Use discourse as SSO provider

debtcollective · Feb 24, 2018 · 732f09b · 732f09b
1 parent 821a1a4
commit 732f09b
Show file tree

Hide file tree

Showing 92 changed files with 680 additions and 2,708 deletions.
diff --git a/.eslintrc b/.eslintrc
@@ -32,6 +32,8 @@
         "allow": ["done", "err", "res", "req", "resolve", "reject"]
       }
     ],
-    "jsx-uses-vars": 0
+    "jsx-uses-vars": 0,
+    "indent": 0,
+    "max-len": [2, { "code": 100, "ignoreStrings": true, "ignoreTemplateLiterals": true }]
   }
 }
diff --git a/ACL/ACL/index.js b/ACL/ACL/index.js
@@ -0,0 +1,3 @@
+module.exports = {
+  Visitor: [[true]],
+};
diff --git a/ACL/Admin.Collectives.Campaigns.Events/index.js b/ACL/Admin.Collectives.Campaigns.Events/index.js
@@ -0,0 +1,27 @@
+/* globals User */
+module.exports = {
+  Visitor: [[false]],
+  User: [[false], ['index', true]],
+  CollectiveManager: [
+    ['index', true],
+    [
+      'create',
+      'delete',
+      req =>
+        User.knex()
+          .table('CollectiveAdmins')
+          .where({
+            collective_id: req.post.collectiveId,
+            user_id: req.user.id,
+          })
+          .then(results => {
+            if (results.length === 0) {
+              return false;
+            }
+
+            return true;
+          }),
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/Admin.Collectives.Campaigns.KBPosts/index.js b/ACL/Admin.Collectives.Campaigns.KBPosts/index.js
@@ -0,0 +1,27 @@
+/* globals User */
+module.exports = {
+  Visitor: [[false]],
+  User: [[false], ['index', true]],
+  CollectiveManager: [
+    ['index', true],
+    [
+      'create',
+      'delete',
+      req =>
+        User.knex()
+          .table('CollectiveAdmins')
+          .where({
+            collective_id: req.post.collectiveId,
+            user_id: req.user.id,
+          })
+          .then(results => {
+            if (results.length === 0) {
+              return false;
+            }
+
+            return true;
+          }),
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/Admin.Collectives.Campaigns/index.js b/ACL/Admin.Collectives.Campaigns/index.js
@@ -0,0 +1,34 @@
+/* globals Admin */
+module.exports = {
+  Visitor: [['new', 'create', 'edit', 'update', 'activate', 'deactivate', false]],
+  User: [['new', 'create', 'edit', 'update', 'activate', 'deactivate', false]],
+  CollectiveManager: [
+    ['new', 'create', true],
+    [
+      'edit',
+      'update',
+      'activate',
+      'deactivate',
+      req => {
+        Admin.Campaign.query()
+          .where('id', req.params.id)
+          .then(([campaign]) =>
+            Admin.Campaign.knex()
+              .table('CollectiveAdmins')
+              .where({
+                collective_id: campaign.collectiveId,
+                user_id: req.user.id,
+              }),
+          )
+          .then(results => {
+            if (results.length === 0) {
+              return false;
+            }
+
+            return true;
+          });
+      },
+    ],
+  ],
+  Admin: [['new', 'create', 'edit', 'update', 'activate', 'deactivate', true]],
+};
diff --git a/ACL/Admin.Collectives.Users/index.js b/ACL/Admin.Collectives.Users/index.js
@@ -0,0 +1,28 @@
+/* globals User */
+module.exports = {
+  Visitor: [[false]],
+  User: [[false]],
+  CollectiveManager: [
+    ['index', true],
+    [
+      'show',
+      'edit',
+      'update',
+      req =>
+        User.knex()
+          .table('CollectiveAdmins')
+          .where({
+            collective_id: req.params.id,
+            user_id: req.user.id,
+          })
+          .then(results => {
+            if (results.length === 0) {
+              return false;
+            }
+
+            return true;
+          }),
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/Admin.Collectives/index.js b/ACL/Admin.Collectives/index.js
@@ -0,0 +1,28 @@
+/* globals User */
+module.exports = {
+  Visitor: [[false]],
+  User: [[false]],
+  CollectiveManager: [
+    ['index', true],
+    [
+      'show',
+      'edit',
+      'update',
+      req =>
+        User.knex()
+          .table('CollectiveAdmins')
+          .where({
+            collective_id: req.params.id,
+            user_id: req.user.id,
+          })
+          .then(results => {
+            if (results.length === 0) {
+              return false;
+            }
+
+            return true;
+          }),
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/Admin.Disputes/index.js b/ACL/Admin.Disputes/index.js
@@ -0,0 +1,5 @@
+module.exports = {
+  Visitor: [[false]],
+  User: [[false]],
+  Admin: [[true]],
+};
diff --git a/ACL/Admin.Users/index.js b/ACL/Admin.Users/index.js
@@ -0,0 +1,5 @@
+module.exports = {
+  Visitor: [[false]],
+  User: [[false]],
+  Admin: [[true]],
+};
diff --git a/ACL/Campaigns.Events/index.js b/ACL/Campaigns.Events/index.js
@@ -0,0 +1,21 @@
+/* globals User, CollectiveAdmins */
+module.exports = {
+  Visitor: [[false], ['index', true]],
+  User: [['index', true]],
+  CollectiveManager: [
+    ['create', 'index', true],
+    [
+      'edit',
+      'update',
+      'delete',
+      req =>
+        CollectiveAdmins.query()
+          .where({
+            collective_id: req.params.collectiveId,
+            user_id: req.user.id,
+          })
+          .then(results => results.length > 0),
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/Campaigns/index.js b/ACL/Campaigns/index.js
@@ -0,0 +1,13 @@
+/* global Campaign */
+
+const isPublicCampaign = req =>
+  Campaign.query()
+    .where('id', req.params.id)
+    .then(([result]) => result.published);
+
+module.exports = {
+  Visitor: [['show', isPublicCampaign], ['join', false]],
+  User: [['show', 'join', isPublicCampaign]],
+  CollectiveManager: [['show', 'join', true]],
+  Admin: [['show', 'join', true]],
+};
diff --git a/ACL/Collectives/index.js b/ACL/Collectives/index.js
@@ -0,0 +1,9 @@
+/* globals CollectiveBans */
+module.exports = {
+  Visitor: [['join', false], ['index', 'show', true]],
+  User: [
+    ['index', true],
+    // Users are already blocked from the passport middleware
+    ['join', true],
+  ],
+};
diff --git a/ACL/Dashboard/index.js b/ACL/Dashboard/index.js
@@ -0,0 +1,5 @@
+module.exports = {
+  Visitor: [['index', false]],
+  User: [['index', true]],
+  Admin: [['index', true]],
+};
diff --git a/ACL/DisputeTools/index.js b/ACL/DisputeTools/index.js
@@ -0,0 +1,5 @@
+module.exports = {
+  Visitor: [['index', true], ['show', false]],
+  User: [['index', true], ['show', true]],
+  Admin: [['index', true], ['show', true]],
+};
diff --git a/ACL/Disputes/index.js b/ACL/Disputes/index.js
@@ -0,0 +1,32 @@
+module.exports = {
+  Visitor: [
+    [false],
+    [
+      'show',
+      'updateDisputeData',
+      'updateSubmission',
+      'addAttachment',
+      'download',
+      'setSignature',
+      'removeAttachment',
+      false,
+    ],
+  ],
+  User: [
+    ['index', 'create', true],
+    [
+      'show',
+      'edit',
+      'update',
+      'destroy',
+      'updateSubmission',
+      'updateDisputeData',
+      'addAttachment',
+      'download',
+      'setSignature',
+      'removeAttachment',
+      req => req.dispute.userId === req.user.id,
+    ],
+  ],
+  Admin: [['download', true]],
+};
diff --git a/ACL/Home/index.js b/ACL/Home/index.js
@@ -0,0 +1,3 @@
+module.exports = {
+  Visitor: [[true]],
+};
diff --git a/ACL/Posts/index.js b/ACL/Posts/index.js
@@ -0,0 +1,54 @@
+/* globals User */
+module.exports = {
+  Visitor: [[false], ['createComment', false], ['index', true]],
+  User: [
+    ['create', 'createComment', 'votePoll', 'index', true],
+    [
+      'edit',
+      'update',
+      'delete',
+      req => {
+        if (req.post.userId !== req.user.id) {
+          return false;
+        }
+
+        return true;
+      },
+    ],
+  ],
+  CollectiveManager: [
+    ['create', 'index', 'createComment', true],
+    [
+      'edit',
+      'update',
+      'delete',
+      req => {
+        if (req.user.role === 'Admin') {
+          return true;
+        }
+
+        return User.knex()
+          .table('Campaigns')
+          .select('collective_id')
+          .where('id', req.params.campaign_id)
+          .then(([result]) =>
+            User.knex()
+              .table('CollectiveAdmins')
+              .where({
+                collective_id: result.collective_id,
+                user_id: req.user.id,
+              })
+              .then(results => {
+                if (results.length === 0) {
+                  return false;
+                }
+
+                return true;
+              })
+              .catch(() => false),
+          );
+      },
+    ],
+  ],
+  Admin: [['createComment', true], [true]],
+};
diff --git a/ACL/Sessions/index.js b/ACL/Sessions/index.js
@@ -0,0 +1,14 @@
+module.exports = {
+  Visitor: [
+    [
+      'new',
+      'create',
+      'destroy',
+      'showEmailForm',
+      'sendResetEmail',
+      'showPasswordForm',
+      'resetPassword',
+      true,
+    ],
+  ],
+};
diff --git a/ACL/Users/index.js b/ACL/Users/index.js
@@ -0,0 +1,24 @@
+/* globals Account */
+
+module.exports = {
+  Visitor: [[false], ['activation', 'activate', 'create', 'new', true]],
+  User: [
+    [false],
+    ['activation', true],
+    ['edit', 'update', req => req.params.id === req.user.id],
+    [
+      'show',
+      req => {
+        if (req.params.id === req.user.id) {
+          return true;
+        }
+
+        return Account.query()
+          .where({ user_id: req.params.id })
+          .limit(1)
+          .then(([account]) => !account.private);
+      },
+    ],
+  ],
+  Admin: [[true]],
+};
diff --git a/ACL/index.js b/ACL/index.js
@@ -0,0 +1,3 @@
+/* Roles */
+
+module.exports = ['Visitor.User.CollectiveManager.Admin'];
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		/* Roles */

		module.exports = ['Visitor.User.CollectiveManager.Admin'];