0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00

Owner has all user permissions

closes #3075
- added special treatment for role with name ‚Owner‘
This commit is contained in:
Sebastian Gierlinger 2014-07-09 13:34:38 +02:00
parent 09e03f4d78
commit 5b0b308513
2 changed files with 14 additions and 4 deletions

View file

@ -6,13 +6,19 @@ var _ = require('lodash'),
var effective = {
user: function (id) {
return User.findOne({id: id}, { include: ['permissions', 'roles.permissions'] })
return User.findOne({id: id}, { include: ['permissions', 'roles', 'roles.permissions'] })
.then(function (foundUser) {
var seenPerms = {},
rolePerms = _.map(foundUser.related('roles').models, function (role) {
return role.related('permissions').models;
}),
allPerms = [];
allPerms = [],
user = foundUser.toJSON();
// TODO: using 'Owner' as return value is a bit hacky.
if (user.roles[0] && user.roles[0].name === 'Owner') {
return 'Owner';
}
rolePerms.push(foundUser.related('permissions').models);

View file

@ -103,10 +103,14 @@ CanThisResult.prototype.buildObjectTypeHandlers = function (obj_types, act_type,
// TODO: String vs Int comparison possibility here?
return modelId === permObjId;
};
// Check user permissions for matching action, object and id.
if (!_.isEmpty(userPermissions)) {
hasUserPermission = _.any(userPermissions, checkPermission);
// TODO: using 'Owner' is a bit hacky.
if (userPermissions === 'Owner') {
hasUserPermission = true;
} else {
hasUserPermission = _.any(userPermissions, checkPermission);
}
}
// Check app permissions if they were passed