mirror of
https://github.com/vale981/Vulcan
synced 2025-03-08 19:11:38 -05:00
94c6121d91
This commit touch a lot of lines of code with the goal to be more rigorous about JavaScript code conventions defined in the `.jshintrc`. Some modification: * Add a list of used global symbols in the corresponding section of `.jshintrc` * Use local variables instead of global in a lot of places where the keyword `var` was mistakenly forgotten * Add missing semi-colons after instructions * Add new lines at the end of files * Remove trailing whitespaces * Use newer name of some Meteor APIs, eg `addFiles` instead of `add_files` * Add missing `break` statements in `switch` blocks * Use `===` instead of `==` and `!==` instead of `!=` * Remove unused variables This commit should also fix a few bugs due to this lack of rigor. One example of that was the test `typeof navElements === "array"` that was never true because in JavaScript, `typeof [] === "object"`, we replaced this test by the `_.isArray` method provided by underscore. It might also fix some potential collision related to global variables. There is still plenty of work until Telescope code base passes jsHint validation, but at least this commit is a step in the right direction.
123 lines
3.2 KiB
JavaScript
123 lines
3.2 KiB
JavaScript
/**
|
||
* Telescope permissions
|
||
* @namespace Users.can
|
||
*/
|
||
Users.can = {};
|
||
|
||
/**
|
||
* Permissions checks. Return true if all is well.
|
||
* @param {Object} user - Meteor.user()
|
||
*/
|
||
Users.can.view = function (user) {
|
||
if (Settings.get('requireViewInvite', false)) {
|
||
|
||
if (Meteor.isClient) {
|
||
// on client only, default to the current user
|
||
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
||
}
|
||
|
||
return (!!user && (Users.is.admin(user) || Users.is.invited(user)));
|
||
}
|
||
return true;
|
||
};
|
||
|
||
Users.can.viewById = function (userId) {
|
||
// if an invite is required to view, run permission check, else return true
|
||
if (Settings.get('requireViewInvite', false)) {
|
||
return !!userId ? Users.can.view(Meteor.users.findOne(userId)) : false;
|
||
}
|
||
return true;
|
||
};
|
||
|
||
Users.can.viewPendingPosts = function (user) {
|
||
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
||
return Users.is.admin(user);
|
||
};
|
||
|
||
Users.can.viewRejectedPosts = function (user) {
|
||
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
||
return Users.is.admin(user);
|
||
};
|
||
|
||
|
||
Users.can.post = function (user, returnError) {
|
||
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
||
|
||
if (!user) {
|
||
return returnError ? "no_account" : false;
|
||
} else if (Users.is.admin(user)) {
|
||
return true;
|
||
} else if (Settings.get('requirePostInvite')) {
|
||
if (user.isInvited) {
|
||
return true;
|
||
} else {
|
||
return returnError ? "no_invite" : false;
|
||
}
|
||
} else {
|
||
return true;
|
||
}
|
||
};
|
||
|
||
Users.can.comment = function (user, returnError) {
|
||
return Users.can.post(user, returnError);
|
||
};
|
||
|
||
Users.can.vote = function (user, returnError) {
|
||
return Users.can.post(user, returnError);
|
||
};
|
||
|
||
/**
|
||
* Check if a user can edit a document
|
||
* @param {Object} user - The user performing the action
|
||
* @param {Object} document - The document being edited
|
||
*/
|
||
Users.can.edit = function (user, document) {
|
||
user = (typeof user === 'undefined') ? Meteor.user() : user;
|
||
|
||
if (!user || !document) {
|
||
return false;
|
||
}
|
||
|
||
var adminCheck = Users.is.admin(user);
|
||
var ownerCheck = Users.is.owner(user, document);
|
||
|
||
return adminCheck || ownerCheck;
|
||
};
|
||
|
||
Users.can.editById = function (userId, document) {
|
||
var user = Meteor.users.findOne(userId);
|
||
return Users.can.edit(user, document);
|
||
};
|
||
|
||
/**
|
||
* Check if a user can submit a field
|
||
* @param {Object} user - The user performing the action
|
||
* @param {Object} field - The field being edited or inserted
|
||
*/
|
||
Users.can.submitField = function (user, field) {
|
||
|
||
if (!field.editableBy || !user) {
|
||
return false;
|
||
}
|
||
|
||
var adminCheck = _.contains(field.editableBy, "admin") && Users.is.admin(user); // is the field editable by admins?
|
||
var memberCheck = _.contains(field.editableBy, "member"); // is the field editable by regular users?
|
||
|
||
return adminCheck || memberCheck;
|
||
|
||
};
|
||
|
||
/**
|
||
* Check if a user can edit a field – for now, identical to Users.can.submitField
|
||
* @param {Object} user - The user performing the action
|
||
* @param {Object} field - The field being edited or inserted
|
||
*/
|
||
Users.can.editField = Users.can.submitField;
|
||
|
||
Users.can.currentUserEdit = function (item) {
|
||
return Users.can.edit(Meteor.user(), item);
|
||
};
|
||
|
||
Users.can.invite = function (user) {
|
||
return Users.is.invited(user) || Users.is.admin(user);
|
||
};
|