From c26e5b6e058855e0b8c4485992b729e6b8faf09d Mon Sep 17 00:00:00 2001 From: Dannon Baker Date: Tue, 12 Sep 2023 10:24:11 -0400 Subject: [PATCH] Only show 'edit' on published pages when viewer is the owner. Shared pages don't grant edit permissions, so this is good enough. All actual security is enforced in the API, so this just displays (or not) the UI. --- client/src/components/PageDisplay/PageDisplay.vue | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/client/src/components/PageDisplay/PageDisplay.vue b/client/src/components/PageDisplay/PageDisplay.vue index 9994a67a0274..1d1cce61ca3c 100644 --- a/client/src/components/PageDisplay/PageDisplay.vue +++ b/client/src/components/PageDisplay/PageDisplay.vue @@ -9,6 +9,7 @@ :enable_beta_markdown_export="config.enable_beta_markdown_export" :download-endpoint="stsUrl(config)" :export-link="exportUrl" + :read-only="!userOwnsPage" @onEdit="onEdit" /> @@ -22,6 +23,8 @@ import { urlData } from "utils/url"; import { withPrefix } from "utils/redirect"; import ConfigProvider from "components/providers/ConfigProvider"; +import { mapState } from "pinia"; +import { useUserStore } from "@/stores/userStore"; import Markdown from "components/Markdown/Markdown"; import Published from "components/Common/Published"; import PageHtml from "./PageHtml"; @@ -45,6 +48,10 @@ export default { }; }, computed: { + ...mapState(useUserStore, ["currentUser"]), + userOwnsPage() { + return this.currentUser.username === this.page.username; + }, dataUrl() { return `/api/pages/${this.pageId}`; },