UNPKG

@blocknote/core

Version:

A "Notion-style" block-based extensible text editor built on top of Prosemirror and Tiptap.

github.com/TypeCellOS/BlockNote

TypeCellOS/BlockNote

107 lines (94 loc) 2.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { CommentData, ThreadData } from "../types.js"; import { ThreadStoreAuth } from "./ThreadStoreAuth.js"; /* * The DefaultThreadStoreAuth class defines the authorization rules for interacting with comments. * We take a role ("comment" or "editor") and implement the rules. * * This class is then used in the UI to show / hide specific interactions. * * Rules: * - View-only users should not be able to see any comments * - Comment-only users and editors can: * - - create new comments / replies / reactions * - - edit / delete their own comments / reactions * - - resolve / unresolve threads * - Editors can also delete any comment or thread */ export class DefaultThreadStoreAuth extends ThreadStoreAuth { constructor( private readonly userId: string, private readonly role: "comment" | "editor", ) { super(); } /** * Auth: should be possible by anyone with comment access */ canCreateThread(): boolean { return true; } /** * Auth: should be possible by anyone with comment access */ canAddComment(_thread: ThreadData): boolean { return true; } /** * Auth: should only be possible by the comment author */ canUpdateComment(comment: CommentData): boolean { return comment.userId === this.userId; } /** * Auth: should be possible by the comment author OR an editor of the document */ canDeleteComment(comment: CommentData): boolean { return comment.userId === this.userId || this.role === "editor"; } /** * Auth: should only be possible by an editor of the document */ canDeleteThread(_thread: ThreadData): boolean { return this.role === "editor"; } /** * Auth: should be possible by anyone with comment access */ canResolveThread(_thread: ThreadData): boolean { return true; } /** * Auth: should be possible by anyone with comment access */ canUnresolveThread(_thread: ThreadData): boolean { return true; } /** * Auth: should be possible by anyone with comment access * * Note: will also check if the user has already reacted with the same emoji. TBD: is that a nice design or should this responsibility be outside of auth? */ canAddReaction(comment: CommentData, emoji?: string): boolean { if (!emoji) { return true; } return !comment.reactions.some( (reaction) => reaction.emoji === emoji && reaction.userIds.includes(this.userId), ); } /** * Auth: should be possible by anyone with comment access * * Note: will also check if the user has already reacted with the same emoji. TBD: is that a nice design or should this responsibility be outside of auth? */ canDeleteReaction(comment: CommentData, emoji?: string): boolean { if (!emoji) { return true; } return comment.reactions.some( (reaction) => reaction.emoji === emoji && reaction.userIds.includes(this.userId), ); } }