From 2799dd1c870f8f1a954506f81e80dbe66a63835b Mon Sep 17 00:00:00 2001 From: watchtower314 Date: Thu, 22 Apr 2021 08:44:20 -0400 Subject: [PATCH] fix permission getting --- .../functions/src/common/business/updateCommon.ts | 10 ++++++---- .../functions/src/moderation/business/hideContent.ts | 3 ++- .../functions/src/moderation/business/showContent.ts | 3 ++- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/firebase/functions/src/common/business/updateCommon.ts b/packages/firebase/functions/src/common/business/updateCommon.ts index fc376ac06..5c0f021ac 100644 --- a/packages/firebase/functions/src/common/business/updateCommon.ts +++ b/packages/firebase/functions/src/common/business/updateCommon.ts @@ -4,12 +4,13 @@ import { ICommonUpdate } from '@common/types'; import { IUpdatableCommonEntity } from '../database/updateCommon'; import { commonDb } from '../database'; import { createCommonHistory } from '../../commonEditHistory/business'; -import { CommonError } from '../../util/errors'; +import { UnauthorizedError } from '../../util/errors'; import { createEvent } from '../../util/db/eventDbService'; import { EVENT_TYPES } from '../../event/event'; import { commonRuleValidationSchema } from '../../util/schemas'; import { validate } from '../../util/validate'; import { urlRegex } from '../../util/regex'; +import { hasPermission } from '../../core/domain/users/business'; const updateCommonDataValidationScheme = yup.object({ @@ -48,10 +49,11 @@ export const updateCommon = async (payload: UpdateCommonPayload): Promise(payload, updateCommonDataValidationScheme); const currCommon = await commonDb.get(payload.commonId); - // TODO check if user has permission to edit this common when permissions pr is merged - if (currCommon.metadata.founderId !== payload.userId) { - throw new CommonError('Try again when you created the common'); + const canEditCommon = await hasPermission(payload.userId, payload.commonId); + + if (!canEditCommon) { + throw new UnauthorizedError(); } // the doc that was saved in the commonEditHistory collection diff --git a/packages/firebase/functions/src/moderation/business/hideContent.ts b/packages/firebase/functions/src/moderation/business/hideContent.ts index d03c28fe0..d2d39c4c4 100644 --- a/packages/firebase/functions/src/moderation/business/hideContent.ts +++ b/packages/firebase/functions/src/moderation/business/hideContent.ts @@ -36,7 +36,8 @@ export const hideContent = async (hideContentPayload: HideContentPayload): Promi //Only users with permissions can hide content const { itemId, commonId, userId, type } = hideContentPayload; - if (!hasPermission(userId, commonId)) { + const isModerator = await hasPermission(userId, commonId); + if (!isModerator) { throw new UnauthorizedError(); } diff --git a/packages/firebase/functions/src/moderation/business/showContent.ts b/packages/firebase/functions/src/moderation/business/showContent.ts index 8407bb26f..5928d4525 100644 --- a/packages/firebase/functions/src/moderation/business/showContent.ts +++ b/packages/firebase/functions/src/moderation/business/showContent.ts @@ -34,7 +34,8 @@ export const showContent = async (showContentPayload: ShowContentPayload): Promi //Only users with permissions can make content visible const { itemId, commonId, userId, type } = showContentPayload; - if (!hasPermission(userId, commonId)) { + const isModerator = await hasPermission(userId, commonId); + if (!isModerator) { throw new UnauthorizedError(); }