fix: issues with issues (#3267)

* fix: issues with issues * fix: don't notify on user closing/reopening own issue * fix: only show close/reopen buttons for OP and admins
2 years ago · caacfa21d9
parent ee9e1696ce
commit caacfa21d9
4 changed files with 24 additions and 5 deletions
--- a/server/routes/issue.ts
+++ b/server/routes/issue.ts
@ -308,7 +308,9 @@ issueRoutes.post<{ issueId: string }, Issue, { message: string }>(

 issueRoutes.post<{ issueId: string; status: string }, Issue>(
  '/:issueId/:status',
-  isAuthenticated(Permission.MANAGE_ISSUES),
+  isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], {
+    type: 'or',
+  }),
  async (req, res, next) => {
    const issueRepository = getRepository(Issue);
    // Satisfy typescript here. User is set, we assure you!
@ -321,6 +323,16 @@ issueRoutes.post<{ issueId: string; status: string }, Issue>(
        where: { id: Number(req.params.issueId) },
      });

+      if (
+        !req.user?.hasPermission(Permission.MANAGE_ISSUES) &&
+        issue.createdBy.id !== req.user?.id
+      ) {
+        return next({
+          status: 401,
+          message: 'You do not have permission to modify this issue.',
+        });
+      }
+
      let newStatus: IssueStatus | undefined;

      switch (req.params.status) {
--- a/server/subscriber/IssueCommentSubscriber.ts
+++ b/server/subscriber/IssueCommentSubscriber.ts
@ -4,6 +4,7 @@ import { MediaType } from '@server/constants/media';
 import { getRepository } from '@server/datasource';
 import IssueComment from '@server/entity/IssueComment';
 import Media from '@server/entity/Media';
+import { User } from '@server/entity/User';
 import notificationManager, { Notification } from '@server/lib/notifications';
 import { Permission } from '@server/lib/permissions';
 import logger from '@server/logger';
@ -32,6 +33,10 @@ export class IssueCommentSubscriber
        })
      ).issue;

+      const createdBy = await getRepository(User).findOneOrFail({
+        where: { id: issue.createdBy.id },
+      });
+
      const media = await getRepository(Media).findOneOrFail({
        where: { id: issue.media.id },
      });
@ -71,9 +76,9 @@ export class IssueCommentSubscriber
          notifyAdmin: true,
          notifySystem: true,
          notifyUser:
-            !issue.createdBy.hasPermission(Permission.MANAGE_ISSUES) &&
-            issue.createdBy.id !== entity.user.id
-              ? issue.createdBy
+            !createdBy.hasPermission(Permission.MANAGE_ISSUES) &&
+            createdBy.id !== entity.user.id
+              ? createdBy
              : undefined,
        });
      }
--- a/server/subscriber/IssueSubscriber.ts
+++ b/server/subscriber/IssueSubscriber.ts
@ -87,6 +87,7 @@ export class IssueSubscriber implements EntitySubscriberInterface<Issue> {
        notifySystem: true,
        notifyUser:
          !entity.createdBy.hasPermission(Permission.MANAGE_ISSUES) &&
+          entity.modifiedBy?.id !== entity.createdBy.id &&
          (type === Notification.ISSUE_RESOLVED ||
            type === Notification.ISSUE_REOPENED)
            ? entity.createdBy
--- a/src/components/IssueDetails/index.tsx
+++ b/src/components/IssueDetails/index.tsx
@ -475,7 +475,8 @@ const IssueDetails = () => {
                          className="h-20"
                        />
                        <div className="mt-4 flex items-center justify-end space-x-2">
-                          {hasPermission(Permission.MANAGE_ISSUES) && (
+                          {(hasPermission(Permission.MANAGE_ISSUES) ||
+                            belongsToUser) && (
                            <>
                              {issueData.status === IssueStatus.OPEN ? (
                                <Button