yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Collection Permissions (#829)

Browse Source 
see https://github.com/outline/outline/issues/668
This commit is contained in:
Tom Moor
2019-01-05 13:37:33 -08:00
committed by GitHub
parent 8978915423
commit 8c02b0028c
53 changed files with 1379 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/policies/collection.js
View File

@@ -1,5 +1,6 @@
// @flow
import policy from './policy';
import { map } from 'lodash';
import { Collection, User } from '../models';
import { AdminRequiredError } from '../errors';
@@ -11,12 +12,27 @@ allow(
User,
['read', 'publish', 'update', 'export'],
Collection,
(user, collection) => collection && user.teamId === collection.teamId
(user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (
collection.private &&
!map(collection.users, u => u.id).includes(user.id)
)
return false;
return true;
}
);
allow(User, 'delete', Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (user.id === collection.creatorId) return true;
if (collection.private && !map(collection.users, u => u.id).includes(user.id))
return false;
if (user.isAdmin) return true;
if (user.id === collection.creatorId) return true;
throw new AdminRequiredError();
});