diff --git a/graph/loaders/comments.js b/graph/loaders/comments.js index b09dbc497..2287527e6 100644 --- a/graph/loaders/comments.js +++ b/graph/loaders/comments.js @@ -226,7 +226,7 @@ const getCommentsByQuery = async ({user}, {ids, statuses, asset_id, parent_id, a // Only administrators can search for comments with statuses that are not // `null`, or `'ACCEPTED'`. - if (user != null && user.canViewNonNullOrAcceptedComments() && statuses) { + if (user != null && user.can('SEARCH_NON_NULL_OR_ACCEPTED_COMMENTS') && statuses) { comments = comments.where({ status: { $in: statuses @@ -249,7 +249,7 @@ const getCommentsByQuery = async ({user}, {ids, statuses, asset_id, parent_id, a } // Only let an admin request any user or the current user request themself. - if (user && (user.canViewOthersComments() || user.id === author_id) && author_id != null) { + if (user && (user.can('SEARCH_OTHERS_COMMENTS') || user.id === author_id) && author_id != null) { comments = comments.where({author_id}); } @@ -403,7 +403,7 @@ const genRecentComments = (_, ids) => { */ const genComments = ({user}, ids) => { let comments; - if (user && user.canViewOthersComments()) { + if (user && user.can('SEARCH_OTHERS_COMMENTS')) { comments = CommentModel.find({ id: { $in: ids diff --git a/graph/mutators/action.js b/graph/mutators/action.js index a572a641c..dc3fe1a70 100644 --- a/graph/mutators/action.js +++ b/graph/mutators/action.js @@ -45,7 +45,7 @@ const deleteAction = ({user}, {id}) => { }; module.exports = (context) => { - if (context.user && context.user.can('mutation:createAction', 'mutation:deleteAction')) { + if (context.user && context.user.can('CREATE_ACTION', 'DELETE_ACTION')) { return { Action: { create: (action) => createAction(context, action), diff --git a/graph/mutators/comment.js b/graph/mutators/comment.js index 9557c1dcf..51ebc5a4f 100644 --- a/graph/mutators/comment.js +++ b/graph/mutators/comment.js @@ -236,19 +236,19 @@ module.exports = (context) => { } }; - if (context.user && context.user.can('mutation:createComment')) { + if (context.user && context.user.can('CREATE_COMMENT')) { mutators.Comment.create = (comment) => createPublicComment(context, comment); } - if (context.user && context.user.can('mutation:setCommentStatus')) { + if (context.user && context.user.can('SET_COMMENT_STATUS')) { mutators.Comment.setCommentStatus = (action) => setCommentStatus(context, action); } - if (context.user && context.user.can('mutation:addCommentTag')) { + if (context.user && context.user.can('ADD_COMMENT_TAG')) { mutators.Comment.addCommentTag = (action) => addCommentTag(context, action); } - if (context.user && context.user.can('mutation:removeCommentTag')) { + if (context.user && context.user.can('REMOVE_COMMENT_TAG')) { mutators.Comment.removeCommentTag = (action) => removeCommentTag(context, action); } diff --git a/graph/mutators/user.js b/graph/mutators/user.js index d68351701..c5819fded 100644 --- a/graph/mutators/user.js +++ b/graph/mutators/user.js @@ -31,11 +31,11 @@ module.exports = (context) => { } }; - if (context.user && context.user.can('mutation:setUserStatus')) { + if (context.user && context.user.can('SET_USER_STATUS')) { mutators.User.setUserStatus = (action) => setUserStatus(context, action); } - if (context.user && context.user.can('mutation:suspendUser')) { + if (context.user && context.user.can('SUSPEND_USER')) { mutators.User.suspendUser = (action) => suspendUser(context, action); } diff --git a/graph/resolvers/action.js b/graph/resolvers/action.js index cf7be3beb..2814dc85f 100644 --- a/graph/resolvers/action.js +++ b/graph/resolvers/action.js @@ -11,7 +11,7 @@ const Action = { // This will load the user for the specific action. We'll limit this to the // admin users only or the current logged in user. user({user_id}, _, {loaders: {Users}, user}) { - if (user && (user.canViewOtherUsers() || user_id === user.id)) { + if (user && (user.can('SEARCH_OTHER_USERS') || user_id === user.id)) { return Users.getByID.load(user_id); } } diff --git a/graph/resolvers/comment.js b/graph/resolvers/comment.js index fb01a1585..2a678469b 100644 --- a/graph/resolvers/comment.js +++ b/graph/resolvers/comment.js @@ -29,7 +29,7 @@ const Comment = { }, actions({id}, _, {user, loaders: {Actions}}) { - if (user && user.canViewActions()) { + if (user && user.can('SEARCH_ACTIONS')) { return Actions.getByID.load(id); } diff --git a/graph/resolvers/root_query.js b/graph/resolvers/root_query.js index 9deaba5f6..3f76cb9d2 100644 --- a/graph/resolvers/root_query.js +++ b/graph/resolvers/root_query.js @@ -1,6 +1,6 @@ const RootQuery = { assets(_, args, {loaders: {Assets}, user}) { - if (user == null || !user.canQueryAssets()) { + if (user == null || !user.can('SEARCH_ASSETS')) { return null; } @@ -22,7 +22,7 @@ const RootQuery = { comments(_, {query: {action_type, statuses, asset_id, parent_id, limit, cursor, sort, excludeIgnored}}, {user, loaders: {Comments, Actions}}) { let query = {statuses, asset_id, parent_id, limit, cursor, sort, excludeIgnored}; - if (user != null && user.canViewOthersComments() && action_type) { + if (user != null && user.can('SEARCH_OTHERS_COMMENTS') && action_type) { return Actions.getByTypes({action_type, item_type: 'COMMENTS'}) .then((ids) => { @@ -37,7 +37,7 @@ const RootQuery = { return Comments.get.load(id); }, commentCount(_, {query: {action_type, statuses, asset_id, parent_id}}, {user, loaders: {Actions, Comments}}) { - if (user == null || !user.canViewOthersComments()) { + if (user == null || !user.can('SEARCH_OTHERS_COMMENTS')) { return null; } @@ -54,7 +54,7 @@ const RootQuery = { }, assetMetrics(_, {from, to, sort, limit = 10}, {user, loaders: {Metrics: {Assets}}}) { - if (user == null || !user.canQueryAssets()) { + if (user == null || !user.can('SEARCH_ASSETS')) { return null; } @@ -66,7 +66,7 @@ const RootQuery = { }, commentMetrics(_, {from, to, sort, limit = 10}, {user, loaders: {Metrics: {Comments}}}) { - if (user == null || !user.canViewCommentMetrics()) { + if (user == null || !user.can('SEARCH_COMMENT_METRICS')) { return null; } @@ -100,7 +100,7 @@ const RootQuery = { // so hide it in the event that we aren't an admin. users(_, {query: {action_type, limit, cursor, sort}}, {user, loaders: {Users, Actions}}) { - if (user == null || !user.canViewOtherUsers()) { + if (user == null || !user.can('SEARCH_OTHER_USERS')) { return null; } diff --git a/graph/resolvers/user.js b/graph/resolvers/user.js index 03e1b121a..faec4bd75 100644 --- a/graph/resolvers/user.js +++ b/graph/resolvers/user.js @@ -5,7 +5,7 @@ const User = { actions({id}, _, {user, loaders: {Actions}}) { // Only return the actions if the user is not an admin. - if (user && user.canViewActions()) { + if (user && user.can('SEARCH_ACTIONS')) { return Actions.getByID.load(id); } @@ -14,7 +14,7 @@ const User = { // If the user is not an admin, only return comment list for the owner of // the comments. - if (user && (user.canViewOthersComments() || user.id === id)) { + if (user && (user.can('SEARCH_OTHERS_COMMENTS') || user.id === id)) { return Comments.getByQuery({author_id: id, sort: 'REVERSE_CHRONOLOGICAL'}); } @@ -23,7 +23,7 @@ const User = { roles({id, roles}, _, {user}) { // If the user is not an admin, only return the current user's roles. - if (user && (user.canChangeRoles() || user.id === id)) { + if (user && (user.can('UPDATE_USER_ROLES') || user.id === id)) { return roles; } diff --git a/models/user.js b/models/user.js index ab88fe6f1..932d11775 100644 --- a/models/user.js +++ b/models/user.js @@ -159,41 +159,6 @@ UserSchema.index({ background: false }); -/** - * returns true if the user can look up assets through the api - */ -UserSchema.method('canQueryAssets', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * returns true if the user can view actions - */ -UserSchema.method('canViewActions', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * returns true if the user can view non-null or non-ACCEPTED comments - */ -UserSchema.method('canViewNonNullOrAcceptedComments', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * returns true when a user can view comments that are not their own - */ -UserSchema.method('canViewOthersComments', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * returns true when a user can view comment metrics - */ -UserSchema.method('canViewCommentMetrics', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - /** * returns true if a commenter is staff */ @@ -201,35 +166,6 @@ UserSchema.method('isStaff', function () { return !!intersection(['ADMIN', 'MODERATOR', 'STAFF'], this.roles).length; }); -/** - * returns true when a user can see other user info - */ -UserSchema.method('canViewOtherUsers', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * when a user can modify tags - */ -UserSchema.method('canModifyTags', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -/** - * when a user can change roles - */ -UserSchema.method('canChangeUserRoles', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -UserSchema.method('canSetCommentStatus', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - -UserSchema.method('canSetUserStatus', function () { - return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length; -}); - /** * This verifies that a password is valid. */ @@ -249,39 +185,12 @@ UserSchema.method('verifyPassword', function(password) { }); }); -/** - * All the graph operations that are available for a user. - * @type {Array} - */ -const USER_GRAPH_OPERATIONS = [ - 'mutation:createComment', - 'mutation:createAction', - 'mutation:deleteAction', - 'mutation:editName', - 'mutation:setUserStatus', - 'mutation:suspendUser', - 'mutation:setCommentStatus', - 'mutation:addCommentTag', - 'mutation:removeCommentTag' -]; - /** * Can returns true if the user is allowed to perform a specific graph * operation. */ UserSchema.method('can', function(...actions) { return can(this, null, actions); - - if (actions.some((action) => action === 'mutation:setUserStatus' || action === 'mutation:suspendUser' || action === 'mutation:setCommentStatus') && !this.canSetUserStatus()) { - return false; - } - - // {add,remove}CommentTag - requires admin and/or moderator role - if (actions.some(a => ['mutation:removeCommentTag', 'mutation:addCommentTag'].includes(a)) && ! this.canModifyTags()) { - return false; - } - - return true; }); // Create the User model. diff --git a/perms/mutationReducer.js b/perms/mutationReducer.js index 7e3c1b3cd..9aa34b017 100644 --- a/perms/mutationReducer.js +++ b/perms/mutationReducer.js @@ -13,28 +13,31 @@ module.exports = { SET_COMMENT_STATUS: 'SET_COMMENT_STATUS', ADD_COMMENT_TAG: 'ADD_COMMENT_TAG', REMOVE_COMMENT_TAG: 'REMOVE_COMMENT_TAG', + UPDATE_USER_ROLES: 'UPDATE_USER_ROLES', UPDATE_CONFIG: 'UPDATE_CONFIG', reducer: function (user, perm, context, initialState) { switch (perm) { - case 'muation:createComment': + case this.CREATE_COMMENT: return true; - case 'mutation:createAction': + case this.CREATE_ACTION: return true; - case 'mutation:deleteAction': + case this.DELETE_ACTION: return true; - case 'mutation:editName': + case this.EDIT_NAME: return true; - case 'mutation:setUserStatus': + case this.UPDATE_USER_ROLES: + return check(user, ['ADMIN']); + case this.SET_USER_STATUS: return check(user, ['ADMIN', 'MODERATOR']); - case 'mutation:suspendUser': + case this.SUSPEND_USER: return check(user, ['ADMIN', 'MODERATOR']); - case 'mutation:setCommentStatus': + case this.SET_COMMENT_STATUS: return check(user, ['ADMIN', 'MODERATOR']); - case 'mutation:addCommentTag': + case this.ADD_COMMENT_TAG: return check(user, ['ADMIN', 'MODERATOR']); - case 'mutation:removeCommentTag': + case this.REMOVE_COMMENT_TAG: return check(user, ['ADMIN', 'MODERATOR']); - case 'mutation:updateConfig': + case this.UPDATE_CONFIG: return check(user, ['ADMIN', 'MODERATOR']); default: return initialState;