mirror of
https://github.com/wassname/talk.git
synced 2026-07-01 17:29:06 +08:00
updated based on cvle's feedback
This commit is contained in:
@@ -8,14 +8,14 @@ const Settings = {};
|
||||
|
||||
// PROTECTED_SETTINGS are the settings keys that must be protected for only some
|
||||
// eyes.
|
||||
const PROTECTED_SETTINGS = [
|
||||
'premodLinksEnable',
|
||||
'autoCloseStream',
|
||||
'wordlist',
|
||||
'domains',
|
||||
];
|
||||
const PROTECTED_SETTINGS = {
|
||||
'premodLinksEnable': [VIEW_PROTECTED_SETTINGS],
|
||||
'autoCloseStream': [VIEW_PROTECTED_SETTINGS],
|
||||
'wordlist': [VIEW_PROTECTED_SETTINGS],
|
||||
'domains': [VIEW_PROTECTED_SETTINGS],
|
||||
};
|
||||
|
||||
// decorate the fields on the settings resolver with a permission check.
|
||||
decorateWithPermissionCheck(Settings, VIEW_PROTECTED_SETTINGS, ...PROTECTED_SETTINGS);
|
||||
decorateWithPermissionCheck(Settings, PROTECTED_SETTINGS);
|
||||
|
||||
module.exports = Settings;
|
||||
|
||||
@@ -18,18 +18,17 @@ const decorateWithTags = (typeResolver) => {
|
||||
* permission checks.
|
||||
*
|
||||
* @param {Object} typeResolver the type resolver
|
||||
* @param {String} permission the permission constant used to check against the user
|
||||
* @param {Array<String>} fields the fields to apply this check to
|
||||
* @param {Object} protect the object with field -> Array<String> of permissions
|
||||
*/
|
||||
const decorateWithPermissionCheck = (typeResolver, permission, ...fields) => {
|
||||
for (const field of fields) {
|
||||
const decorateWithPermissionCheck = (typeResolver, protect) => {
|
||||
for (const [field, permissions] of Object.entries(protect)) {
|
||||
let fieldResolver = (obj) => obj[field];
|
||||
if (field in typeResolver) {
|
||||
fieldResolver = typeResolver[field];
|
||||
}
|
||||
|
||||
typeResolver[field] = (obj, args, ctx, info) => {
|
||||
if (!ctx.user || !ctx.user.can(permission)) {
|
||||
if (!ctx.user || !ctx.user.can(...permissions)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -1209,9 +1209,11 @@ type RootMutation {
|
||||
removeTag(tag: ModifyTagInput!): ModifyTagResponse!
|
||||
|
||||
# updateSettings will update the global settings.
|
||||
# Mutation is restricted.
|
||||
updateSettings(input: UpdateSettingsInput!): UpdateSettingsResponse!
|
||||
|
||||
# updateWordlist will update the given Wordlist.
|
||||
# Mutation is restricted.
|
||||
updateWordlist(input: UpdateWordlistInput!): UpdateWordlistResponse!
|
||||
|
||||
# Ignore comments by another user
|
||||
|
||||
+2
-5
@@ -41,11 +41,8 @@ const findGrant = (user, perms) => {
|
||||
*/
|
||||
module.exports = (user, ...perms) => {
|
||||
|
||||
// make sure all the passed permissions are not typos
|
||||
const missingPerms = perms.filter((perm) => {
|
||||
return allPermissions.indexOf(perm) === -1;
|
||||
});
|
||||
|
||||
// Make sure all the passed permissions are not typos.
|
||||
const missingPerms = perms.filter((perm) => !allPermissions.includes(perm));
|
||||
if (missingPerms.length > 0) {
|
||||
throw new Error(`${missingPerms.join(' ')} are not valid permissions.`);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user