yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
outline/server/policies/user.ts
Tom Moor c27cd945a7 Policies refactor, guest roles (#6732)
2024-03-31 17:28:35 -07:00

60 lines
1.2 KiB
TypeScript
Raw Permalink Blame History

import { TeamPreference } from "@shared/types";
import { User, Team } from "@server/models";
import { allow } from "./cancan";
import { and, isTeamAdmin, isTeamModel, isTeamMutable, or } from "./utils";
allow(User, "read", User, isTeamModel);
allow(User, "listUsers", Team, (actor, team) =>
and(
//
isTeamModel(actor, team),
!actor.isGuest
)
);
allow(User, "inviteUser", Team, (actor, team) =>
and(
isTeamModel(actor, team),
isTeamMutable(actor),
!actor.isGuest,
!actor.isViewer,
actor.isAdmin || !!team?.getPreference(TeamPreference.MembersCanInvite)
)
);
allow(User, ["update", "delete", "readDetails"], User, (actor, user) =>
or(
//
isTeamAdmin(actor, user),
actor.id === user?.id
)
);
allow(User, ["activate", "suspend"], User, isTeamAdmin);
allow(User, "promote", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!user?.isAdmin,
!user?.isSuspended
)
);
allow(User, "demote", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!user?.isSuspended
)
);
allow(User, "resendInvite", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!!user?.isInvited
)
);
Reference in New Issue View Git Blame Copy Permalink