Changeset View
Changeset View
Standalone View
Standalone View
lib/app/base-chips/access-strategy-types/user-referenced-in-field.js
module.exports = app => ({ | module.exports = app => ({ | ||||
name: "user-referenced-in-field", | name: "user-referenced-in-field", | ||||
getRestrictingQuery: async (context, field_name) => { | getRestrictingQuery: async (context, field_name) => { | ||||
if (!context.user_id) return new app.Query.DenyAll(); | if (!context.user_id) return new app.Query.DenyAll(); | ||||
return new app.Query().match({ | return app.Query.fromSingleMatch({ | ||||
[`body.${field_name}`]: context.user_id, | [`body.${field_name}`]: context.user_id, | ||||
}); | }); | ||||
}, | }, | ||||
checker_function: (context, field_name, item) => { | checker_function: (context, field_name, item) => { | ||||
if (!context.user_id) return Promise.reject("You're not logged in!"); | if (!context.user_id) return Promise.reject("You're not logged in!"); | ||||
else if (context.user_id === item.body[field_name]) | else if (context.user_id === item.body[field_name]) | ||||
return Promise.resolve(); | return Promise.resolve(); | ||||
else return Promise.reject("Access not allowed for this user"); | else return Promise.reject("Access not allowed for this user"); | ||||
}, | }, | ||||
item_sensitive: true, | item_sensitive: true, | ||||
}); | }); |