Changeset View
Changeset View
Standalone View
Standalone View
lib/app/base-chips/access-strategy-types/owner.js
"use strict"; | |||||
const Promise = require("bluebird"); | const Promise = require("bluebird"); | ||||
const Query = require("../../../datastore/query.js"); | const Query = require("../../../datastore/query.js"); | ||||
module.exports = { | module.exports = { | ||||
name: "owner", | name: "owner", | ||||
getRestrictingQuery: async function(context, params) { | async getRestrictingQuery(context, params) { | ||||
if (context.user_id) { | if (context.user_id) { | ||||
return Query.fromSingleMatch({ | return Query.fromSingleMatch({ | ||||
"_metadata.created_context.user_id": { $eq: context.user_id }, | "_metadata.created_context.user_id": { $eq: context.user_id }, | ||||
}); | }); | ||||
} | } | ||||
return new Query.DenyAll(); | return new Query.DenyAll(); | ||||
}, | }, | ||||
checker_function: function(context, params, item) { | checker_function(context, params, item) { | ||||
if ( | if ( | ||||
context.user_id && | context.user_id && | ||||
context.user_id === item._metadata.created_context.user_id | context.user_id === item._metadata.created_context.user_id | ||||
) { | ) { | ||||
return Promise.resolve(); | return Promise.resolve(); | ||||
} else { | } | ||||
return Promise.reject( | return Promise.reject( | ||||
"Only the owner of this resource can perform this operation on this item." | "Only the owner of this resource can perform this operation on this item." | ||||
); | ); | ||||
} | |||||
}, | }, | ||||
item_sensitive: true, | item_sensitive: true, | ||||
}; | }; |