feat: ロールによるコンテンツの操作の制限 (#120)

2023-07-28 04:21:59 +09:00
parent 0bed053b7d
commit 46f8a0435c
91 changed files with 228 additions and 11 deletions
--- a/packages/backend/src/core/RoleService.ts
+++ b/packages/backend/src/core/RoleService.ts
@@ -20,6 +20,9 @@ export type RolePolicies = {
 	gtlAvailable: boolean;
 	ltlAvailable: boolean;
 	canPublicNote: boolean;
+	canCreateContent: boolean;
+	canUpdateContent: boolean;
+	canDeleteContent: boolean;
 	canInvite: boolean;
 	inviteLimit: number;
 	inviteLimitCycle: number;
@@ -44,6 +47,9 @@ export const DEFAULT_POLICIES: RolePolicies = {
 	gtlAvailable: true,
 	ltlAvailable: true,
 	canPublicNote: true,
+	canCreateContent: true,
+	canUpdateContent: true,
+	canDeleteContent: true,
 	canInvite: false,
 	inviteLimit: 0,
 	inviteLimitCycle: 60 * 24 * 7,
@@ -287,6 +293,9 @@ export class RoleService implements OnApplicationShutdown {
 			gtlAvailable: calc('gtlAvailable', vs => vs.some(v => v === true)),
 			ltlAvailable: calc('ltlAvailable', vs => vs.some(v => v === true)),
 			canPublicNote: calc('canPublicNote', vs => vs.some(v => v === true)),
+			canCreateContent: calc('canCreateContent', vs => vs.some(v => v === true)),
+			canUpdateContent: calc('canUpdateContent', vs => vs.some(v => v === true)),
+			canDeleteContent: calc('canDeleteContent', vs => vs.some(v => v === true)),
 			canInvite: calc('canInvite', vs => vs.some(v => v === true)),
 			inviteLimit: calc('inviteLimit', vs => Math.max(...vs)),
 			inviteLimitCycle: calc('inviteLimitCycle', vs => Math.max(...vs)),
--- a/packages/backend/src/core/entities/UserEntityService.ts
+++ b/packages/backend/src/core/entities/UserEntityService.ts
@@ -351,8 +351,9 @@ export class UserEntityService implements OnModuleInit {
 			(profile.ffVisibility === 'followers') && (relation && relation.isFollowing) ? user.followersCount :
 			null;

-		const isModerator = isMe && opts.detail ? this.roleService.isModerator(user) : null;
-		const isAdmin = isMe && opts.detail ? this.roleService.isAdministrator(user) : null;
+		const isModerator = isMe && opts.detail ? await this.roleService.isModerator(user) : null;
+		const isAdmin = isMe && opts.detail ? await this.roleService.isAdministrator(user) : null;
+		const policies = opts.detail ? await this.roleService.getUserPolicies(user.id) : null;

 		const falsy = opts.detail ? false : undefined;

@@ -396,7 +397,8 @@ export class UserEntityService implements OnModuleInit {
 				bannerUrl: user.bannerUrl,
 				bannerBlurhash: user.bannerBlurhash,
 				isLocked: user.isLocked,
-				isSilenced: this.roleService.getUserPolicies(user.id).then(r => !r.canPublicNote),
+				isSilenced: !policies?.canPublicNote,
+				isLimited: !(policies?.canCreateContent && policies.canUpdateContent && policies.canDeleteContent),
 				isSuspended: user.isSuspended ?? falsy,
 				description: profile!.description,
 				location: profile!.location,
@@ -473,7 +475,7 @@ export class UserEntityService implements OnModuleInit {
 				emailNotificationTypes: profile!.emailNotificationTypes,
 				achievements: profile!.achievements,
 				loggedInDays: profile!.loggedInDates.length,
-				policies: this.roleService.getUserPolicies(user.id),
+				policies: policies,
 			} : {}),

 			...(opts.includeSecrets ? {