Fixed library nodes not having a default schema
This commit is contained in:
ThaumRystra
@@ -1,26 +1,28 @@
|
||||
import { includes } from 'lodash';
|
||||
import { fetchDocByRef } from '/imports/api/parenting/parentingFunctions';
|
||||
import type { Shared } from '/imports/api/sharing/SharingSchema';
|
||||
import type { TreeDoc } from '/imports/api/parenting/ChildSchema';
|
||||
|
||||
function assertIdValid(userId) {
|
||||
function assertIdValid(userId: string | undefined | null): asserts userId {
|
||||
if (!userId || typeof userId !== 'string') {
|
||||
throw new Meteor.Error('Permission denied',
|
||||
'No user ID. Are you logged in?');
|
||||
}
|
||||
}
|
||||
|
||||
function assertdocExists(doc) {
|
||||
function assertDocExists(doc: Record<string, any> | undefined): asserts doc {
|
||||
if (!doc) {
|
||||
throw new Meteor.Error('Permission denied',
|
||||
'Permission denied: No such document exists');
|
||||
}
|
||||
}
|
||||
|
||||
export function assertOwnership(doc, userId) {
|
||||
export function assertOwnership(doc: Shared, userId: string): asserts doc {
|
||||
assertIdValid(userId);
|
||||
assertdocExists(doc);
|
||||
assertDocExists(doc);
|
||||
|
||||
if (doc.owner === userId) {
|
||||
return true;
|
||||
return;
|
||||
} else {
|
||||
throw new Meteor.Error('Permission denied',
|
||||
'You are not the owner of this document');
|
||||
@@ -33,18 +35,22 @@ export function assertOwnership(doc, userId) {
|
||||
*
|
||||
* Warning: the doc and userId must be set by a trusted source
|
||||
*/
|
||||
export function assertEditPermission(doc, userId) {
|
||||
export function assertEditPermission(doc: Shared | undefined, userId: string | undefined | null): asserts doc {
|
||||
assertIdValid(userId);
|
||||
assertdocExists(doc);
|
||||
assertDocExists(doc);
|
||||
const user = Meteor.users.findOne(userId, {
|
||||
fields: {
|
||||
'roles': 1,
|
||||
}
|
||||
});
|
||||
if (!user) {
|
||||
throw new Meteor.Error('Edit permission denied',
|
||||
'No such user exists');
|
||||
}
|
||||
|
||||
// Admin override
|
||||
if (user.roles && user.roles.includes('admin')) {
|
||||
return true;
|
||||
return;
|
||||
}
|
||||
|
||||
// Ensure the user is authorized for this specific document
|
||||
@@ -52,7 +58,7 @@ export function assertEditPermission(doc, userId) {
|
||||
doc.owner === userId ||
|
||||
includes(doc.writers, userId)
|
||||
) {
|
||||
return true;
|
||||
return;
|
||||
} else {
|
||||
throw new Meteor.Error('Edit permission denied',
|
||||
'You do not have permission to edit this document');
|
||||
@@ -65,18 +71,23 @@ export function assertEditPermission(doc, userId) {
|
||||
*
|
||||
* Warning: the doc and userId must be set by a trusted source
|
||||
*/
|
||||
export function assertCopyPermission(doc, userId) {
|
||||
export function assertCopyPermission(doc: Shared, userId): asserts doc {
|
||||
assertIdValid(userId);
|
||||
assertdocExists(doc);
|
||||
assertDocExists(doc);
|
||||
const user = Meteor.users.findOne(userId, {
|
||||
fields: {
|
||||
'roles': 1,
|
||||
}
|
||||
});
|
||||
|
||||
if (!user) {
|
||||
throw new Meteor.Error('Edit permission denied',
|
||||
'No such user exists');
|
||||
}
|
||||
|
||||
// Admin override
|
||||
if (user.roles && user.roles.includes('admin')) {
|
||||
return true;
|
||||
return;
|
||||
}
|
||||
|
||||
// Ensure the user is authorized for this specific document
|
||||
@@ -84,22 +95,22 @@ export function assertCopyPermission(doc, userId) {
|
||||
doc.owner === userId ||
|
||||
includes(doc.writers, userId)
|
||||
) {
|
||||
return true;
|
||||
return;
|
||||
} else if (
|
||||
(includes(doc.readers, userId) || doc.public) &&
|
||||
doc.readersCanCopy
|
||||
) {
|
||||
return true;
|
||||
return;
|
||||
} else {
|
||||
throw new Meteor.Error('Copy permission denied',
|
||||
'You do not have permission to copy this document');
|
||||
}
|
||||
}
|
||||
|
||||
function getRoot(doc) {
|
||||
assertdocExists(doc);
|
||||
if (doc.root) {
|
||||
return fetchDocByRef(doc.root);
|
||||
function getRoot(doc: TreeDoc | Shared | undefined) {
|
||||
assertDocExists(doc);
|
||||
if ('root' in doc) {
|
||||
return fetchDocByRef<Shared>(doc.root);
|
||||
} else {
|
||||
return doc;
|
||||
}
|
||||
@@ -111,8 +122,8 @@ function getRoot(doc) {
|
||||
*
|
||||
* Warning: the doc and userId must be set by a trusted source
|
||||
*/
|
||||
export function assertDocEditPermission(doc, userId) {
|
||||
let root = getRoot(doc);
|
||||
export function assertDocEditPermission(doc: TreeDoc | Shared | undefined, userId: string | null): asserts doc {
|
||||
const root = getRoot(doc);
|
||||
assertEditPermission(root, userId);
|
||||
}
|
||||
|
||||
@@ -122,14 +133,14 @@ export function assertDocEditPermission(doc, userId) {
|
||||
*
|
||||
* Warning: the doc and userId must be set by a trusted source
|
||||
*/
|
||||
export function assertDocCopyPermission(doc, userId) {
|
||||
let root = getRoot(doc);
|
||||
export function assertDocCopyPermission(doc, userId): asserts doc {
|
||||
const root = getRoot(doc);
|
||||
assertCopyPermission(root, userId);
|
||||
}
|
||||
|
||||
export function assertViewPermission(doc, userId) {
|
||||
assertdocExists(doc);
|
||||
if (doc.public) return true;
|
||||
export function assertViewPermission(doc, userId): asserts doc {
|
||||
assertDocExists(doc);
|
||||
if (doc.public) return;
|
||||
assertIdValid(userId);
|
||||
|
||||
if (
|
||||
@@ -137,7 +148,7 @@ export function assertViewPermission(doc, userId) {
|
||||
includes(doc.readers, userId) ||
|
||||
includes(doc.writers, userId)
|
||||
) {
|
||||
return true;
|
||||
return;
|
||||
} else {
|
||||
|
||||
// Admin override
|
||||
@@ -146,8 +157,13 @@ export function assertViewPermission(doc, userId) {
|
||||
'roles': 1,
|
||||
}
|
||||
});
|
||||
if (!user) {
|
||||
throw new Meteor.Error('Edit permission denied',
|
||||
'No such user exists');
|
||||
}
|
||||
|
||||
if (user.roles && user.roles.includes('admin')) {
|
||||
return true;
|
||||
return;
|
||||
}
|
||||
|
||||
throw new Meteor.Error('View permission denied',
|
||||
@@ -161,19 +177,19 @@ export function assertViewPermission(doc, userId) {
|
||||
*
|
||||
* Warning: the doc and userId must be set by a trusted source
|
||||
*/
|
||||
export function assertDocViewPermission(doc, userId) {
|
||||
let root = getRoot(doc);
|
||||
export function assertDocViewPermission(doc, userId): asserts doc {
|
||||
const root = getRoot(doc);
|
||||
assertViewPermission(root, userId);
|
||||
}
|
||||
|
||||
export function assertAdmin(userId) {
|
||||
export function assertAdmin(userId): asserts userId {
|
||||
assertIdValid(userId);
|
||||
let user = Meteor.users.findOne(userId, { fields: { roles: 1 } });
|
||||
const user = Meteor.users.findOne(userId, { fields: { roles: 1 } });
|
||||
if (!user) {
|
||||
throw new Meteor.Error('Permission denied',
|
||||
'UserId does not match any existing user');
|
||||
}
|
||||
let isAdmin = user.roles && user.roles.includes('admin')
|
||||
const isAdmin = user.roles && user.roles.includes('admin')
|
||||
if (!isAdmin) {
|
||||
throw new Meteor.Error('Permission denied',
|
||||
'User does not have the admin role');
|
||||
Reference in New Issue
Block a user