fix: Page Rules based on Tag Matches do not work for comment permissions (#5819)

2 years ago · 2cb304100c
parent 1893fd499a
commit 2cb304100c
2 changed files with 18 additions and 6 deletions
--- a/server/graph/resolvers/comment.js
+++ b/server/graph/resolvers/comment.js
@ -40,9 +40,13 @@ module.exports = {
     * Fetch list of comments for a page
     */
    async list (obj, args, context) {
-      const page = await WIKI.models.pages.query().select('id').findOne({ localeCode: args.locale, path: args.path })
+      const page = await WIKI.models.pages.query().select('pages.id').findOne({ localeCode: args.locale, path: args.path })
+        .withGraphJoined('tags')
+        .modifyGraph('tags', builder => {
+          builder.select('tag')
+        })
      if (page) {
-        if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], args)) {
+        if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], { tags: page.tags, ...args })) {
          const comments = await WIKI.models.comments.query().where('pageId', page.id).orderBy('createdAt')
          return comments.map(c => ({
            ...c,
@ -66,10 +70,15 @@ module.exports = {
        throw new WIKI.Error.CommentNotFound()
      }
      const page = await WIKI.models.pages.query().select('localeCode', 'path').findById(cm.pageId)
+        .withGraphJoined('tags')
+        .modifyGraph('tags', builder => {
+          builder.select('tag')
+        })
      if (page) {
        if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], {
          path: page.path,
-          locale: page.localeCode
+          locale: page.localeCode,
+          tags: page.tags
        })) {
          return {
            ...cm,
--- a/server/models/comments.js
+++ b/server/models/comments.js
@ -99,7 +99,8 @@ module.exports = class Comment extends Model {
    if (page) {
      if (!WIKI.auth.checkAccess(user, ['write:comments'], {
        path: page.path,
-        locale: page.localeCode
+        locale: page.localeCode,
+        tags: page.tags
      })) {
        throw new WIKI.Error.CommentPostForbidden()
      }
@ -136,7 +137,8 @@ module.exports = class Comment extends Model {
    if (page) {
      if (!WIKI.auth.checkAccess(user, ['manage:comments'], {
        path: page.path,
-        locale: page.localeCode
+        locale: page.localeCode,
+        tags: page.tags
      })) {
        throw new WIKI.Error.CommentManageForbidden()
      }
@ -169,7 +171,8 @@ module.exports = class Comment extends Model {
    if (page) {
      if (!WIKI.auth.checkAccess(user, ['manage:comments'], {
        path: page.path,
-        locale: page.localeCode
+        locale: page.localeCode,
+        tags: page.tags
      })) {
        throw new WIKI.Error.CommentManageForbidden()
      }