This commit is contained in:
parent
b09ea39668
commit
cb535cffea
|
|
@ -33,13 +33,12 @@ async def get_my_shout(_, info, shout_id: int):
|
|||
user_id = info.context.get('user_id', '')
|
||||
roles = info.context.get('roles', [])
|
||||
if not user_id:
|
||||
error = 'user is not logged in'
|
||||
elif shout.created_by != author.id:
|
||||
error = 'author cannot edit this post'
|
||||
elif 'editor' not in roles:
|
||||
error = 'user has no editor role'
|
||||
elif not any([x.id == author.id for x in shout.authors]):
|
||||
error = 'author have no permissions to read this not published shout'
|
||||
error = 'unauthorized'
|
||||
else:
|
||||
if 'editor' in roles or filter(lambda x: x.id == author.id, [x for x in shout.authors]):
|
||||
return {"error": error, "shout": shout}
|
||||
else:
|
||||
error = 'forbidden'
|
||||
return {"error": error, "shout": shout}
|
||||
|
||||
|
||||
|
|
@ -232,13 +231,7 @@ async def update_shout(_, info, shout_id: int, shout_input=None, publish=False):
|
|||
)
|
||||
shout_input['slug'] = slug
|
||||
|
||||
if (
|
||||
shout_by_id.created_by != author.id
|
||||
and not filter(lambda x: x == author.id, shout_by_id.authors)
|
||||
and 'editor' not in roles
|
||||
):
|
||||
return {'error': 'access denied'}
|
||||
|
||||
if filter(lambda x: x.id == author.id, [x for x in shout_by_id.authors]) or 'editor' in roles:
|
||||
# topics patch
|
||||
topics_input = shout_input.get('topics')
|
||||
if topics_input:
|
||||
|
|
@ -265,7 +258,10 @@ async def update_shout(_, info, shout_id: int, shout_input=None, publish=False):
|
|||
# search service indexing
|
||||
search_service.index(shout_by_id)
|
||||
|
||||
return {'shout': shout_dict}
|
||||
return {'shout': shout_dict, 'error': None}
|
||||
else:
|
||||
return {'error': 'access denied', 'shout': None}
|
||||
|
||||
except Exception as exc:
|
||||
logger.error(exc)
|
||||
logger.error(f' cannot update with data: {shout_input}')
|
||||
|
|
@ -275,7 +271,7 @@ async def update_shout(_, info, shout_id: int, shout_input=None, publish=False):
|
|||
|
||||
@mutation.field('delete_shout')
|
||||
@login_required
|
||||
async def delete_shout(_, info, shout_id):
|
||||
async def delete_shout(_, info, shout_id: int):
|
||||
user_id = info.context.get('user_id')
|
||||
roles = info.context.get('roles')
|
||||
if user_id:
|
||||
|
|
@ -285,13 +281,8 @@ async def delete_shout(_, info, shout_id):
|
|||
if not shout:
|
||||
return {'error': 'invalid shout id'}
|
||||
if author and shout:
|
||||
if (
|
||||
shout.created_by is not author.id
|
||||
and author.id not in shout.authors
|
||||
and 'editor' not in roles
|
||||
):
|
||||
return {'error': 'access denied'}
|
||||
|
||||
# NOTE: only owner and editor can mark the shout as deleted
|
||||
if shout.created_by == author.id or 'editor' in roles:
|
||||
for author_id in shout.authors:
|
||||
reactions_unfollow(author_id, shout_id)
|
||||
|
||||
|
|
@ -301,8 +292,9 @@ async def delete_shout(_, info, shout_id):
|
|||
session.add(shout)
|
||||
session.commit()
|
||||
await notify_shout(shout_dict, 'delete')
|
||||
|
||||
return {}
|
||||
return {'error': None}
|
||||
else:
|
||||
return {'error': 'access denied'}
|
||||
|
||||
|
||||
def handle_proposing(session, r, shout):
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user