updated based on cvle's feedback

This commit is contained in:
Wyatt Johnson
2017-08-31 11:48:38 -06:00
parent 7b71511cae
commit dfd77dbf63
4 changed files with 15 additions and 17 deletions
+7 -7
View File
@@ -8,14 +8,14 @@ const Settings = {};
// PROTECTED_SETTINGS are the settings keys that must be protected for only some
// eyes.
const PROTECTED_SETTINGS = [
'premodLinksEnable',
'autoCloseStream',
'wordlist',
'domains',
];
const PROTECTED_SETTINGS = {
'premodLinksEnable': [VIEW_PROTECTED_SETTINGS],
'autoCloseStream': [VIEW_PROTECTED_SETTINGS],
'wordlist': [VIEW_PROTECTED_SETTINGS],
'domains': [VIEW_PROTECTED_SETTINGS],
};
// decorate the fields on the settings resolver with a permission check.
decorateWithPermissionCheck(Settings, VIEW_PROTECTED_SETTINGS, ...PROTECTED_SETTINGS);
decorateWithPermissionCheck(Settings, PROTECTED_SETTINGS);
module.exports = Settings;
+4 -5
View File
@@ -18,18 +18,17 @@ const decorateWithTags = (typeResolver) => {
* permission checks.
*
* @param {Object} typeResolver the type resolver
* @param {String} permission the permission constant used to check against the user
* @param {Array<String>} fields the fields to apply this check to
* @param {Object} protect the object with field -> Array<String> of permissions
*/
const decorateWithPermissionCheck = (typeResolver, permission, ...fields) => {
for (const field of fields) {
const decorateWithPermissionCheck = (typeResolver, protect) => {
for (const [field, permissions] of Object.entries(protect)) {
let fieldResolver = (obj) => obj[field];
if (field in typeResolver) {
fieldResolver = typeResolver[field];
}
typeResolver[field] = (obj, args, ctx, info) => {
if (!ctx.user || !ctx.user.can(permission)) {
if (!ctx.user || !ctx.user.can(...permissions)) {
return null;
}
+2
View File
@@ -1209,9 +1209,11 @@ type RootMutation {
removeTag(tag: ModifyTagInput!): ModifyTagResponse!
# updateSettings will update the global settings.
# Mutation is restricted.
updateSettings(input: UpdateSettingsInput!): UpdateSettingsResponse!
# updateWordlist will update the given Wordlist.
# Mutation is restricted.
updateWordlist(input: UpdateWordlistInput!): UpdateWordlistResponse!
# Ignore comments by another user
+2 -5
View File
@@ -41,11 +41,8 @@ const findGrant = (user, perms) => {
*/
module.exports = (user, ...perms) => {
// make sure all the passed permissions are not typos
const missingPerms = perms.filter((perm) => {
return allPermissions.indexOf(perm) === -1;
});
// Make sure all the passed permissions are not typos.
const missingPerms = perms.filter((perm) => !allPermissions.includes(perm));
if (missingPerms.length > 0) {
throw new Error(`${missingPerms.join(' ')} are not valid permissions.`);
}