Vulcan/packages/telescope-lib/lib/permissions.js

'use strict';

can = {};

// Permissions

// user:                Defaults to Meteor.user()
//
// return true if all is well, false
can.view = function (user) {
  if (getSetting('requireViewInvite', false)) {

    if (Meteor.isClient) {
      // on client only, default to the current user
      user = (typeof user === 'undefined') ? Meteor.user() : user;
    }

    return (!!user && (isAdmin(user) || isInvited(user)));
  }
  return true;
};

can.viewPendingPosts = function (user) {
  user = (typeof user === 'undefined') ? Meteor.user() : user;
  return isAdmin(user);
};

can.viewRejectedPosts = function (user) {
  user = (typeof user === 'undefined') ? Meteor.user() : user;
  return isAdmin(user);
};

can.viewById = function (userId) {
  // if an invite is required to view, run permission check, else return true
  if (getSetting('requireViewInvite', false)) {
    return !!userId ? can.view(Meteor.users.findOne(userId)) : false;
  }
  return true;
};
can.post = function (user, returnError) {
  user = (typeof user === 'undefined') ? Meteor.user() : user;

  if (!user) {
    return returnError ? "no_account" : false;
  } else if (isAdmin(user)) {
    return true;
  } else if (getSetting('requirePostInvite')) {
    if (user.isInvited) {
      return true;
    } else {
      return returnError ? "no_invite" : false;
    }
  } else {
    return true;
  }
};
can.comment = function (user, returnError) {
  return can.post(user, returnError);
};
can.vote = function (user, returnError) {
  return can.post(user, returnError);
};
can.edit = function (user, item, returnError) {
  user = (typeof user === 'undefined') ? Meteor.user() : user;

  if (!user || !item || (user._id !== item.userId && !isAdmin(user))) {
    return returnError ? "no_rights" : false;
  } else {
    return true;
  }
};
can.editById = function (userId, item) {
  var user = Meteor.users.findOne(userId);
  return can.edit(user, item);
};
can.currentUserEdit = function (item) {
  return can.edit(Meteor.user(), item);
};
can.invite = function (user) {
  return isInvited(user) || isAdmin(user);
};
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`'use strict';`

Making notifications into their own package 2014-09-20 09:57:09 +09:00			`can = {};`

			`// Permissions`

			`// user: Defaults to Meteor.user()`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`//`
			`// return true if all is well, false`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.view = function (user) {`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`if (getSetting('requireViewInvite', false)) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`if (Meteor.isClient) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`// on client only, default to the current user`
Fixing nav tests and cleanup. Turning velocity back on and adding relevant packages to .meteor/versions 2015-01-05 17:51:54 +01:00			`user = (typeof user === 'undefined') ? Meteor.user() : user;`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`}`

Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`return (!!user && (isAdmin(user) \|\| isInvited(user)));`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`}`
			`return true;`
			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00
			`can.viewPendingPosts = function (user) {`
			`user = (typeof user === 'undefined') ? Meteor.user() : user;`
			`return isAdmin(user);`
			`};`

non-admins should not be able to access rejected posts 2015-02-22 09:05:47 +01:00			`can.viewRejectedPosts = function (user) {`
			`user = (typeof user === 'undefined') ? Meteor.user() : user;`
			`return isAdmin(user);`
			`};`

Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.viewById = function (userId) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`// if an invite is required to view, run permission check, else return true`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`if (getSetting('requireViewInvite', false)) {`
			`return !!userId ? can.view(Meteor.users.findOne(userId)) : false;`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`}`
			`return true;`
			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.post = function (user, returnError) {`
Fixing nav tests and cleanup. Turning velocity back on and adding relevant packages to .meteor/versions 2015-01-05 17:51:54 +01:00			`user = (typeof user === 'undefined') ? Meteor.user() : user;`
Making notifications into their own package 2014-09-20 09:57:09 +09:00
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`if (!user) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`return returnError ? "no_account" : false;`
			`} else if (isAdmin(user)) {`
			`return true;`
			`} else if (getSetting('requirePostInvite')) {`
			`if (user.isInvited) {`
			`return true;`
			`} else {`
			`return returnError ? "no_invite" : false;`
			`}`
			`} else {`
			`return true;`
			`}`
			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.comment = function (user, returnError) {`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`return can.post(user, returnError);`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.vote = function (user, returnError) {`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`return can.post(user, returnError);`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.edit = function (user, item, returnError) {`
Fixing nav tests and cleanup. Turning velocity back on and adding relevant packages to .meteor/versions 2015-01-05 17:51:54 +01:00			`user = (typeof user === 'undefined') ? Meteor.user() : user;`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00
			`if (!user \|\| !item \|\| (user._id !== item.userId && !isAdmin(user))) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`return returnError ? "no_rights" : false;`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`} else {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`return true;`
			`}`
			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.editById = function (userId, item) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`var user = Meteor.users.findOne(userId);`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`return can.edit(user, item);`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.currentUserEdit = function (item) {`
Getting rid of redundant permissions functions Switched everything over to use can.* functions from telescope-lib instead of using can* functions from lib/permissions.js, deleted lib/permissions.js, added some tests for permissions, and some other random cleanup like deleting unused code. Conflicts: client/views/comments/comment_form.js 2015-01-07 08:22:46 +01:00			`return can.edit(Meteor.user(), item);`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`};`
Don't let non-admins access pending posts. 2015-02-05 09:32:43 +09:00			`can.invite = function (user) {`
Making notifications into their own package 2014-09-20 09:57:09 +09:00			`return isInvited(user) \|\| isAdmin(user);`
			`};`