From fd219717c01c558814d7a80de6304272b5a7944e Mon Sep 17 00:00:00 2001 From: TheCatLady <52870424+TheCatLady@users.noreply.github.com> Date: Mon, 23 Jan 2023 18:58:56 -0800 Subject: [PATCH] fix: issues with issues (#3267) * fix: issues with issues * fix: don't notify on user closing/reopening own issue * fix: only show close/reopen buttons for OP and admins --- server/routes/issue.ts | 14 +++++++++++++- server/subscriber/IssueCommentSubscriber.ts | 11 ++++++++--- server/subscriber/IssueSubscriber.ts | 1 + src/components/IssueDetails/index.tsx | 3 ++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/server/routes/issue.ts b/server/routes/issue.ts index 6349bb74..953b3757 100644 --- a/server/routes/issue.ts +++ b/server/routes/issue.ts @@ -308,7 +308,9 @@ issueRoutes.post<{ issueId: string }, Issue, { message: string }>( issueRoutes.post<{ issueId: string; status: string }, Issue>( '/:issueId/:status', - isAuthenticated(Permission.MANAGE_ISSUES), + isAuthenticated([Permission.MANAGE_ISSUES, Permission.CREATE_ISSUES], { + type: 'or', + }), async (req, res, next) => { const issueRepository = getRepository(Issue); // Satisfy typescript here. User is set, we assure you! @@ -321,6 +323,16 @@ issueRoutes.post<{ issueId: string; status: string }, Issue>( where: { id: Number(req.params.issueId) }, }); + if ( + !req.user?.hasPermission(Permission.MANAGE_ISSUES) && + issue.createdBy.id !== req.user?.id + ) { + return next({ + status: 401, + message: 'You do not have permission to modify this issue.', + }); + } + let newStatus: IssueStatus | undefined; switch (req.params.status) { diff --git a/server/subscriber/IssueCommentSubscriber.ts b/server/subscriber/IssueCommentSubscriber.ts index cb95ba00..71db981d 100644 --- a/server/subscriber/IssueCommentSubscriber.ts +++ b/server/subscriber/IssueCommentSubscriber.ts @@ -4,6 +4,7 @@ import { MediaType } from '@server/constants/media'; import { getRepository } from '@server/datasource'; import IssueComment from '@server/entity/IssueComment'; import Media from '@server/entity/Media'; +import { User } from '@server/entity/User'; import notificationManager, { Notification } from '@server/lib/notifications'; import { Permission } from '@server/lib/permissions'; import logger from '@server/logger'; @@ -32,6 +33,10 @@ export class IssueCommentSubscriber }) ).issue; + const createdBy = await getRepository(User).findOneOrFail({ + where: { id: issue.createdBy.id }, + }); + const media = await getRepository(Media).findOneOrFail({ where: { id: issue.media.id }, }); @@ -71,9 +76,9 @@ export class IssueCommentSubscriber notifyAdmin: true, notifySystem: true, notifyUser: - !issue.createdBy.hasPermission(Permission.MANAGE_ISSUES) && - issue.createdBy.id !== entity.user.id - ? issue.createdBy + !createdBy.hasPermission(Permission.MANAGE_ISSUES) && + createdBy.id !== entity.user.id + ? createdBy : undefined, }); } diff --git a/server/subscriber/IssueSubscriber.ts b/server/subscriber/IssueSubscriber.ts index eb402041..d54523cf 100644 --- a/server/subscriber/IssueSubscriber.ts +++ b/server/subscriber/IssueSubscriber.ts @@ -87,6 +87,7 @@ export class IssueSubscriber implements EntitySubscriberInterface { notifySystem: true, notifyUser: !entity.createdBy.hasPermission(Permission.MANAGE_ISSUES) && + entity.modifiedBy?.id !== entity.createdBy.id && (type === Notification.ISSUE_RESOLVED || type === Notification.ISSUE_REOPENED) ? entity.createdBy diff --git a/src/components/IssueDetails/index.tsx b/src/components/IssueDetails/index.tsx index 4be5383c..797611b4 100644 --- a/src/components/IssueDetails/index.tsx +++ b/src/components/IssueDetails/index.tsx @@ -475,7 +475,8 @@ const IssueDetails = () => { className="h-20" />
- {hasPermission(Permission.MANAGE_ISSUES) && ( + {(hasPermission(Permission.MANAGE_ISSUES) || + belongsToUser) && ( <> {issueData.status === IssueStatus.OPEN ? (