33 lines
752 B
TypeScript
33 lines
752 B
TypeScript
import { AuthenticationProvider, User, Team } from "@server/models";
|
|
import { AdminRequiredError } from "../errors";
|
|
import { allow } from "./cancan";
|
|
|
|
allow(User, "createAuthenticationProvider", Team, (actor, team) => {
|
|
if (!team || actor.teamId !== team.id) return false;
|
|
if (actor.isAdmin) return true;
|
|
|
|
throw AdminRequiredError();
|
|
});
|
|
|
|
allow(
|
|
User,
|
|
"read",
|
|
AuthenticationProvider,
|
|
|
|
(actor, authenticationProvider) =>
|
|
actor && actor.teamId === authenticationProvider?.teamId
|
|
);
|
|
|
|
allow(
|
|
User,
|
|
["update", "delete"],
|
|
AuthenticationProvider,
|
|
|
|
(actor, authenticationProvider) => {
|
|
if (actor.teamId !== authenticationProvider?.teamId) return false;
|
|
if (actor.isAdmin) return true;
|
|
|
|
throw AdminRequiredError();
|
|
}
|
|
);
|