IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

change variable names for better understanding

Browse Source
This commit is contained in:
Moriz Wahl 2022-11-07 17:49:36 +01:00
parent 55003447e5
commit cb57e09d30
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
backend/src/middleware/permissionsMiddleware.js
View File

@ -122,41 +122,41 @@ const isAllowedToChangeGroupMemberRole = rule({
cache: 'no_cache',
})(async (_parent, args, { user, driver }) => {
if (!(user && user.id)) return false
const adminId = user.id
const currentUserId = user.id
const { groupId, userId, roleInGroup } = args
if (adminId === userId) return false
if (currentUserId === userId) return false
const session = driver.session()
const readTxPromise = session.readTransaction(async (transaction) => {
const transactionResponse = await transaction.run(
`
MATCH (admin:User {id: $adminId})-[adminMembership:MEMBER_OF]->(group:Group {id: $groupId})
MATCH (currentUser:User {id: $currentUserId})-[currentUserMembership:MEMBER_OF]->(group:Group {id: $groupId})
OPTIONAL MATCH (group)<-[userMembership:MEMBER_OF]-(member:User {id: $userId})
RETURN group {.*}, admin {.*, myRoleInGroup: adminMembership.role}, member {.*, myRoleInGroup: userMembership.role}
RETURN group {.*}, currentUser {.*, myRoleInGroup: currentUserMembership.role}, member {.*, myRoleInGroup: userMembership.role}
`,
{ groupId, adminId, userId },
{ groupId, currentUserId, userId },
)
return {
admin: transactionResponse.records.map((record) => record.get('admin'))[0],
currentUser: transactionResponse.records.map((record) => record.get('currentUser'))[0],
group: transactionResponse.records.map((record) => record.get('group'))[0],
member: transactionResponse.records.map((record) => record.get('member'))[0],
}
})
try {
const { admin, group, member } = await readTxPromise
const { currentUser, group, member } = await readTxPromise
const groupExists = !!group
const adminExists = !!admin
const currentUserExists = !!currentUser
const userIsMember = !!member
const sameUserRoleInGroup = member && member.myRoleInGroup === roleInGroup
const userIsOwner = member && ['owner'].includes(member.myRoleInGroup)
const adminIsAdmin = admin && ['admin'].includes(admin.myRoleInGroup)
const currentUserIsAdmin = currentUser && ['admin'].includes(currentUser.myRoleInGroup)
const adminCanSetRole = ['pending', 'usual', 'admin'].includes(roleInGroup)
const adminIsOwner = admin && ['owner'].includes(admin.myRoleInGroup)
const currentUserIsOwner = currentUser && ['owner'].includes(currentUser.myRoleInGroup)
const ownerCanSetRole = ['pending', 'usual', 'admin', 'owner'].includes(roleInGroup)
return (
groupExists &&
adminExists &&
currentUserExists &&
(!userIsMember || (userIsMember && (sameUserRoleInGroup || !userIsOwner))) &&
((adminIsAdmin && adminCanSetRole) || (adminIsOwner && ownerCanSetRole))
((currentUserIsAdmin && adminCanSetRole) || (currentUserIsOwner && ownerCanSetRole))
)
} catch (error) {
throw new Error(error)