Browse Source
fix: Page Rules based on Tag Matches do not work for comment permissions (#5819)
pull/5838/head
natsutteatsuiyone
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
18 additions and
6 deletions
-
server/graph/resolvers/comment.js
-
server/models/comments.js
|
|
|
@ -40,9 +40,13 @@ module.exports = { |
|
|
|
* Fetch list of comments for a page |
|
|
|
*/ |
|
|
|
async list (obj, args, context) { |
|
|
|
const page = await WIKI.models.pages.query().select('id').findOne({ localeCode: args.locale, path: args.path }) |
|
|
|
const page = await WIKI.models.pages.query().select('pages.id').findOne({ localeCode: args.locale, path: args.path }) |
|
|
|
.withGraphJoined('tags') |
|
|
|
.modifyGraph('tags', builder => { |
|
|
|
builder.select('tag') |
|
|
|
}) |
|
|
|
if (page) { |
|
|
|
if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], args)) { |
|
|
|
if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], { tags: page.tags, ...args })) { |
|
|
|
const comments = await WIKI.models.comments.query().where('pageId', page.id).orderBy('createdAt') |
|
|
|
return comments.map(c => ({ |
|
|
|
...c, |
|
|
|
@ -66,10 +70,15 @@ module.exports = { |
|
|
|
throw new WIKI.Error.CommentNotFound() |
|
|
|
} |
|
|
|
const page = await WIKI.models.pages.query().select('localeCode', 'path').findById(cm.pageId) |
|
|
|
.withGraphJoined('tags') |
|
|
|
.modifyGraph('tags', builder => { |
|
|
|
builder.select('tag') |
|
|
|
}) |
|
|
|
if (page) { |
|
|
|
if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], { |
|
|
|
path: page.path, |
|
|
|
locale: page.localeCode |
|
|
|
locale: page.localeCode, |
|
|
|
tags: page.tags |
|
|
|
})) { |
|
|
|
return { |
|
|
|
...cm, |
|
|
|
|
|
|
|
@ -99,7 +99,8 @@ module.exports = class Comment extends Model { |
|
|
|
if (page) { |
|
|
|
if (!WIKI.auth.checkAccess(user, ['write:comments'], { |
|
|
|
path: page.path, |
|
|
|
locale: page.localeCode |
|
|
|
locale: page.localeCode, |
|
|
|
tags: page.tags |
|
|
|
})) { |
|
|
|
throw new WIKI.Error.CommentPostForbidden() |
|
|
|
} |
|
|
|
@ -136,7 +137,8 @@ module.exports = class Comment extends Model { |
|
|
|
if (page) { |
|
|
|
if (!WIKI.auth.checkAccess(user, ['manage:comments'], { |
|
|
|
path: page.path, |
|
|
|
locale: page.localeCode |
|
|
|
locale: page.localeCode, |
|
|
|
tags: page.tags |
|
|
|
})) { |
|
|
|
throw new WIKI.Error.CommentManageForbidden() |
|
|
|
} |
|
|
|
@ -169,7 +171,8 @@ module.exports = class Comment extends Model { |
|
|
|
if (page) { |
|
|
|
if (!WIKI.auth.checkAccess(user, ['manage:comments'], { |
|
|
|
path: page.path, |
|
|
|
locale: page.localeCode |
|
|
|
locale: page.localeCode, |
|
|
|
tags: page.tags |
|
|
|
})) { |
|
|
|
throw new WIKI.Error.CommentManageForbidden() |
|
|
|
} |
|
|
|
|
