2016-06-15 11:07:10 +09:00
|
|
|
|
import Users from './namespace.js';
|
|
|
|
|
|
|
2015-09-19 10:33:37 +09:00
|
|
|
|
// note: using collection helpers here is probably a bad idea,
|
|
|
|
|
|
// because they'll throw an error when the user is undefined
|
|
|
|
|
|
|
2015-04-22 07:50:11 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Telescope permissions
|
2015-04-22 07:50:11 +09:00
|
|
|
|
* @namespace Users.can
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can = {};
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a given user has access to view posts
|
2016-02-06 12:31:12 +09:00
|
|
|
|
* @param {Object} user
|
2015-04-22 07:50:11 +09:00
|
|
|
|
*/
|
|
|
|
|
|
Users.can.view = function (user) {
|
2016-02-16 16:12:13 +09:00
|
|
|
|
if (Telescope.settings.get('requireViewInvite', false)) {
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
|
|
|
|
|
if (Meteor.isClient) {
|
|
|
|
|
|
// on client only, default to the current user
|
|
|
|
|
|
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2015-04-27 17:14:07 +09:00
|
|
|
|
return (!!user && (Users.is.admin(user) || Users.is.invited(user)));
|
2015-04-22 07:50:11 +09:00
|
|
|
|
}
|
|
|
|
|
|
return true;
|
|
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canView: function () {return Users.can.view(this);}});
|
|
|
|
|
|
|
2016-02-06 12:31:12 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a given user can view a specific post
|
2016-02-06 12:31:12 +09:00
|
|
|
|
* @param {Object} user
|
|
|
|
|
|
* @param {Object} post
|
|
|
|
|
|
*/
|
2015-04-28 17:15:53 +09:00
|
|
|
|
Users.can.viewById = function (userId) {
|
|
|
|
|
|
// if an invite is required to view, run permission check, else return true
|
2016-02-16 16:12:13 +09:00
|
|
|
|
if (Telescope.settings.get('requireViewInvite', false)) {
|
2015-04-28 17:15:53 +09:00
|
|
|
|
return !!userId ? Users.can.view(Meteor.users.findOne(userId)) : false;
|
|
|
|
|
|
}
|
|
|
|
|
|
return true;
|
|
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canViewById: function () {return Users.can.viewById(this);}});
|
2015-04-28 17:15:53 +09:00
|
|
|
|
|
2016-02-06 12:31:12 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a given user has permission to submit new posts
|
2016-02-06 12:31:12 +09:00
|
|
|
|
* @param {Object} user
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can.post = function (user) {
|
2016-03-15 11:19:48 +09:00
|
|
|
|
|
2015-04-22 07:50:11 +09:00
|
|
|
|
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
|
|
|
|
|
|
2016-02-06 12:31:12 +09:00
|
|
|
|
if (!user) { // no account
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-03-15 11:19:48 +09:00
|
|
|
|
if (Users.is.admin(user)) { //admin
|
2015-04-22 07:50:11 +09:00
|
|
|
|
return true;
|
2016-02-06 12:31:12 +09:00
|
|
|
|
}
|
|
|
|
|
|
|
2016-02-16 16:12:13 +09:00
|
|
|
|
if (Telescope.settings.get('requirePostInvite', false)) { // invite required?
|
2016-02-06 12:31:12 +09:00
|
|
|
|
if (user.isInvited()) { // invited user
|
2015-04-22 07:50:11 +09:00
|
|
|
|
return true;
|
2016-02-06 12:31:12 +09:00
|
|
|
|
} else { // not invited
|
2015-05-17 12:04:46 +09:00
|
|
|
|
return false;
|
2015-04-22 07:50:11 +09:00
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canPost: function () {return Users.can.post(this);}});
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
2016-02-06 12:31:12 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a given user has permission to comment (same as posting for now)
|
2016-02-06 12:31:12 +09:00
|
|
|
|
* @param {Object} user
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can.comment = function (user) {
|
|
|
|
|
|
return Users.can.post(user);
|
2015-04-22 07:50:11 +09:00
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canComment: function () {return Users.can.comment(this);}});
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
2016-02-06 12:31:12 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a user has permission to vote (same as posting for now)
|
2016-02-06 12:31:12 +09:00
|
|
|
|
* @param {Object} user
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can.vote = function (user) {
|
|
|
|
|
|
return Users.can.post(user);
|
2015-04-22 07:50:11 +09:00
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canVote: function () {return Users.can.vote(this);}});
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
2015-04-28 17:15:53 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a user can edit a document
|
2015-04-28 17:15:53 +09:00
|
|
|
|
* @param {Object} user - The user performing the action
|
|
|
|
|
|
* @param {Object} document - The document being edited
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can.edit = function (user, document) {
|
2015-04-22 07:50:11 +09:00
|
|
|
|
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
|
|
|
|
|
|
2015-04-28 17:15:53 +09:00
|
|
|
|
if (!user || !document) {
|
|
|
|
|
|
return false;
|
2015-04-22 07:50:11 +09:00
|
|
|
|
}
|
2015-04-28 17:15:53 +09:00
|
|
|
|
|
2016-05-06 17:07:40 -04:00
|
|
|
|
if (document.hasOwnProperty('isDeleted') && document.isDeleted) return false;
|
|
|
|
|
|
|
2015-04-28 17:15:53 +09:00
|
|
|
|
var adminCheck = Users.is.admin(user);
|
|
|
|
|
|
var ownerCheck = Users.is.owner(user, document);
|
|
|
|
|
|
|
|
|
|
|
|
return adminCheck || ownerCheck;
|
|
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canEdit: function (document) {return Users.can.edit(this, document);}});
|
2015-04-28 17:15:53 +09:00
|
|
|
|
|
|
|
|
|
|
Users.can.editById = function (userId, document) {
|
|
|
|
|
|
var user = Meteor.users.findOne(userId);
|
|
|
|
|
|
return Users.can.edit(user, document);
|
2015-04-22 07:50:11 +09:00
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canEditById: function (document) {return Users.can.editById(this, document);}});
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
2015-04-28 11:32:53 +09:00
|
|
|
|
/**
|
2016-04-09 09:41:20 +09:00
|
|
|
|
* @summary Check if a user can submit a field
|
2015-04-28 11:32:53 +09:00
|
|
|
|
* @param {Object} user - The user performing the action
|
|
|
|
|
|
* @param {Object} field - The field being edited or inserted
|
|
|
|
|
|
*/
|
|
|
|
|
|
Users.can.submitField = function (user, field) {
|
2016-02-28 13:12:36 +09:00
|
|
|
|
return user && field.insertableIf && field.insertableIf(user);
|
2015-05-01 18:22:00 +02:00
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canSubmitField: function (field) {return Users.can.submitField(this, field);}});
|
2015-04-28 09:44:43 +09:00
|
|
|
|
|
2015-05-10 13:37:42 +09:00
|
|
|
|
/** @function
|
2015-04-28 17:15:53 +09:00
|
|
|
|
* Check if a user can edit a field – for now, identical to Users.can.submitField
|
2015-04-28 11:32:53 +09:00
|
|
|
|
* @param {Object} user - The user performing the action
|
|
|
|
|
|
* @param {Object} field - The field being edited or inserted
|
|
|
|
|
|
*/
|
2016-02-28 13:12:36 +09:00
|
|
|
|
Users.can.editField = function (user, field, document) {
|
|
|
|
|
|
return user && field.editableIf && field.editableIf(user, document);
|
|
|
|
|
|
};
|
2015-04-22 07:50:11 +09:00
|
|
|
|
|
|
|
|
|
|
Users.can.invite = function (user) {
|
2015-04-27 17:14:07 +09:00
|
|
|
|
return Users.is.invited(user) || Users.is.admin(user);
|
2015-05-01 18:22:00 +02:00
|
|
|
|
};
|
2015-09-19 10:33:37 +09:00
|
|
|
|
Users.helpers({canInvite: function () {return Users.can.invite(this);}});
|
|
|
|
|
|
|
