Vulcan/lib/permissions.js


// Permissions

// user:                Defaults to Meteor.user()
// returnError:         If there's an error, should we return what the problem is?
// 
// return true if all is well, false || an error string if not
canView = function(user){
  // console.log('canView', 'user:', user, 'returnError:', returnError, getSetting('requireViewInvite'));

  if(getSetting('requireViewInvite', false)){

    if(Meteor.isClient){
      // on client only, default to the current user
      var user=(typeof user === 'undefined') ? Meteor.user() : user;

      // return false until settings have loaded
      if(!Session.get('settingsLoaded'))
        return false;
    }

    if(user && (isAdmin(user) || isInvited(user))){
      // if logged in AND either admin or invited
      return true;
    }else{
      return false;
    }

  }
  return true;
}
canViewById = function(userId, returnError){
  // if an invite is required to view, run permission check, else return true
  if(getSetting('requireViewInvite', false)){
    // if user is logged in, then run canView, else return false
    return userId ? canView(Meteor.users.findOne(userId), returnError) : false;
  }
  return true;
}
canPost = function(user, returnError){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;

  // console.log('canPost', user, action, getSetting('requirePostInvite'));
  if(Meteor.isClient && !Session.get('settingsLoaded'))
    return false;
  
  if(!user){
    return returnError ? "no_account" : false;
  } else if (isAdmin(user)) {
    return true;
  } else if (getSetting('requirePostInvite')) {
    if (user.isInvited) {
      return true;
    } else {
      return returnError ? "no_invite" : false;
    }
  } else {
    return true;
  }
}
canPostById = function(userId, returnError){
  var user = Meteor.users.findOne(userId);
  return canPost(user, returnError);
}
canComment = function(user, returnError){
  return canPost(user, returnError);
}
canCommentById = function(userId, returnError){
  var user = Meteor.users.findOne(userId);
  return canComment(user, returnError);
}
canUpvote = function(user, collection, returnError){
  return canPost(user, returnError);
}
canUpvoteById = function(userId, returnError){
  var user = Meteor.users.findOne(userId);
  return canUpvote(user, returnError);
}
canDownvote = function(user, collection, returnError){
  return canPost(user, returnError);
}
canDownvoteById = function(userId, returnError){
  var user = Meteor.users.findOne(userId);
  return canDownvote(user, returnError);
}
canEdit = function(user, item, returnError){
  var user=(typeof user === 'undefined') ? Meteor.user() : user;
  
  if (!user || !item){
    return returnError ? "no_rights" : false;
  } else if (isAdmin(user)) {
    return true;
  } else if (user._id!==item.userId) {
    return returnError ? "no_rights" : false;
  }else {
    return true;
  }
}
canEditById = function(userId, item){
  var user = Meteor.users.findOne(userId);
  return canEdit(user, item);
}
currentUserCanEdit = function(item) {
  return canEdit(Meteor.user(), item);
}
canInvite = function(user){
  return isInvited(user) || isAdmin(user);
}
moved permissions to own file 2012-11-21 14:18:30 +09:00
			`// Permissions`

			`// user: Defaults to Meteor.user()`
			`// returnError: If there's an error, should we return what the problem is?`
			`//`
			`// return true if all is well, false \|\| an error string if not`
fixed canView 2013-10-25 10:26:57 +09:00			`canView = function(user){`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`// console.log('canView', 'user:', user, 'returnError:', returnError, getSetting('requireViewInvite'));`
fixed canView 2013-10-25 10:26:57 +09:00
make isAdmin work better when user is null 2013-10-25 10:37:39 +09:00			`if(getSetting('requireViewInvite', false)){`
fixed canView 2013-10-25 10:26:57 +09:00
			`if(Meteor.isClient){`
			`// on client only, default to the current user`
			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`

			`// return false until settings have loaded`
			`if(!Session.get('settingsLoaded'))`
			`return false;`
			`}`

			`if(user && (isAdmin(user) \|\| isInvited(user))){`
			`// if logged in AND either admin or invited`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`return true;`
			`}else{`
fixed canView 2013-10-25 10:26:57 +09:00			`return false;`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`}`
fixed canView 2013-10-25 10:26:57 +09:00
moved permissions to own file 2012-11-21 14:18:30 +09:00			`}`
fixed canView 2013-10-25 10:26:57 +09:00			`return true;`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`canViewById = function(userId, returnError){`
fixed canView 2013-10-25 10:26:57 +09:00			`// if an invite is required to view, run permission check, else return true`
make isAdmin work better when user is null 2013-10-25 10:37:39 +09:00			`if(getSetting('requireViewInvite', false)){`
fixed canView 2013-10-25 10:26:57 +09:00			`// if user is logged in, then run canView, else return false`
			`return userId ? canView(Meteor.users.findOne(userId), returnError) : false;`
			`}`
			`return true;`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`}`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`canPost = function(user, returnError){`
			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`

			`// console.log('canPost', user, action, getSetting('requirePostInvite'));`
tweaking permissions 2012-11-21 14:31:58 +09:00			`if(Meteor.isClient && !Session.get('settingsLoaded'))`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`return false;`

			`if(!user){`
			`return returnError ? "no_account" : false;`
			`} else if (isAdmin(user)) {`
			`return true;`
			`} else if (getSetting('requirePostInvite')) {`
			`if (user.isInvited) {`
			`return true;`
			`} else {`
			`return returnError ? "no_invite" : false;`
			`}`
			`} else {`
			`return true;`
			`}`
			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`canPostById = function(userId, returnError){`
			`var user = Meteor.users.findOne(userId);`
			`return canPost(user, returnError);`
			`}`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`canComment = function(user, returnError){`
			`return canPost(user, returnError);`
			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`canCommentById = function(userId, returnError){`
			`var user = Meteor.users.findOne(userId);`
			`return canComment(user, returnError);`
			`}`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`canUpvote = function(user, collection, returnError){`
			`return canPost(user, returnError);`
			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`canUpvoteById = function(userId, returnError){`
			`var user = Meteor.users.findOne(userId);`
			`return canUpvote(user, returnError);`
			`}`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`canDownvote = function(user, collection, returnError){`
			`return canPost(user, returnError);`
			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`canDownvoteById = function(userId, returnError){`
			`var user = Meteor.users.findOne(userId);`
			`return canDownvote(user, returnError);`
			`}`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`canEdit = function(user, item, returnError){`
			`var user=(typeof user === 'undefined') ? Meteor.user() : user;`

			`if (!user \|\| !item){`
			`return returnError ? "no_rights" : false;`
			`} else if (isAdmin(user)) {`
			`return true;`
			`} else if (user._id!==item.userId) {`
			`return returnError ? "no_rights" : false;`
			`}else {`
			`return true;`
			`}`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`}`
fixed queued comments bug 2013-04-26 17:28:09 +09:00			`canEditById = function(userId, item){`
refactoring allow() methods to use permission methods 2013-03-19 15:04:54 +09:00			`var user = Meteor.users.findOne(userId);`
fixed queued comments bug 2013-04-26 17:28:09 +09:00			`return canEdit(user, item);`
working on filters 2013-10-10 11:41:11 +09:00			`}`
			`currentUserCanEdit = function(item) {`
			`return canEdit(Meteor.user(), item);`
invite system 2013-10-23 19:43:42 +09:00			`}`
			`canInvite = function(user){`
			`return isInvited(user) \|\| isAdmin(user);`
moved permissions to own file 2012-11-21 14:18:30 +09:00			`}`