Add new perm to check upon profile instead of userId (#197)

Author: Wardormeur

config/perm/profiles.js

@@ -108,8 +108,8 @@ module.exports = function(){
       'change_avatar': [{
         role: 'basic-user',
         customValidator: [{
-          role: 'cd-users',
-          cmd: 'is_self'
+          role: 'cd-profiles',
+          cmd: 'is_own_profile'
       }]}],
       'get_avatar': [{
         role: 'none',

lib/profiles/is-own-profile.js

@@ -0,0 +1,22 @@
+'use strict';
+var async = require('async');
+var _ = require('lodash');
+
+
+function isOwnProfile (args, cb) {
+  var seneca = this;
+  var plugin = args.role;
+  var userId = args.user.id;
+  var refProfileId = args.params.profileId || args.params.id ;
+  seneca.act({role: 'cd-profiles', cmd: 'load_user_profile', userId: userId}, function(err, profile){
+    if (err) return done(null, {'allowed': false});
+    var isSelf = false;
+    // Could check upon profile, but seems like an overkill to me
+    if( profile.id === refProfileId ){
+      isSelf = true;
+    }
+    return cb(null, {'allowed': isSelf});
+  });
+}
+
+module.exports = isOwnProfile;

profiles.js

@@ -122,6 +122,8 @@ module.exports = function (options) {
   seneca.add({role: plugin, cmd: 'invite_ninja'}, cmd_invite_ninja);
   seneca.add({role: plugin, cmd: 'approve_invite_ninja'}, cmd_approve_invite_ninja);
   seneca.add({role: plugin, cmd: 'ninjas_for_user'}, cmd_ninjas_for_user);
+  //  Perms
+  seneca.add({role: plugin, cmd: 'is_own_profile'}, require('./lib/profiles/is-own-profile'));
 
   function cmd_search (args, done) {
     if (!args.query) {