Browse Source

allow tag/untag of open stories.

master 2.1.3
Gisle Aune 4 years ago
parent
commit
570d0e2bd2
  1. 5
      services/auth.go
  2. 4
      services/stories.go

5
services/auth.go

@ -125,6 +125,11 @@ func (s *AuthService) CheckPermission(ctx context.Context, op string, obj interf
case *models.Post: case *models.Post:
authorized = token.Permitted("post." + op) authorized = token.Permitted("post." + op)
case *models.Story: case *models.Story:
if op == "tag" && v.Open {
authorized = true
break
}
authorized = token.PermittedUser(v.Author, "member", "story."+op) authorized = token.PermittedUser(v.Author, "member", "story."+op)
case *models.User: case *models.User:
authorized = token.Permitted("user." + op) authorized = token.Permitted("user." + op)

4
services/stories.go

@ -232,7 +232,7 @@ func (s *StoryService) EditStory(ctx context.Context, story *models.Story, name
} }
func (s *StoryService) AddStoryTag(ctx context.Context, story models.Story, tag models.Tag) (*models.Story, error) { func (s *StoryService) AddStoryTag(ctx context.Context, story models.Story, tag models.Tag) (*models.Story, error) {
if err := s.authService.CheckPermission(ctx, "edit", &story); err != nil {
if err := s.authService.CheckPermission(ctx, "tag", &story); err != nil {
return nil, err return nil, err
} }
@ -249,7 +249,7 @@ func (s *StoryService) AddStoryTag(ctx context.Context, story models.Story, tag
} }
func (s *StoryService) RemoveStoryTag(ctx context.Context, story models.Story, tag models.Tag) (*models.Story, error) { func (s *StoryService) RemoveStoryTag(ctx context.Context, story models.Story, tag models.Tag) (*models.Story, error) {
if err := s.authService.CheckPermission(ctx, "edit", &story); err != nil {
if err := s.authService.CheckPermission(ctx, "tag", &story); err != nil {
return nil, err return nil, err
} }

Loading…
Cancel
Save