TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-23 22:11:09 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3227 from sebgie/issue#3075

Browse Source 
Owner has all user permissions
This commit is contained in:
Hannah Wolfe 2014-07-09 19:07:15 +01:00
commit cdca934da9
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/server/permissions/effective.js
View File

@ -6,13 +6,19 @@ var _ = require('lodash'),
var effective = {
user: function (id) {
return User.findOne({id: id}, { include: ['permissions', 'roles.permissions'] })
return User.findOne({id: id}, { include: ['permissions', 'roles', 'roles.permissions'] })
.then(function (foundUser) {
var seenPerms = {},
rolePerms = _.map(foundUser.related('roles').models, function (role) {
return role.related('permissions').models;
}),
allPerms = [];
allPerms = [],
user = foundUser.toJSON();
// TODO: using 'Owner' as return value is a bit hacky.
if (user.roles[0] && user.roles[0].name === 'Owner') {
return 'Owner';
}
rolePerms.push(foundUser.related('permissions').models);

8
core/server/permissions/index.js
View File

@ -103,10 +103,14 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (obj_types, act_type,
// TODO: String vs Int comparison possibility here?
return modelId === permObjId;
};
// Check user permissions for matching action, object and id.
if (!_.isEmpty(userPermissions)) {
hasUserPermission = _.any(userPermissions, checkPermission);
// TODO: using 'Owner' is a bit hacky.
if (userPermissions === 'Owner') {
hasUserPermission = true;
} else {
hasUserPermission = _.any(userPermissions, checkPermission);
}
}
// Check app permissions if they were passed