hiro/Vulcan
1
0
Fork 0
mirror of https://github.com/vale981/Vulcan synced 2025-03-08 19:11:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
Vulcan/packages/nova-users/lib/permissions.js
Justin Gross bcfa305530 Complete soft delete feature for comments 
- Add deleteComment function to CommentsItem.jsx
- Add Delete link next to Edit link in CommentsItem.jsx
- Hide reply link if comment.isDeleted
- Add styling for Delete link element in _comments.scss
- Add check for document.isDeleted in Users.can.edit in permissions.js
2016-05-06 17:07:40 -04:00

167 lines
4.7 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// note: using collection helpers here is probably a bad idea,
// because they'll throw an error when the user is undefined
/**
* @summary Telescope permissions
* @namespace Users.can
*/
Users.can = {};
/**
* @summary Check if a given user has access to view posts
* @param {Object} user
*/
Users.can.view = function (user) {
if (Telescope.settings.get('requireViewInvite', false)) {
if (Meteor.isClient) {
// on client only, default to the current user
user = (typeof user === 'undefined') ? Meteor.user() : user;
}
return (!!user && (Users.is.admin(user) || Users.is.invited(user)));
}
return true;
};
Users.helpers({canView: function () {return Users.can.view(this);}});
/**
* @summary Check if a given user can view a specific post
* @param {Object} user
* @param {Object} post
*/
Users.can.viewById = function (userId) {
// if an invite is required to view, run permission check, else return true
if (Telescope.settings.get('requireViewInvite', false)) {
return !!userId ? Users.can.view(Meteor.users.findOne(userId)) : false;
}
return true;
};
Users.helpers({canViewById: function () {return Users.can.viewById(this);}});
/**
* @summary Check if a given user can view a specific post
* @param {Object} user - can be undefined!
* @param {Object} post
*/
Users.can.viewPost = function (user, post) {
if (Users.is.admin(user)) {
return true;
} else {
switch (post.status) {
case Posts.config.STATUS_APPROVED:
return Users.can.view(user);
case Posts.config.STATUS_REJECTED:
case Posts.config.STATUS_SPAM:
case Posts.config.STATUS_PENDING:
return Users.can.view(user) && Users.is.owner(user, post);
case Posts.config.STATUS_DELETED:
return false;
}
}
}
Users.helpers({canViewPost: function () {return Users.can.viewPost(this, post);}});
/**
* @summary Check if a given user has permission to submit new posts
* @param {Object} user
*/
Users.can.post = function (user) {
user = (typeof user === 'undefined') ? Meteor.user() : user;
if (!user) { // no account
return false;
}
if (Users.is.admin(user)) { //admin
return true;
}
if (Telescope.settings.get('requirePostInvite', false)) { // invite required?
if (user.isInvited()) { // invited user
return true;
} else { // not invited
return false;
}
} else {
return true;
}
};
Users.helpers({canPost: function () {return Users.can.post(this);}});
/**
* @summary Check if a given user has permission to comment (same as posting for now)
* @param {Object} user
*/
Users.can.comment = function (user) {
return Users.can.post(user);
};
Users.helpers({canComment: function () {return Users.can.comment(this);}});
/**
* @summary Check if a user has permission to vote (same as posting for now)
* @param {Object} user
*/
Users.can.vote = function (user) {
return Users.can.post(user);
};
Users.helpers({canVote: function () {return Users.can.vote(this);}});
/**
* @summary Check if a user can edit a document
* @param {Object} user - The user performing the action
* @param {Object} document - The document being edited
*/
Users.can.edit = function (user, document) {
user = (typeof user === 'undefined') ? Meteor.user() : user;
if (!user || !document) {
return false;
}
if (document.hasOwnProperty('isDeleted') && document.isDeleted) return false;
var adminCheck = Users.is.admin(user);
var ownerCheck = Users.is.owner(user, document);
return adminCheck || ownerCheck;
};
Users.helpers({canEdit: function (document) {return Users.can.edit(this, document);}});
Users.can.editById = function (userId, document) {
var user = Meteor.users.findOne(userId);
return Users.can.edit(user, document);
};
Users.helpers({canEditById: function (document) {return Users.can.editById(this, document);}});
/**
* @summary Check if a user can submit a field
* @param {Object} user - The user performing the action
* @param {Object} field - The field being edited or inserted
*/
Users.can.submitField = function (user, field) {
return user && field.insertableIf && field.insertableIf(user);
};
Users.helpers({canSubmitField: function (field) {return Users.can.submitField(this, field);}});
/** @function
* Check if a user can edit a field for now, identical to Users.can.submitField
* @param {Object} user - The user performing the action
* @param {Object} field - The field being edited or inserted
*/
Users.can.editField = function (user, field, document) {
return user && field.editableIf && field.editableIf(user, document);
};
Users.can.invite = function (user) {
return Users.is.invited(user) || Users.is.admin(user);
};
Users.helpers({canInvite: function () {return Users.can.invite(this);}});
Reference in a new issue View git blame Copy permalink