coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2022-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
48c87a1902f1b97b49d8b6d3bd351bbfc7745413
outline/server/policies/user.js
Tom Moor 6d8216c54e feat: Guest email authentication (#1088) 
* feat: API endpoints for email signin

* fix: After testing

* Initial signin flow working

* move shared middleware

* feat: Add guest signin toggle, obey on endpoints

* feat: Basic email signin when enabled

* Improve guest signin email
Disable double signin with JWT

* fix: Simple rate limiting

* create placeholder users in db

* fix: Give invited users default avatar
add invited users to people settings

* test

* add transaction

* tmp: test CI

* derp

* md5

* urgh

* again

* test: pass

* test

* fix: Remove usage of data values

* guest signin page

* Visually separator 'Invited' from other people tabs

* fix: Edge case attempting SSO signin for guest email account

* fix: Correctly set email auth method to cookie

* Improve rate limit error display

* lint: cleanup / comments

* Improve invalid token error display

* style tweaks

* pass guest value to subdomain

* Restore copy link option

* feat: Allow invite revoke from people management

* fix: Incorrect users email schema does not allow for user deletion

* lint

* fix: avatarUrl for deleted user failure

* change default to off for guest invites

* fix: Changing security settings wipes subdomain

* fix: user delete permissioning

* test: Add user.invite specs
2019-12-15 18:46:08 -08:00

42 lines
962 B
JavaScript
Raw Blame History

// @flow
import policy from './policy';
import { User } from '../models';
import { AdminRequiredError } from '../errors';
const { allow } = policy;
allow(
User,
'read',
User,
(actor, user) => user && user.teamId === actor.teamId
);
allow(User, 'invite', User, actor => {
return true;
});
allow(User, 'update', User, (actor, user) => {
if (!user || user.teamId !== actor.teamId) return false;
if (user.id === actor.id) return true;
throw new AdminRequiredError();
});
allow(User, 'delete', User, (actor, user) => {
if (!user || user.teamId !== actor.teamId) return false;
if (user.id === actor.id) return true;
if (actor.isAdmin && !user.lastActiveAt) return true;
throw new AdminRequiredError();
});
allow(
User,
['promote', 'demote', 'activate', 'suspend'],
User,
(actor, user) => {
if (!user || user.teamId !== actor.teamId) return false;
if (actor.isAdmin) return true;
throw new AdminRequiredError();
}
);
Reference in New Issue View Git Blame Copy Permalink