Changeset View
Changeset View
Standalone View
Standalone View
lib/app/base-chips/access-strategy-types/same-anon.js
"use strict"; | "use strict"; | ||||
const Query = require("../../../datastore/query.js"); | const Query = require("../../../datastore/query.js"); | ||||
module.exports = { | module.exports = { | ||||
name: "same-anon", | name: "same-anon", | ||||
getRestrictingQuery: async function(context, params) { | getRestrictingQuery: async function(context, params) { | ||||
if (context.anonymous_user_id) { | if (context.anonymous_user_id) { | ||||
return Query.fromSingleMatch({ | return Query.fromSingleMatch({ | ||||
"created_context.anonymous_user_id": context.anonymous_user_id, | "_metadata.created_context.anonymous_user_id": | ||||
context.anonymous_user_id, | |||||
}); | }); | ||||
} | } | ||||
return new Query.AllowAll(); | return new Query.AllowAll(); | ||||
}, | }, | ||||
checker_function: function(context, params, item) { | checker_function: function(context, params, item) { | ||||
if (context.anonymous_user_id === null) { | if (context.anonymous_user_id === null) { | ||||
return Promise.reject(); | return Promise.reject(); | ||||
} | } | ||||
if ( | if ( | ||||
context.anonymous_user_id === item.created_context.anonymous_user_id | context.anonymous_user_id === | ||||
item._metadata.created_context.anonymous_user_id | |||||
) { | ) { | ||||
return Promise.resolve(); | return Promise.resolve(); | ||||
} else { | } else { | ||||
return Promise.reject( | return Promise.reject( | ||||
"Only the user who created this resource can have access to it" | "Only the user who created this resource can have access to it" | ||||
); | ); | ||||
} | } | ||||
}, | }, | ||||
item_sensitive: true, | item_sensitive: true, | ||||
}; | }; |