(feat): enforce view permission flag

5d0f59e1 · Marcelo Rivera · 15e39046 · 5d0f59e1 · 5d0f59e1 · 5d0f59e1
Commit 5d0f59e1 authored Oct 07, 2019 by Marcelo Rivera
3 changed files
--- a/src/app/modules/blogs/view/infinite.ts
+++ b/src/app/modules/blogs/view/infinite.ts
@@ -10,6 +10,9 @@ import { AnalyticsService } from '../../../services/analytics';

 import { MindsBlogResponse } from '../../../interfaces/responses';
 import { MindsBlogEntity } from '../../../interfaces/entities';
+import { Flags } from '../../../common/services/permissions/flags';
+import { FeaturesService } from '../../../services/features.service';
+import { PermissionsService } from '../../../common/services/permissions/permissions.service';

 @Component({
  moduleId: module.id,
@@ -37,7 +40,9 @@ export class BlogViewInfinite {
    public title: MindsTitle,
    private applicationRef: ApplicationRef,
    private cd: ChangeDetectorRef,
-    private analytics: AnalyticsService
+    private analytics: AnalyticsService,
+    private featuresService: FeaturesService,
+    private permissionsService: PermissionsService
  ) {}

  ngOnInit() {
@@ -96,7 +101,12 @@ export class BlogViewInfinite {
            },
            response.blog.guid
          );
-        } else if (this.blogs.length === 0) {
+        } else if (
+          this.blogs.length === 0 ||
+          (this.featuresService.has('permissions') &&
+            !this.permissionsService.canInteract(this.blogs[0], Flags.VIEW))
+        ) {
+          this.blogs = [];
          this.error = "Sorry, we couldn't load the blog";
        }
        //hack: ios rerun on low memory

--- a/src/app/modules/media/view/view.component.ts
+++ b/src/app/modules/media/view/view.component.ts
 import {
  ChangeDetectorRef,
  Component,
-  OnInit,
+  Injector,
  OnDestroy,
+  OnInit,
  SkipSelf,
-  Injector,
 } from '@angular/core';
 import { ActivatedRoute, Router } from '@angular/router';

@@ -18,8 +18,10 @@ import { AttachmentService } from '../../../services/attachment';
 import { ContextService } from '../../../services/context.service';
 import { MindsTitle } from '../../../services/ux/title';
 import { ActivityService } from '../../../common/services/activity.service';
-import { AnalyticsService } from '../../../services/analytics';
 import { ClientMetaService } from '../../../common/services/client-meta.service';
+import { FeaturesService } from '../../../services/features.service';
+import { PermissionsService } from '../../../common/services/permissions/permissions.service';
+import { Flags } from '../../../common/services/permissions/flags';

 @Component({
  moduleId: module.id,
@@ -75,6 +77,8 @@ export class MediaViewComponent implements OnInit, OnDestroy {
    private cd: ChangeDetectorRef,
    protected activityService: ActivityService,
    private clientMetaService: ClientMetaService,
+    private featuresService: FeaturesService,
+    private permissionsService: PermissionsService,
    @SkipSelf() injector: Injector
  ) {
    this.clientMetaService
@@ -122,6 +126,12 @@ export class MediaViewComponent implements OnInit, OnDestroy {
          return;
        }
        if (response.entity) {
+          if (
+            this.featuresService.has('permissions') &&
+            !this.permissionsService.canInteract(response.entity, Flags.VIEW)
+          ) {
+            throw new Error('Insufficient permissions');
+          }
          this.entity = response.entity;
          this.allowComments = this.entity['allow_comments'];
          switch (this.entity.subtype) {

--- a/src/app/modules/newsfeed/single/single.component.ts
+++ b/src/app/modules/newsfeed/single/single.component.ts
@@ -10,6 +10,8 @@ import { EntitiesService } from '../../../common/services/entities.service';
 import { Client } from '../../../services/api/client';
 import { FeaturesService } from '../../../services/features.service';
 import { ClientMetaService } from '../../../common/services/client-meta.service';
+import { PermissionsService } from '../../../common/services/permissions/permissions.service';
+import { Flags } from '../../../common/services/permissions/flags';

 @Component({
  selector: 'm-newsfeed--single',
@@ -33,6 +35,7 @@ export class NewsfeedSingleComponent {
    public entitiesService: EntitiesService,
    protected client: Client,
    protected featuresService: FeaturesService,
+    protected permissionsService: PermissionsService,
    protected clientMetaService: ClientMetaService,
    @SkipSelf() injector: Injector
  ) {
@@ -80,6 +83,13 @@ export class NewsfeedSingleComponent {
        if (activity === null) {
          return; // Not yet loaded
        }
+        if (
+          this.featuresService.has('permissions') &&
+          !this.permissionsService.canInteract(activity, Flags.VIEW)
+        ) {
+          this.error = "Sorry, we couldn't load the activity";
+          return;
+        }

        this.activity = activity;