Noded/backend
3
0
Fork 0
Code Issues 19 Pull Requests Releases Wiki Activity

Add public user support, break API into individual files

Browse Source
This commit is contained in:
Garrett Mills
2020-11-10 20:57:43 -06:00
parent 37f9c09fe2
commit 4636521d50
16 changed files with 371 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/api/FileGroup.model.js
View File

@@ -18,10 +18,6 @@ class FileGroup extends VersionedModel {
}
}
accessible_by(user, mode = 'view') {
return user.can(`files:${this.UUID}:${mode}`)
}
// Static and instance methods can go here
get page() {
const Page = require('./Page.model')

17
app/models/api/Page.model.js
View File

@@ -170,20 +170,17 @@ class Page extends VersionedModel {
}
// ================= SECURITY =================
accessible_by(user, mode = 'view') {
const base_access = user.can(`page:${this.UUID}:${mode}`)
}
async is_accessible_by(user, mode = 'view') {
const can_manage = user.can(`page:${this.UUID}:manage`)
const can_update = user.can(`page:${this.UUID}:update`)
const can_view = user.can(`page:${this.UUID}:view`)
const can_all = user.can(`page:${this.UUID}`)
const can_manage = await user.can(`page:${this.UUID}:manage`)
const can_update = await user.can(`page:${this.UUID}:update`)
const can_view = await user.can(`page:${this.UUID}:view`)
const can_all = await user.can(`page:${this.UUID}`)
// Allow universal access
if ( can_all ) return true
// deny if blocked
else if ( user.can(`page:${this.UUID}:block`) ) return false
else if ( await user.can(`page:${this.UUID}:block`) ) return false
// manage, update, view can view
else if ( mode === 'view' && (can_manage || can_update || can_view) ) return true
// manage, update can update
@@ -236,9 +233,9 @@ class Page extends VersionedModel {
async unshare_with(user) {
// Remove this page from the user's permissions
if ( user.can(`page:${this.UUID}`) ) user.disallow(`page:${this.UUID}`)
if ( await user.can(`page:${this.UUID}`) ) user.disallow(`page:${this.UUID}`)
for ( const level of ['view', 'update', 'manage'] ) {
if ( user.can(`page:${this.UUID}:${level}`) ) user.disallow(`page:${this.UUID}:${level}`)
if ( await user.can(`page:${this.UUID}:${level}`) ) user.disallow(`page:${this.UUID}:${level}`)
}
// Remove the user from this page's access lists