From d1cf6fd19bfb1297da9a6d09a36a2b24d7d0cacd Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Wed, 1 Feb 2017 10:45:01 -0700 Subject: [PATCH] Applied patch --- graph/loaders/comments.js | 6 +++++- graph/resolvers/user.js | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/graph/loaders/comments.js b/graph/loaders/comments.js index 7298cbbf4..144586064 100644 --- a/graph/loaders/comments.js +++ b/graph/loaders/comments.js @@ -73,7 +73,7 @@ const getCountsByParentID = (context, parent_ids) => { * @param {Object} context graph context * @param {Object} query query terms to apply to the comments query */ -const getCommentsByQuery = ({user}, {ids, statuses, asset_id, parent_id, limit, cursor, sort}) => { +const getCommentsByQuery = ({user}, {ids, statuses, asset_id, parent_id, author_id, limit, cursor, sort}) => { let comments = CommentModel.find(); // Only administrators can search for comments with statuses that are not @@ -100,6 +100,10 @@ const getCommentsByQuery = ({user}, {ids, statuses, asset_id, parent_id, limit, }); } + if (user && (user.hasRoles('ADMIN') || user.id === author_id)) { + comments = comments.where({author_id}); + } + if (asset_id) { comments = comments.where({asset_id}); } diff --git a/graph/resolvers/user.js b/graph/resolvers/user.js index 8cc11bba3..c75cdbf54 100644 --- a/graph/resolvers/user.js +++ b/graph/resolvers/user.js @@ -7,7 +7,7 @@ const User = { // If the user is not an admin, only return comment list for the owner of // the comments. if (user && (user.hasRoles('ADMIN') || user.id === id)) { - return Comments.getByAuthorID.load(id); + return Comments.getByQuery({author_id: id}); } return null;