mirror of
https://github.com/wassname/talk.git
synced 2026-07-02 07:39:44 +08:00
remove hasRoles
This commit is contained in:
@@ -27,7 +27,7 @@ class LayoutContainer extends Component {
|
||||
|
||||
const {handleLogout, toggleShortcutModal, TALK_RECAPTCHA_PUBLIC} = this.props;
|
||||
if (loadingUser) { return <FullLoading />; }
|
||||
if (roleUtils.canAccessAdmin(user)) {
|
||||
if (!loggedIn) {
|
||||
return <AdminLogin
|
||||
loginMaxExceeded={loginMaxExceeded}
|
||||
handleLogin={this.props.handleLogin}
|
||||
|
||||
@@ -226,7 +226,7 @@ const getCommentsByQuery = async ({user}, {ids, statuses, asset_id, parent_id, a
|
||||
|
||||
// Only administrators can search for comments with statuses that are not
|
||||
// `null`, or `'ACCEPTED'`.
|
||||
if (user != null && user.hasRoles('ADMIN') && statuses) {
|
||||
if (user != null && user.canViewNonNullOrAcceptedComments() && statuses) {
|
||||
comments = comments.where({
|
||||
status: {
|
||||
$in: statuses
|
||||
@@ -249,7 +249,7 @@ const getCommentsByQuery = async ({user}, {ids, statuses, asset_id, parent_id, a
|
||||
}
|
||||
|
||||
// Only let an admin request any user or the current user request themself.
|
||||
if (user && (user.hasRoles('ADMIN') || user.id === author_id) && author_id != null) {
|
||||
if (user && (user.canViewOthersComments() || user.id === author_id) && author_id != null) {
|
||||
comments = comments.where({author_id});
|
||||
}
|
||||
|
||||
@@ -403,7 +403,7 @@ const genRecentComments = (_, ids) => {
|
||||
*/
|
||||
const genComments = ({user}, ids) => {
|
||||
let comments;
|
||||
if (user && user.hasRoles('ADMIN')) {
|
||||
if (user && user.canViewOthersComments()) {
|
||||
comments = CommentModel.find({
|
||||
id: {
|
||||
$in: ids
|
||||
|
||||
@@ -22,7 +22,7 @@ const createComment = ({user, loaders: {Comments}, pubsub}, {body, asset_id, par
|
||||
tags = tags.map(tag => ({name: tag}));
|
||||
|
||||
// If admin or moderator, adding STAFF tag
|
||||
if (user.hasRoles('ADMIN') || user.hasRoles('MODERATOR')) {
|
||||
if (user.isStaff()) {
|
||||
tags.push({name: 'STAFF'});
|
||||
}
|
||||
|
||||
|
||||
@@ -23,14 +23,13 @@ const Comment = {
|
||||
},
|
||||
replyCount({id}, {excludeIgnored}, {user, loaders: {Comments}}) {
|
||||
if (user && excludeIgnored) {
|
||||
return Comments.countByParentIDPersonalized({id, excludeIgnored});
|
||||
return Comments.countByParentIDPersonalized({id, excludeIgnored});
|
||||
}
|
||||
return Comments.countByParentID.load(id);
|
||||
return Comments.countByParentID.load(id);
|
||||
},
|
||||
actions({id}, _, {user, loaders: {Actions}}) {
|
||||
|
||||
// Only return the actions if the user is not an admin.
|
||||
if (user && user.hasRoles('ADMIN')) {
|
||||
if (user && user.canViewActions()) {
|
||||
return Actions.getByID.load(id);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
const RootQuery = {
|
||||
assets(_, args, {loaders: {Assets}, user}) {
|
||||
if (user == null || !user.hasRoles('ADMIN')) {
|
||||
if (user == null || !user.canQueryAssets()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ const RootQuery = {
|
||||
comments(_, {query: {action_type, statuses, asset_id, parent_id, limit, cursor, sort, excludeIgnored}}, {user, loaders: {Comments, Actions}}) {
|
||||
let query = {statuses, asset_id, parent_id, limit, cursor, sort, excludeIgnored};
|
||||
|
||||
if (user != null && user.hasRoles('ADMIN') && action_type) {
|
||||
if (user != null && user.canViewOthersComments() && action_type) {
|
||||
return Actions.getByTypes({action_type, item_type: 'COMMENTS'})
|
||||
.then((ids) => {
|
||||
|
||||
@@ -37,7 +37,7 @@ const RootQuery = {
|
||||
return Comments.get.load(id);
|
||||
},
|
||||
commentCount(_, {query: {action_type, statuses, asset_id, parent_id}}, {user, loaders: {Actions, Comments}}) {
|
||||
if (user == null || !user.hasRoles('ADMIN')) {
|
||||
if (user == null || !user.canViewOthersComments()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -54,7 +54,7 @@ const RootQuery = {
|
||||
},
|
||||
|
||||
assetMetrics(_, {from, to, sort, limit = 10}, {user, loaders: {Metrics: {Assets}}}) {
|
||||
if (user == null || !user.hasRoles('ADMIN')) {
|
||||
if (user == null || !user.canQueryAssets()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -66,7 +66,7 @@ const RootQuery = {
|
||||
},
|
||||
|
||||
commentMetrics(_, {from, to, sort, limit = 10}, {user, loaders: {Metrics: {Comments}}}) {
|
||||
if (user == null || !user.hasRoles('ADMIN')) {
|
||||
if (user == null || !user.canViewCommentMetrics()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -100,7 +100,7 @@ const RootQuery = {
|
||||
// so hide it in the event that we aren't an admin.
|
||||
users(_, {query: {action_type, limit, cursor, sort}}, {user, loaders: {Users, Actions}}) {
|
||||
|
||||
if (user == null || !user.hasRoles('ADMIN')) {
|
||||
if (user == null || !user.canViewOtherUsers()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ const User = {
|
||||
actions({id}, _, {user, loaders: {Actions}}) {
|
||||
|
||||
// Only return the actions if the user is not an admin.
|
||||
if (user && user.hasRoles('ADMIN')) {
|
||||
if (user && user.canViewActions()) {
|
||||
return Actions.getByID.load(id);
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ const User = {
|
||||
|
||||
// If the user is not an admin, only return comment list for the owner of
|
||||
// the comments.
|
||||
if (user && (user.hasRoles('ADMIN') || user.id === id)) {
|
||||
if (user && (user.canViewOthersComments() || user.id === id)) {
|
||||
return Comments.getByQuery({author_id: id, sort: 'REVERSE_CHRONOLOGICAL'});
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ const User = {
|
||||
roles({id, roles}, _, {user}) {
|
||||
|
||||
// If the user is not an admin, only return the current user's roles.
|
||||
if (user && (user.hasRoles('ADMIN') || user.id === id)) {
|
||||
if (user && (user.canChangeRoles() || user.id === id)) {
|
||||
return roles;
|
||||
}
|
||||
|
||||
|
||||
+69
-9
@@ -1,6 +1,7 @@
|
||||
const mongoose = require('../services/mongoose');
|
||||
const bcrypt = require('bcrypt');
|
||||
const uuid = require('uuid');
|
||||
const intersection = require('lodash/intersection');
|
||||
|
||||
// USER_ROLES is the array of roles that is permissible as a user role.
|
||||
const USER_ROLES = [
|
||||
@@ -158,14 +159,74 @@ UserSchema.index({
|
||||
});
|
||||
|
||||
/**
|
||||
* Returns true if the user has all the roles specified.
|
||||
* returns true if the user can look up assets through the api
|
||||
*/
|
||||
UserSchema.method('hasRoles', function(...roles) {
|
||||
return roles.every((role) => {
|
||||
UserSchema.method('canQueryAssets', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
// TODO: remove toUpperCase() once we've migrated usage.
|
||||
return this.roles.indexOf(role.toUpperCase()) >= 0;
|
||||
});
|
||||
/**
|
||||
* returns true if the user can view actions
|
||||
*/
|
||||
UserSchema.method('canViewActions', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* returns true if the user can view non-null or non-ACCEPTED comments
|
||||
*/
|
||||
UserSchema.method('canViewNonNullOrAcceptedComments', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* returns true when a user can view comments that are not their own
|
||||
*/
|
||||
UserSchema.method('canViewOthersComments', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* returns true when a user can view comment metrics
|
||||
*/
|
||||
UserSchema.method('canViewCommentMetrics', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* returns true if a commenter is staff
|
||||
*/
|
||||
UserSchema.method('isStaff', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR', 'STAFF'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* returns true when a user can see other user info
|
||||
*/
|
||||
UserSchema.method('canViewOtherUsers', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* when a user can modify tags
|
||||
*/
|
||||
UserSchema.method('canModifyTags', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
* when a user can change roles
|
||||
*/
|
||||
UserSchema.method('canChangeUserRoles', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
UserSchema.method('canSetCommentStatus', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
UserSchema.method('canSetUserStatus', function () {
|
||||
return !!intersection(['ADMIN', 'MODERATOR'], this.roles).length;
|
||||
});
|
||||
|
||||
/**
|
||||
@@ -216,13 +277,12 @@ UserSchema.method('can', function(...actions) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (actions.some((action) => action === 'mutation:setUserStatus' || action === 'mutation:suspendUser' || action === 'mutation:setCommentStatus') && !this.hasRoles('ADMIN')) {
|
||||
if (actions.some((action) => action === 'mutation:setUserStatus' || action === 'mutation:suspendUser' || action === 'mutation:setCommentStatus') && !this.canSetUserStatus()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// {add,remove}CommentTag - requires admin and/or moderator role
|
||||
const userCanModifyTags = user => ['ADMIN', 'MODERATOR'].some(r => user.hasRoles(r));
|
||||
if (actions.some(a => ['mutation:removeCommentTag', 'mutation:addCommentTag'].includes(a)) && ! userCanModifyTags(this)) {
|
||||
if (actions.some(a => ['mutation:removeCommentTag', 'mutation:addCommentTag'].includes(a)) && ! this.canModifyTags()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -44,6 +44,7 @@ describe('graph.mutations.addCommentTag', () => {
|
||||
Object.entries({
|
||||
'anonymous': undefined,
|
||||
'regular commenter': new UserModel({}),
|
||||
'staff': new UserModel({roles: ['STAFF']}),
|
||||
'banned moderator': new UserModel({roles: ['MODERATOR'], status: 'BANNED'})
|
||||
}).forEach(([ userDescription, user ]) => {
|
||||
it(userDescription, async function () {
|
||||
|
||||
Reference in New Issue
Block a user