Commit 5d0f59e1 authored by Marcelo Rivera's avatar Marcelo Rivera

(feat): enforce view permission flag

parent 15e39046
Pipeline #87074647 failed with stages
in 6 minutes and 33 seconds
......@@ -10,6 +10,9 @@ import { AnalyticsService } from '../../../services/analytics';
import { MindsBlogResponse } from '../../../interfaces/responses';
import { MindsBlogEntity } from '../../../interfaces/entities';
import { Flags } from '../../../common/services/permissions/flags';
import { FeaturesService } from '../../../services/features.service';
import { PermissionsService } from '../../../common/services/permissions/permissions.service';
@Component({
moduleId: module.id,
......@@ -37,7 +40,9 @@ export class BlogViewInfinite {
public title: MindsTitle,
private applicationRef: ApplicationRef,
private cd: ChangeDetectorRef,
private analytics: AnalyticsService
private analytics: AnalyticsService,
private featuresService: FeaturesService,
private permissionsService: PermissionsService
) {}
ngOnInit() {
......@@ -96,7 +101,12 @@ export class BlogViewInfinite {
},
response.blog.guid
);
} else if (this.blogs.length === 0) {
} else if (
this.blogs.length === 0 ||
(this.featuresService.has('permissions') &&
!this.permissionsService.canInteract(this.blogs[0], Flags.VIEW))
) {
this.blogs = [];
this.error = "Sorry, we couldn't load the blog";
}
//hack: ios rerun on low memory
......
import {
ChangeDetectorRef,
Component,
OnInit,
Injector,
OnDestroy,
OnInit,
SkipSelf,
Injector,
} from '@angular/core';
import { ActivatedRoute, Router } from '@angular/router';
......@@ -18,8 +18,10 @@ import { AttachmentService } from '../../../services/attachment';
import { ContextService } from '../../../services/context.service';
import { MindsTitle } from '../../../services/ux/title';
import { ActivityService } from '../../../common/services/activity.service';
import { AnalyticsService } from '../../../services/analytics';
import { ClientMetaService } from '../../../common/services/client-meta.service';
import { FeaturesService } from '../../../services/features.service';
import { PermissionsService } from '../../../common/services/permissions/permissions.service';
import { Flags } from '../../../common/services/permissions/flags';
@Component({
moduleId: module.id,
......@@ -75,6 +77,8 @@ export class MediaViewComponent implements OnInit, OnDestroy {
private cd: ChangeDetectorRef,
protected activityService: ActivityService,
private clientMetaService: ClientMetaService,
private featuresService: FeaturesService,
private permissionsService: PermissionsService,
@SkipSelf() injector: Injector
) {
this.clientMetaService
......@@ -122,6 +126,12 @@ export class MediaViewComponent implements OnInit, OnDestroy {
return;
}
if (response.entity) {
if (
this.featuresService.has('permissions') &&
!this.permissionsService.canInteract(response.entity, Flags.VIEW)
) {
throw new Error('Insufficient permissions');
}
this.entity = response.entity;
this.allowComments = this.entity['allow_comments'];
switch (this.entity.subtype) {
......
......@@ -10,6 +10,8 @@ import { EntitiesService } from '../../../common/services/entities.service';
import { Client } from '../../../services/api/client';
import { FeaturesService } from '../../../services/features.service';
import { ClientMetaService } from '../../../common/services/client-meta.service';
import { PermissionsService } from '../../../common/services/permissions/permissions.service';
import { Flags } from '../../../common/services/permissions/flags';
@Component({
selector: 'm-newsfeed--single',
......@@ -33,6 +35,7 @@ export class NewsfeedSingleComponent {
public entitiesService: EntitiesService,
protected client: Client,
protected featuresService: FeaturesService,
protected permissionsService: PermissionsService,
protected clientMetaService: ClientMetaService,
@SkipSelf() injector: Injector
) {
......@@ -80,6 +83,13 @@ export class NewsfeedSingleComponent {
if (activity === null) {
return; // Not yet loaded
}
if (
this.featuresService.has('permissions') &&
!this.permissionsService.canInteract(activity, Flags.VIEW)
) {
this.error = "Sorry, we couldn't load the activity";
return;
}
this.activity = activity;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment