yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e754f89e5c96def8b830f63b29b2fa779c7ded1f
outline/server/policies/collection.ts
Tom Moor 212985e18f feat: Allow viewers to be upgraded to editors on individual collections (#4023) 
* Improve types

* More types, fix default permission for viewers added to collection

* fix change of default role for CollectionGroup

* Restore policy

* test

* tests
2022-08-30 23:12:27 -07:00

161 lines
3.6 KiB
TypeScript
Raw Blame History

import invariant from "invariant";
import { some } from "lodash";
import { CollectionPermission } from "@shared/types";
import { Collection, User, Team } from "@server/models";
import { AdminRequiredError } from "../errors";
import { allow } from "./cancan";
allow(User, "createCollection", Team, (user, team) => {
if (!team || user.isViewer || user.teamId !== team.id) {
return false;
}
if (user.isAdmin || team.memberCollectionCreate) {
return true;
}
return false;
});
allow(User, "importCollection", Team, (actor, team) => {
if (!team || actor.teamId !== team.id) {
return false;
}
if (actor.isAdmin) {
return true;
}
throw AdminRequiredError();
});
allow(User, "move", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (collection.deletedAt) {
return false;
}
if (user.isAdmin) {
return true;
}
throw AdminRequiredError();
});
allow(User, ["read", "star", "unstar"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (user.isAdmin) {
return true;
}
if (!collection.permission) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(allMemberships, (m) =>
Object.values(CollectionPermission).includes(m.permission)
);
}
return true;
});
allow(User, "share", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (!collection.sharing) {
return false;
}
if (user.isAdmin) {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
}
return true;
});
allow(User, ["publish", "update"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (user.isAdmin) {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
}
return true;
});
allow(User, "delete", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (user.isAdmin) {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
}
if (user.id === collection.createdById) {
return true;
}
throw AdminRequiredError();
});
Reference in New Issue View Git Blame Copy Permalink