editableByMe filter restriction added

helsingborg-stad · May 17, 2024 · b151429 · b151429
1 parent 3a23120
commit b151429
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 5 deletions.
diff --git a/src/adverts/adverts.gql.schema.ts b/src/adverts/adverts.gql.schema.ts
@@ -114,6 +114,7 @@ export const advertsGqlSchema = /* GraphQL */ `
     reservedByMe: Boolean
     collectedByMe: Boolean
     createdByMe: Boolean
+    editableByMe: Boolean
     isArchived: Boolean
     hasReservations: Boolean
     hasCollects: Boolean

diff --git a/src/adverts/filters/advert-filter-predicate.ts b/src/adverts/filters/advert-filter-predicate.ts
@@ -51,6 +51,14 @@ const createRestrictionsPredicate = (
       : null
 
   const matchers: Predicate<Advert>[] = [
+    makeMatcher(
+      restrictions.editableByMe,
+      ({ createdBy }) =>
+        user.roles?.canEditOwnAdverts && user.roles.canManageAllAdverts
+          ? true
+          : createdBy === user.id,
+      () => false
+    ),
     makeMatcher(
       restrictions?.createdByMe,
       ({ createdBy }) => createdBy === user.id

diff --git a/src/adverts/repository/mongo/filters/map-restrictions.spec.ts b/src/adverts/repository/mongo/filters/map-restrictions.spec.ts
@@ -3,6 +3,7 @@ import type { HaffaUser } from '../../../../login/types'
 import type { MongoAdvert } from '../types'
 import { combineAnd } from './filter-utils'
 import { mapRestrictions, regularAdvertsFilter } from './map-restrictions'
+import { makeAdmin } from '../../../../login'
 
 describe('mapRestrictions', () => {
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -11,7 +12,7 @@ describe('mapRestrictions', () => {
   }
 
   const makeRegularFilter = (
-    filter: Filter<MongoAdvert>
+    filter?: Filter<MongoAdvert>
   ): Filter<MongoAdvert> => combineAnd(filter, regularAdvertsFilter)!
 
   it('maps empty or not set to list regular (non archived) adverts', () => {
@@ -51,4 +52,19 @@ describe('mapRestrictions', () => {
       })
     )
   })
+
+  it('maps editableByMe for regular users', () => {
+    expect(mapRestrictions(user, { editableByMe: true })).toMatchObject(
+      makeRegularFilter({
+        'advert.createdBy': user.id,
+      })
+    )
+  })
+
+  it('maps editableByMe for admin users', () => {
+    const su = makeAdmin({ id: 'super@user' })
+    expect(mapRestrictions(su, { editableByMe: true })).toMatchObject(
+      makeRegularFilter()
+    )
+  })
 })
diff --git a/src/adverts/repository/mongo/filters/map-restrictions.ts b/src/adverts/repository/mongo/filters/map-restrictions.ts
@@ -9,11 +9,41 @@ export const regularAdvertsFilter: Filter<MongoAdvert> = {
   'meta.archived': { $ne: true },
 }
 
+const ownerRestrictions = (
+  user: HaffaUser,
+  restrictions?: AdvertRestrictionsFilterInput
+) => {
+  // do we use owner/admin restrictions?
+  const requiresOwnerAccess = [
+    restrictions?.isArchived,
+    restrictions?.hasReservations,
+    restrictions?.hasCollects,
+  ].some(v => v === true || v === false)
+
+  if (requiresOwnerAccess || restrictions?.editableByMe) {
+    if (
+      restrictions?.editableByMe &&
+      user.roles?.canEditOwnAdverts &&
+      user.roles.canManageAllAdverts
+    ) {
+      // super user, no restrictions
+      return null
+    }
+    return { 'advert.createdBy': user.id }
+  }
+  return null
+}
+
 export const mapRestrictions = (
   user: HaffaUser,
   restrictions?: AdvertRestrictionsFilterInput
 ): Filter<MongoAdvert> | null =>
   combineAnd(
+    ownerRestrictions(user, restrictions),
+    restrictions?.editableByMe === false && {
+      'advert.id': -1, // dont match anything
+    },
+
     restrictions?.canBeReserved === true &&
       combineOr(
         {
@@ -50,10 +80,7 @@ export const mapRestrictions = (
         },
       },
     },
-    (restrictions?.isArchived ||
-      restrictions?.hasReservations ||
-      restrictions?.hasCollects ||
-      restrictions?.createdByMe === true) && {
+    restrictions?.createdByMe === true && {
       'advert.createdBy': user.id,
     },
     restrictions?.createdByMe === false && {

diff --git a/src/adverts/types.ts b/src/adverts/types.ts
@@ -170,6 +170,7 @@ export interface AdvertRestrictionsFilterInput {
   reservedByMe?: boolean
   collectedByMe?: boolean
   createdByMe?: boolean
+  editableByMe?: boolean
   isArchived?: boolean
   hasReservations?: boolean
   hasCollects?: boolean