This repository has been archived on 2022-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
2018-02-18 09:14:51 +00:00
|
|
|
// @flow
|
|
|
|
|
import policy from './policy';
|
2018-02-18 18:56:56 +00:00
|
|
|
import { Collection, User } from '../models';
|
2018-02-20 07:31:18 +00:00
|
|
|
import { AdminRequiredError } from '../errors';
|
2018-02-18 09:14:51 +00:00
|
|
|
|
|
|
|
|
const { allow } = policy;
|
|
|
|
|
|
|
|
|
|
allow(User, 'create', Collection);
|
|
|
|
|
|
|
|
|
|
allow(
|
|
|
|
|
User,
|
2018-02-18 19:08:43 +00:00
|
|
|
['read', 'publish', 'update'],
|
2018-02-18 09:14:51 +00:00
|
|
|
Collection,
|
|
|
|
|
(user, collection) => collection && user.teamId === collection.teamId
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-20 07:31:18 +00:00
|
|
|
allow(User, 'delete', Collection, (user, collection) => {
|
|
|
|
|
if (!collection || user.teamId !== collection.teamId) return false;
|
|
|
|
|
if (user.id === collection.creatorId) return true;
|
|
|
|
|
if (!user.isAdmin) throw new AdminRequiredError();
|
|
|
|
|
});
|
