b42e9737b6
* WIP * feat: Add collection.memberships endpoint * feat: Add ability to filter collection.memberships with query * WIP * Merge stashed work * feat: Add ability to filter memberships by permission * continued refactoring * paginated list component * Collection member management * fix: Incorrect policy data sent down after collection.update * Reduce duplication, add empty state * cleanup * fix: Modal close should be a real button * fix: Allow opening edit from modal * fix: remove unused methods * test: fix * Passing test suite * Refactor * fix: Flow UI errors * test: Add collections.update tests * lint * test: moar tests * fix: Missing scopes, more missing tests * fix: Handle collection privacy change over socket * fix: More membership scopes * fix: view endpoint permissions * fix: respond to privacy change on socket event * policy driven menus * fix: share endpoint policies * chore: Use policies to drive documents UI * alignment * fix: Header height * fix: Correct behavior when collection becomes private * fix: Header height for read-only collection * send id's over socket instead of serialized objects * fix: Remote policy change * fix: reduce collection fetching * More websocket efficiencies * fix: Document collection pinning * fix: Restored ability to edit drafts fix: Removed ability to star drafts * fix: Require write permissions to pin doc to collection * fix: Header title overlaying document actions at small screen sizes * fix: Jank on load caused by previous commit * fix: Double collection fetch post-publish * fix: Hide publish button if draft is in no longer accessible collection * fix: Always allow deleting drafts fix: Improved handling of deleted documents * feat: Show collections in drafts view feat: Show more obvious 'draft' badge on documents * fix: incorrect policies after publish to private collection * fix: Duplicating a draft publishes it
111 lines
3.1 KiB
JavaScript
111 lines
3.1 KiB
JavaScript
// @flow
|
|
import invariant from 'invariant';
|
|
import policy from './policy';
|
|
import { Document, Revision, User } from '../models';
|
|
|
|
const { allow, cannot } = policy;
|
|
|
|
allow(User, 'create', Document);
|
|
|
|
allow(User, ['read', 'download'], Document, (user, document) => {
|
|
// existance of collection option is not required here to account for share tokens
|
|
if (document.collection && cannot(user, 'read', document.collection)) {
|
|
return false;
|
|
}
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, ['share'], Document, (user, document) => {
|
|
if (document.archivedAt) return false;
|
|
|
|
// existance of collection option is not required here to account for share tokens
|
|
if (document.collection && cannot(user, 'read', document.collection)) {
|
|
return false;
|
|
}
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, ['star', 'unstar'], Document, (user, document) => {
|
|
if (document.archivedAt) return false;
|
|
if (!document.publishedAt) return false;
|
|
|
|
invariant(
|
|
document.collection,
|
|
'collection is missing, did you forget to include in the query scope?'
|
|
);
|
|
if (cannot(user, 'read', document.collection)) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, 'update', Document, (user, document) => {
|
|
invariant(
|
|
document.collection,
|
|
'collection is missing, did you forget to include in the query scope?'
|
|
);
|
|
if (cannot(user, 'update', document.collection)) return false;
|
|
if (document.archivedAt) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, ['move', 'pin', 'unpin'], Document, (user, document) => {
|
|
invariant(
|
|
document.collection,
|
|
'collection is missing, did you forget to include in the query scope?'
|
|
);
|
|
if (cannot(user, 'update', document.collection)) return false;
|
|
if (document.archivedAt) return false;
|
|
if (!document.publishedAt) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, 'delete', Document, (user, document) => {
|
|
// unpublished drafts can always be deleted
|
|
if (!document.publishedAt && user.teamId === document.teamId) {
|
|
return true;
|
|
}
|
|
|
|
// allow deleting document without a collection
|
|
if (document.collection && cannot(user, 'update', document.collection))
|
|
return false;
|
|
if (document.archivedAt) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, 'archive', Document, (user, document) => {
|
|
invariant(
|
|
document.collection,
|
|
'collection is missing, did you forget to include in the query scope?'
|
|
);
|
|
if (cannot(user, 'update', document.collection)) return false;
|
|
|
|
if (!document.publishedAt) return false;
|
|
if (document.archivedAt) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(User, 'unarchive', Document, (user, document) => {
|
|
invariant(
|
|
document.collection,
|
|
'collection is missing, did you forget to include in the query scope?'
|
|
);
|
|
if (cannot(user, 'update', document.collection)) return false;
|
|
|
|
if (!document.archivedAt) return false;
|
|
|
|
return user.teamId === document.teamId;
|
|
});
|
|
|
|
allow(
|
|
Document,
|
|
'restore',
|
|
Revision,
|
|
(document, revision) => document.id === revision.documentId
|
|
);
|