22 lines
441 B
TypeScript
22 lines
441 B
TypeScript
import { Subscription, User } from "@server/models";
|
|
import { allow } from "./cancan";
|
|
|
|
allow(
|
|
User,
|
|
["read", "update", "delete"],
|
|
Subscription,
|
|
(user, subscription) => {
|
|
if (!subscription) {
|
|
return false;
|
|
}
|
|
|
|
// If `user` is an admin, early exit with allow.
|
|
if (user.isAdmin) {
|
|
return true;
|
|
}
|
|
|
|
// User should be able to read their subscriptions.
|
|
return user.id === subscription.userId;
|
|
}
|
|
);
|