
|
||||
|
||||
const attachment = await Attachment.findByPk(attachmentId);
|
||||
authorize(user, "read", attachment);
|
||||
|
||||
@@ -1165,7 +1165,7 @@ router.post("documents.import", auth(), async (ctx) => {
|
||||
if (index) ctx.assertPositiveInteger(index, "index must be an integer (>=0)");
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "create", Document);
|
||||
authorize(user, "createDocument", user.team);
|
||||
|
||||
const collection = await Collection.scope({
|
||||
method: ["withMembership", user.id],
|
||||
@@ -1234,7 +1234,7 @@ router.post("documents.create", auth(), async (ctx) => {
|
||||
if (index) ctx.assertPositiveInteger(index, "index must be an integer (>=0)");
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "create", Document);
|
||||
authorize(user, "createDocument", user.team);
|
||||
|
||||
const collection = await Collection.scope({
|
||||
method: ["withMembership", user.id],
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
import Router from "koa-router";
|
||||
import Sequelize from "sequelize";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { Event, Team, User, Collection } from "../models";
|
||||
import { Event, User, Collection } from "../models";
|
||||
import policy from "../policies";
|
||||
import { presentEvent } from "../presenters";
|
||||
import pagination from "./middlewares/pagination";
|
||||
@@ -60,7 +60,7 @@ router.post("events.list", auth(), pagination(), async (ctx) => {
|
||||
}
|
||||
|
||||
if (auditLog) {
|
||||
authorize(user, "auditLog", Team);
|
||||
authorize(user, "manage", user.team);
|
||||
where.name = Event.AUDIT_EVENTS;
|
||||
}
|
||||
|
||||
|
||||
@@ -76,7 +76,7 @@ router.post("groups.create", auth(), async (ctx) => {
|
||||
|
||||
const user = ctx.state.user;
|
||||
|
||||
authorize(user, "create", Group);
|
||||
authorize(user, "createGroup", user.team);
|
||||
let group = await Group.create({
|
||||
name,
|
||||
teamId: user.teamId,
|
||||
|
||||
@@ -14,7 +14,7 @@ router.post("notificationSettings.create", auth(), async (ctx) => {
|
||||
ctx.assertPresent(event, "event is required");
|
||||
|
||||
const user = ctx.state.user;
|
||||
authorize(user, "create", NotificationSetting);
|
||||
authorize(user, "createNotificationSetting", user.team);
|
||||
|
||||
const [setting] = await NotificationSetting.findOrCreate({
|
||||
where: {
|
||||
|
||||
@@ -5,7 +5,7 @@ import userSuspender from "../commands/userSuspender";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { Event, User, Team } from "../models";
|
||||
import policy from "../policies";
|
||||
import { presentUser } from "../presenters";
|
||||
import { presentUser, presentPolicies } from "../presenters";
|
||||
import { Op } from "../sequelize";
|
||||
import pagination from "./middlewares/pagination";
|
||||
|
||||
@@ -52,6 +52,7 @@ router.post("users.list", auth(), pagination(), async (ctx) => {
|
||||
data: users.map((listUser) =>
|
||||
presentUser(listUser, { includeDetails: user.isAdmin })
|
||||
),
|
||||
policies: presentPolicies(user, users),
|
||||
};
|
||||
});
|
||||
|
||||
@@ -67,8 +68,11 @@ router.post("users.count", auth(), async (ctx) => {
|
||||
});
|
||||
|
||||
router.post("users.info", auth(), async (ctx) => {
|
||||
const { user } = ctx.state;
|
||||
|
||||
ctx.body = {
|
||||
data: presentUser(ctx.state.user),
|
||||
data: presentUser(user),
|
||||
policies: presentPolicies(user, [user]),
|
||||
};
|
||||
});
|
||||
|
||||
@@ -100,17 +104,18 @@ router.post("users.update", auth(), async (ctx) => {
|
||||
router.post("users.promote", auth(), async (ctx) => {
|
||||
const userId = ctx.body.id;
|
||||
const teamId = ctx.state.user.teamId;
|
||||
const actor = ctx.state.user;
|
||||
ctx.assertPresent(userId, "id is required");
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "promote", user);
|
||||
authorize(actor, "promote", user);
|
||||
|
||||
const team = await Team.findByPk(teamId);
|
||||
await team.addAdmin(user);
|
||||
|
||||
await Event.create({
|
||||
name: "users.promote",
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
userId,
|
||||
teamId,
|
||||
data: { name: user.name },
|
||||
@@ -119,23 +124,25 @@ router.post("users.promote", auth(), async (ctx) => {
|
||||
|
||||
ctx.body = {
|
||||
data: presentUser(user, { includeDetails: true }),
|
||||
policies: presentPolicies(actor, [user]),
|
||||
};
|
||||
});
|
||||
|
||||
router.post("users.demote", auth(), async (ctx) => {
|
||||
const userId = ctx.body.id;
|
||||
const teamId = ctx.state.user.teamId;
|
||||
const actor = ctx.state.user;
|
||||
ctx.assertPresent(userId, "id is required");
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "demote", user);
|
||||
authorize(actor, "demote", user);
|
||||
|
||||
const team = await Team.findByPk(teamId);
|
||||
await team.removeAdmin(user);
|
||||
|
||||
await Event.create({
|
||||
name: "users.demote",
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
userId,
|
||||
teamId,
|
||||
data: { name: user.name },
|
||||
@@ -144,42 +151,45 @@ router.post("users.demote", auth(), async (ctx) => {
|
||||
|
||||
ctx.body = {
|
||||
data: presentUser(user, { includeDetails: true }),
|
||||
policies: presentPolicies(actor, [user]),
|
||||
};
|
||||
});
|
||||
|
||||
router.post("users.suspend", auth(), async (ctx) => {
|
||||
const userId = ctx.body.id;
|
||||
const actor = ctx.state.user;
|
||||
ctx.assertPresent(userId, "id is required");
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "suspend", user);
|
||||
authorize(actor, "suspend", user);
|
||||
|
||||
await userSuspender({
|
||||
user,
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
ip: ctx.request.ip,
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
data: presentUser(user, { includeDetails: true }),
|
||||
policies: presentPolicies(actor, [user]),
|
||||
};
|
||||
});
|
||||
|
||||
router.post("users.activate", auth(), async (ctx) => {
|
||||
const admin = ctx.state.user;
|
||||
const userId = ctx.body.id;
|
||||
const teamId = ctx.state.user.teamId;
|
||||
const actor = ctx.state.user;
|
||||
ctx.assertPresent(userId, "id is required");
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "activate", user);
|
||||
authorize(actor, "activate", user);
|
||||
|
||||
const team = await Team.findByPk(teamId);
|
||||
await team.activateUser(user, admin);
|
||||
await team.activateUser(user, actor);
|
||||
|
||||
await Event.create({
|
||||
name: "users.activate",
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
userId,
|
||||
teamId,
|
||||
data: { name: user.name },
|
||||
@@ -188,6 +198,7 @@ router.post("users.activate", auth(), async (ctx) => {
|
||||
|
||||
ctx.body = {
|
||||
data: presentUser(user, { includeDetails: true }),
|
||||
policies: presentPolicies(actor, [user]),
|
||||
};
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user