Changeset View
Changeset View
Standalone View
Standalone View
lib/app/base-chips/access-strategy-types/user-referenced-in-field.js
| module.exports = app => ({ | module.exports = app => ({ | ||||
| name: "user-referenced-in-field", | name: "user-referenced-in-field", | ||||
| getRestrictingQuery: async (context, field_name) => { | getRestrictingQuery: async (context, field_name) => { | ||||
| if (!context.user_id) return new app.Query.DenyAll(); | if (!context.user_id) return new app.Query.DenyAll(); | ||||
| return new app.Query().match({ | return app.Query.fromSingleMatch({ | ||||
| [`body.${field_name}`]: context.user_id, | [`body.${field_name}`]: context.user_id, | ||||
| }); | }); | ||||
| }, | }, | ||||
| checker_function: (context, field_name, item) => { | checker_function: (context, field_name, item) => { | ||||
| if (!context.user_id) return Promise.reject("You're not logged in!"); | if (!context.user_id) return Promise.reject("You're not logged in!"); | ||||
| else if (context.user_id === item.body[field_name]) | else if (context.user_id === item.body[field_name]) | ||||
| return Promise.resolve(); | return Promise.resolve(); | ||||
| else return Promise.reject("Access not allowed for this user"); | else return Promise.reject("Access not allowed for this user"); | ||||
| }, | }, | ||||
| item_sensitive: true, | item_sensitive: true, | ||||
| }); | }); | ||||