new permissions

README.md

@@ -581,6 +581,7 @@ comments.remove.all
 users.edit.all
 users.remove.all
 categories.view.all
+categories.new
 categories.edit.all
 categories.remove.all
 ```

packages/nova-base-components/lib/posts/PostsEditForm.jsx

@@ -41,7 +41,7 @@ class PostsEditForm extends Component{
   
     return (
       <div className="posts-edit-form">
-        {Users.is.admin(this.context.currentUser) ?  this.renderAdminArea() : null}
+        {Users.canDo(this.context.currentUser, "posts.edit.all") ?  this.renderAdminArea() : null}
         <DocumentContainer 
           collection={Posts} 
           publication="posts.single" 

packages/nova-base-components/lib/posts/PostsViews.jsx

@@ -10,7 +10,7 @@ const PostsViews = (props, context) => {
   let views = ["top", "new", "best"];
   const adminViews = ["pending", "rejected", "scheduled"];
   
-  if (Users.is.admin(context.currentUser)) {
+  if (Users.canDo(context.currentUser, "posts.edit.all")) {
     views = views.concat(adminViews);
   }
 

packages/nova-base-components/lib/users/UsersProfile.jsx

@@ -20,7 +20,7 @@ const UsersProfile = ({user, currentUser}) => {
       <ul>
         {twitterName ? <li><a href={"http://twitter.com/" + twitterName}>@{twitterName}</a></li> : null }
         {user.telescope.website ? <li><a href={user.telescope.website}>{user.telescope.website}</a></li> : null }
-        {Users.is.admin(currentUser) ? <li><Link to={Users.getEditUrl(user)}><FormattedMessage id="users.edit_account"/></Link></li> : null}
+        {Users.canDo(currentUser, "users.edit.all") ? <li><Link to={Users.getEditUrl(user)}><FormattedMessage id="users.edit_account"/></Link></li> : null}
       </ul>
       <h3><FormattedMessage id="users.posts"/></h3>
       <ListContainer

packages/nova-comments/lib/schema.js

@@ -1,6 +1,16 @@
 import Comments from './collection.js';
 import Users from 'meteor/nova:users';
 
+
+// check if user can create a new comment
+const canInsert = user => Users.canDo(user, "comments.new");
+
+// check if user can edit a comment
+const canEdit = Users.canEdit;
+
+// check if user can edit *all* comments
+const canEditAll = user => Users.canDo(user, "comments.edit.all");
+
 /**
  * @summary Comments schema
  * @type {SimpleSchema}
@@ -21,7 +31,7 @@ Comments.schema = new SimpleSchema({
     type: String,
     // regEx: SimpleSchema.RegEx.Id,
     max: 500,
-    insertableIf: Users.is.memberOrAdmin,
+    insertableIf: canInsert,
     optional: true,
     publish: true,
     control: "none" // never show this
@@ -33,7 +43,7 @@ Comments.schema = new SimpleSchema({
     type: String,
     // regEx: SimpleSchema.RegEx.Id,
     max: 500,
-    insertableIf: Users.is.memberOrAdmin,
+    insertableIf: canInsert,
     optional: true,
     publish: true,
     control: "none" // never show this
@@ -60,8 +70,8 @@ Comments.schema = new SimpleSchema({
   body: {
     type: String,
     max: 3000,
-    insertableIf: Users.is.memberOrAdmin,
-    editableIf: Users.is.ownerOrAdmin,
+    insertableIf: canInsert,
+    editableIf: canEdit,
     publish: true,
     control: "textarea"
   },

packages/nova-debug/lib/globals.js

@@ -1,7 +1,9 @@
 import PostsImport from "meteor/nova:posts";
 import CommentsImport from "meteor/nova:posts";
 import UsersImport from "meteor/nova:posts";
+import CategoriesImport from "meteor/nova:categories";
 
 Posts = PostsImport;
 Comments = CommentsImport;
 Users = UsersImport;
+Categories = CategoriesImport;

packages/nova-debug/package.js

@@ -39,7 +39,8 @@ Package.onUse(function (api) {
   api.export([
     'Posts',
     'Comments',
-    'Users'
+    'Users',
+    'Categories'
   ], ['client', 'server']);
 
 });

packages/nova-embedly/lib/custom_fields.js

@@ -4,6 +4,11 @@ import ThumbnailURL from './components/ThumbnailURL.jsx';
 import Posts from "meteor/nova:posts";
 import Users from 'meteor/nova:users';
 
+// check if user can create a new post
+const canInsert = user => Users.canDo(user, "posts.new");
+// check if user can edit a post
+const canEdit = Users.canEdit;
+
 Posts.addField([
   {
     fieldName: 'url',
@@ -11,8 +16,8 @@ Posts.addField([
       type: String,
       optional: true,
       max: 500,
-      insertableIf: Users.is.memberOrAdmin,
-      editableIf: Users.is.ownerOrAdmin,
+      insertableIf: canInsert,
+      editableIf: canEdit,
       control: EmbedlyURL,
       publish: true
     }
@@ -22,8 +27,8 @@ Posts.addField([
     fieldSchema: {
       type: String,
       optional: true,
-      insertableIf: Users.is.memberOrAdmin,
-      editableIf: Users.is.ownerOrAdmin,
+      insertableIf: canInsert,
+      editableIf: canEdit,
       publish: true,
       control: ThumbnailURL
     }

packages/nova-newsletter/lib/custom_fields.js

@@ -2,6 +2,11 @@ import NewsletterSubscribe from './components/NewsletterSubscribe.jsx';
 import Posts from "meteor/nova:posts";
 import Users from 'meteor/nova:users';
 
+// check if user can create a new account
+const canInsert = user => Users.canDo(user, "users.new");
+// check if user can edit a user
+const canEdit = Users.canEdit;
+
 Posts.addField({
   fieldName: 'scheduledAt',
   fieldSchema: {
@@ -18,8 +23,8 @@ Users.addField([
       type: Boolean,
       optional: true,
       publish: true,
-      insertableIf: Users.is.memberOrAdmin,
-      editableIf: Users.is.ownerOrAdmin,
+      insertableIf: canInsert,
+      editableIf: canEdit,
       control: NewsletterSubscribe,
       group: {
         name: "newsletter",

packages/nova-notifications/lib/custom_fields.js

@@ -5,6 +5,11 @@ const notificationsGroup = {
   order: 2
 };
 
+// check if user can create a new account
+const canInsert = user => Users.canDo(user, "users.new");
+// check if user can edit a user
+const canEdit = Users.canEdit;
+
 // Add notifications options to user profile settings
 Users.addField([
   {
@@ -28,8 +33,8 @@ Users.addField([
       optional: true,
       defaultValue: false,
       control: "checkbox",
-      insertableIf: Users.is.memberOrAdmin,
-      editableIf: Users.is.ownerOrAdmin,
+      insertableIf: canInsert,
+      editableIf: canEdit,
       group: notificationsGroup
     }
   }
@@ -45,8 +50,8 @@ if (typeof Comments !== "undefined") {
         optional: true,
         defaultValue: true,
         control: "checkbox",
-        insertableIf: Users.is.memberOrAdmin,
-        editableIf: Users.is.ownerOrAdmin
+        insertableIf: canInsert,
+        editableIf: canEdit
       }
     },
     {
@@ -57,8 +62,8 @@ if (typeof Comments !== "undefined") {
         optional: true,
         defaultValue: true,
         control: "checkbox",
-        insertableIf: Users.is.memberOrAdmin,
-        editableIf: Users.is.ownerOrAdmin
+        insertableIf: canInsert,
+        editableIf: canEdit
       }
     }
   ]);  

packages/nova-posts/lib/schema.js

@@ -46,6 +46,15 @@ Posts.formGroups = {
   }
 };
 
+// check if user can create a new post
+const canInsert = user => Users.canDo(user, "posts.new");
+
+// check if user can edit a post
+const canEdit = Users.canEdit;
+
+// check if user can edit *all* posts
+const canEditAll = user => Users.canDo(user, "posts.edit.all");
+
 /**
  * @summary Posts schema
  * @type {SimpleSchema}
@@ -73,8 +82,8 @@ Posts.schemaJSON = {
   postedAt: {
     type: Date,
     optional: true,
-    insertableIf: Users.is.admin,
-    editableIf: Users.is.admin,
+    insertableIf: canEditAll,
+    editableIf: canEditAll,
     publish: true,
     control: "datetime",
     group: Posts.formGroups.admin
@@ -86,8 +95,8 @@ Posts.schemaJSON = {
     type: String,
     optional: true,
     max: 500,
-    insertableIf: Users.is.memberOrAdmin,
-    editableIf: Users.is.ownerOrAdmin,
+    insertableIf: canInsert,
+    editableIf: canEdit,
     control: "text",
     publish: true,
     order: 10
@@ -99,8 +108,8 @@ Posts.schemaJSON = {
     type: String,
     optional: false,
     max: 500,
-    insertableIf: Users.is.memberOrAdmin,
-    editableIf: Users.is.ownerOrAdmin,
+    insertableIf: canInsert,
+    editableIf: canEdit,
     control: "text",
     publish: true,
     order: 20
@@ -120,8 +129,8 @@ Posts.schemaJSON = {
     type: String,
     optional: true,
     max: 3000,
-    insertableIf: Users.is.memberOrAdmin,
-    editableIf: Users.is.ownerOrAdmin,
+    insertableIf: canInsert,
+    editableIf: canEdit,
     control: "textarea",
     publish: true,
     order: 30
@@ -175,8 +184,8 @@ Posts.schemaJSON = {
   status: {
     type: Number,
     optional: true,
-    insertableIf: Users.is.admin,
-    editableIf: Users.is.admin,
+    insertableIf: canEditAll,
+    editableIf: canEditAll,
     control: "select",
     publish: true,
     autoValue: function () {
@@ -209,8 +218,8 @@ Posts.schemaJSON = {
     type: Boolean,
     optional: true,
     defaultValue: false,
-    insertableIf: Users.is.admin,
-    editableIf: Users.is.admin,
+    insertableIf: canEditAll,
+    editableIf: canEditAll,
     control: "checkbox",
     publish: true,
     group: Posts.formGroups.admin
@@ -257,8 +266,8 @@ Posts.schemaJSON = {
     type: String,
     optional: true,
     // regEx: SimpleSchema.RegEx.Id,
-    // insertableIf: Users.is.admin,
-    // editableIf: Users.is.admin,
+    // insertableIf: canEditAll,
+    // editableIf: canEditAll,
     control: "select",
     publish: true,
     autoform: {

packages/nova-users/lib/permissions.js

@@ -1,12 +1,14 @@
 import Users from './collection.js';
 
 const defaultActions = [
+  "users.new", 
   "users.edit.own", 
   "users.remove.own"
 ];
 Users.groups.default.can(defaultActions);
 
 const adminActions = [
+  "users.new", 
   "users.edit.all",
   "users.remove.all"
 ];