fix: changed access level rank for resolving a comment to content

GitOrigin-RevId: 6658dbc471d98131cab6c65c66c0e746ea942f21
plasmicapp · Jan 9, 2025 · e8e743a · e8e743a
1 parent 9b79734
commit e8e743a
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/platform/wab/src/wab/client/components/comments/CommentPost.tsx b/platform/wab/src/wab/client/components/comments/CommentPost.tsx
@@ -10,15 +10,15 @@ import {
 } from "@/wab/client/plasmic/plasmic_kit_comments/PlasmicCommentPost";
 import PlasmicReactionButton from "@/wab/client/plasmic/plasmic_kit_comments/PlasmicReactionButton";
 import {
-  isUserProjectEditor,
+  isUserProjectContentEditor,
   isUserProjectOwner,
   useStudioCtx,
 } from "@/wab/client/studio-ctx/StudioCtx";
+import { StandardMarkdown } from "@/wab/client/utils/StandardMarkdown";
 import { OnClickAway } from "@/wab/commons/components/OnClickAway";
 import { ApiCommentReaction, CommentId } from "@/wab/shared/ApiSchema";
 import { fullName } from "@/wab/shared/ApiSchemaUtil";
 import { ensure, ensureString, maybe, spawn } from "@/wab/shared/common";
-import { StandardMarkdown } from "@/wab/client/utils/StandardMarkdown";
 import { HTMLElementRefOf } from "@plasmicapp/react-web";
 import { Menu, Tooltip } from "antd";
 import Popover from "antd/lib/popover";
@@ -112,7 +112,7 @@ function CommentMenuOptions(props: {
   const appCtx = useAppCtx();
   const api = appCtx.api;
 
-  const isEditor = isUserProjectEditor(
+  const isContentEditor = isUserProjectContentEditor(
     appCtx.selfInfo,
     studioCtx.siteInfo,
     studioCtx.siteInfo.perms
@@ -130,7 +130,9 @@ function CommentMenuOptions(props: {
     <Menu>
       <Menu.Item
         key="change-status"
-        disabled={!isEditor}
+        disabled={
+          !(isContentEditor || appCtx.selfInfo?.id === comment.createdById)
+        }
         onClick={async () => {
           await api.editComment(projectId, branchId, comment.id, {
             resolved: !comment.resolved,

diff --git a/platform/wab/src/wab/client/studio-ctx/StudioCtx.tsx b/platform/wab/src/wab/client/studio-ctx/StudioCtx.tsx
@@ -6853,6 +6853,14 @@ export function checkAccessLevelRank(
   );
 }
 
+export function isUserProjectContentEditor(
+  user: ApiUser | null,
+  project: ApiProject,
+  perms: ApiPermission[]
+) {
+  return checkAccessLevelRank(user, project, perms, "content");
+}
+
 export function isUserProjectEditor(
   user: ApiUser | null,
   project: ApiProject,

diff --git a/platform/wab/src/wab/server/db/DbMgr.ts b/platform/wab/src/wab/server/db/DbMgr.ts
@@ -9651,7 +9651,17 @@ export class DbMgr implements MigrationDbMgr {
       id: commentId,
     });
 
-    this.checkUserIdIsSelf(comment.createdById ?? undefined);
+    if (!this.isUserIdSelf(comment.createdById ?? undefined)) {
+      if ("body" in data) {
+        throw new ForbiddenError("Can only do this for self.");
+      }
+      await this.checkProjectPerms(
+        comment.projectId,
+        "content",
+        "resolve a comment",
+        true
+      );
+    }
 
     Object.assign(comment, this.stampUpdate(), data);
     await this.entMgr.save(comment);