@speckle/shared
Version:
Shared code between various Speckle JS packages
45 lines • 1.9 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.canDeleteModelPolicy = void 0;
const result_1 = require("true-myth/result");
const projects_js_1 = require("../../../fragments/projects.js");
const authErrors_js_1 = require("../../../domain/authErrors.js");
const constants_js_1 = require("../../../../core/constants.js");
const canDeleteModelPolicy = (loaders) => async ({ userId, projectId, modelId }) => {
// Ensure general project write access
const ensureWriteAccess = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({
userId,
projectId
});
if (ensureWriteAccess.isErr) {
return (0, result_1.err)(ensureWriteAccess.error);
}
// Ensure 'main'/'globals' doesn't get deleted
const model = await loaders.getModel({
projectId,
modelId
});
if (!model) {
return (0, result_1.err)(new authErrors_js_1.ModelNotFoundError());
}
// Model must be owned by author OR user must be project owner
if (!model.authorId || model.authorId !== userId) {
const ensureProjectOwner = await (0, projects_js_1.ensureMinimumProjectRoleFragment)(loaders)({
userId: userId,
projectId,
role: constants_js_1.Roles.Stream.Owner
});
if (ensureProjectOwner.isErr) {
return (0, result_1.err)(ensureProjectOwner.error);
}
}
if (model.name === 'main') {
return (0, result_1.err)(new authErrors_js_1.ReservedModelNotDeletableError("The 'main' model cannot be deleted"));
}
if (model.name === 'globals') {
return (0, result_1.err)(new authErrors_js_1.ReservedModelNotDeletableError("The 'globals' model cannot be deleted"));
}
return (0, result_1.ok)();
};
exports.canDeleteModelPolicy = canDeleteModelPolicy;
//# sourceMappingURL=canDelete.js.map