mirror/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-05-04 08:40:15 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
72bfbf20607e048eb7abf17f58fe1175e344a64d
outline/server/policies/user.ts
T
Tom Moor 72bfbf2060 Allow returning team API keys for admins from apiKeys.list (#7766) 
* Allow returning team apiKeys.list for admins from apiKeys.list

* Filter apikeys in store
2024-10-14 15:29:47 -07:00

70 lines
1.4 KiB
TypeScript
Raw Blame History

import { TeamPreference } from "@shared/types";
import { User, Team } from "@server/models";
import { allow } from "./cancan";
import { and, isTeamAdmin, isTeamModel, isTeamMutable, or } from "./utils";
allow(User, "read", User, isTeamModel);
allow(User, "listUsers", Team, (actor, team) =>
and(
//
isTeamModel(actor, team),
!actor.isGuest
)
);
allow(User, "inviteUser", Team, (actor, team) =>
and(
isTeamModel(actor, team),
isTeamMutable(actor),
!actor.isGuest,
!actor.isViewer,
actor.isAdmin || !!team?.getPreference(TeamPreference.MembersCanInvite)
)
);
allow(User, ["update", "readDetails", "listApiKeys"], User, (actor, user) =>
or(
//
isTeamAdmin(actor, user),
actor.id === user?.id
)
);
allow(User, "delete", User, (actor, user) =>
or(
isTeamAdmin(actor, user),
and(
actor.id === user?.id,
!!actor.team.getPreference(TeamPreference.MembersCanDeleteAccount)
)
)
);
allow(User, ["activate", "suspend"], User, isTeamAdmin);
allow(User, "promote", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!user?.isAdmin,
!user?.isSuspended
)
);
allow(User, "demote", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!user?.isSuspended
)
);
allow(User, "resendInvite", User, (actor, user) =>
and(
//
isTeamAdmin(actor, user),
!!user?.isInvited
)
);
Reference in New Issue View Git Blame Copy Permalink