coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixes: Cannot load document in private collection from share link when signed in with user that cannot access

Browse Source
This commit is contained in:
Tom Moor
2019-01-05 23:04:09 -08:00
parent 18859bec3d
commit 70287de6d7
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/policies/document.js
View File

@ -2,7 +2,7 @@
import policy from './policy';
import { Document, Revision, User } from '../models';
const { allow, authorize } = policy;
const { allow, cannot } = policy;
allow(User, 'create', Document);
@ -12,7 +12,7 @@ allow(
Document,
(user, document) => {
if (document.collection) {
authorize(user, 'read', document.collection);
if (cannot(user, 'read', document.collection)) return false;
}
return user.teamId === document.teamId;