outline/server/policies/index.js

// @flow
import { Attachment, Team, User, Collection, Document, Group } from "../models";
import policy from "./policy";
import "./apiKey";
import "./attachment";
import "./authenticationProvider";
import "./collection";
import "./document";
import "./integration";
import "./notificationSetting";
import "./share";
import "./user";
import "./team";
import "./group";

const { can, abilities } = policy;

type Policy = {
  [key: string]: boolean,
};

/*
 * Given a user and a model – output an object which describes the actions the
 * user may take against the model. This serialized policy is used for testing
 * and sent in API responses to allow clients to adjust which UI is displayed.
 */
export function serialize(
  model: User,
  target: Attachment | Team | Collection | Document | Group
): Policy {
  let output = {};

  abilities.forEach((ability) => {
    if (model instanceof ability.model && target instanceof ability.target) {
      let response = true;
      try {
        response = can(model, ability.action, target);
      } catch (err) {
        response = false;
      }
      output[ability.action] = response;
    }
  });

  return output;
}

export default policy;
-												Added more structure and tests to our authorization code

											
										
										
											2018-02-18 08:11:48 +00:00
+								// @flow
-												fix: Allow deleting attachments not linked to documents when owned by user
closes #1729

											
										
										
											2020-12-20 19:39:09 +00:00
+								import { Attachment, Team, User, Collection, Document, Group } from "../models";
-												chore: Move to prettier standard double quotes (#1309)


											
										
										
											2020-06-20 20:59:15 +00:00
+								import policy from "./policy";
 								import "./apiKey";
-												fix: Allow deleting attachments not linked to documents when owned by user
closes #1729

											
										
										
											2020-12-20 19:39:09 +00:00
+								import "./attachment";
-												feat: authenticationProviders API endpoints (#1962)


											
										
										
											2021-03-26 18:31:07 +00:00
+								import "./authenticationProvider";
-												chore: Move to prettier standard double quotes (#1309)


											
										
										
											2020-06-20 20:59:15 +00:00
+								import "./collection";
 								import "./document";
 								import "./integration";
 								import "./notificationSetting";
 								import "./share";
 								import "./user";
 								import "./team";
 								import "./group";
-												Added more structure and tests to our authorization code

											
										
										
											2018-02-18 08:11:48 +00:00
-												refactor: Policies Architecture (#1016)

* add policy serialize method

* Add policies to collection responses

* wip

* test: remove .only

* refactor: Return policies with team and document requests

* store policies on the client

* refactor: drive admin UI from policies

											
										
										
											2019-08-22 04:41:37 +00:00
+								const { can, abilities } = policy;
 								type Policy = {
 								  [key: string]: boolean,
 								};
 								/*
-												chore: Upgrade Prettier 1.8 -> 2.0 (#1436)


											
										
										
											2020-08-09 01:53:11 +00:00
+								 * Given a user and a model – output an object which describes the actions the
 								 * user may take against the model. This serialized policy is used for testing
 								 * and sent in API responses to allow clients to adjust which UI is displayed.
 								 */
-												refactor: Policies Architecture (#1016)

* add policy serialize method

* Add policies to collection responses

* wip

* test: remove .only

* refactor: Return policies with team and document requests

* store policies on the client

* refactor: drive admin UI from policies

											
										
										
											2019-08-22 04:41:37 +00:00
+								export function serialize(
 								  model: User,
-												fix: Allow deleting attachments not linked to documents when owned by user
closes #1729

											
										
										
											2020-12-20 19:39:09 +00:00
+								  target: Attachment | Team | Collection | Document | Group
-												refactor: Policies Architecture (#1016)

* add policy serialize method

* Add policies to collection responses

* wip

* test: remove .only

* refactor: Return policies with team and document requests

* store policies on the client

* refactor: drive admin UI from policies

											
										
										
											2019-08-22 04:41:37 +00:00
+								): Policy {
 								  let output = {};
-												chore: Upgrade Prettier 1.8 -> 2.0 (#1436)


											
										
										
											2020-08-09 01:53:11 +00:00
+								  abilities.forEach((ability) => {
-												refactor: Policies Architecture (#1016)

* add policy serialize method

* Add policies to collection responses

* wip

* test: remove .only

* refactor: Return policies with team and document requests

* store policies on the client

* refactor: drive admin UI from policies

											
										
										
											2019-08-22 04:41:37 +00:00
+								    if (model instanceof ability.model && target instanceof ability.target) {
 								      let response = true;
 								      try {
 								        response = can(model, ability.action, target);
 								      } catch (err) {
 								        response = false;
 								      }
 								      output[ability.action] = response;
 								    }
 								  });
 								  return output;
 								}
-												Added more structure and tests to our authorization code

											
										
										
											2018-02-18 08:11:48 +00:00
+								export default policy;