Replace owner with creator

Author: CarsonF

dbschema/comments.esdl

@@ -3,7 +3,7 @@ module Comments {
     commentThreads := .<container[is Thread];
   }
 
-  type Thread extending default::Resource, Mixin::Embedded, Mixin::Owned {
+  type Thread extending default::Resource, Mixin::Embedded {
     overloaded required single link container: Aware {
       on target delete delete source;
     };
@@ -12,7 +12,7 @@ module Comments {
     latestComment := (select .comments order by .createdAt desc limit 1);
   }
 
-  type Comment extending default::Resource, Mixin::Owned {
+  type Comment extending default::Resource {
     required thread: Thread {
       on target delete delete source;
     };

dbschema/post.esdl

@@ -1,5 +1,5 @@
 module default {
-  type Post extending Resource, Mixin::Embedded, Mixin::Owned {
+  type Post extending Resource, Mixin::Embedded {
     overloaded required single link container: Mixin::Postable {
       on target delete delete source;
     };

dbschema/progress-report.esdl

@@ -54,7 +54,7 @@ module ProgressReport {
   module Media {
     type VariantGroup;
   }
-  type Media extending ProgressReport::Child, Mixin::Owned {
+  type Media extending ProgressReport::Child {
     required file: default::File;
     required single media := assert_exists(.file.media);
 

dbschema/user.esdl

@@ -1,5 +1,5 @@
 module default {
-  type User extending Resource, Mixin::Pinnable, Mixin::Owned {
+  type User extending Resource, Mixin::Pinnable {
     email: str {
       constraint exclusive;
     };

dbschema/z.owned.esdl

@@ -8,6 +8,8 @@ module Mixin {
       default := default::currentUser;
       rewrite update using (default::currentUser);
     };
+
+    required isCreator := .createdBy ?= <default::User>(global default::currentUserId) 
   }
 
   abstract type Timestamped {

dbschema/z.stamped.esdl

@@ -1,4 +1,4 @@
-import { owner, Policy } from '../util';
+import { creator, Policy } from '../util';
 
-@Policy('all', (r) => r.ProgressReportMedia.when(owner).edit.delete)
+@Policy('all', (r) => r.ProgressReportMedia.when(creator).edit.delete)
 export class ProgressReportMediaOwnerPolicy {}

src/components/authorization/policies/by-feature/progress-report-media-owner.policy.ts

@@ -1,8 +1,8 @@
-import { owner, Policy } from '../util';
+import { creator, Policy } from '../util';
 
-@Policy('all', (r) => [
-  r.Post.when(owner).edit.delete,
-  r.CommentThread.when(owner).edit.delete,
-  r.Comment.when(owner).edit.delete,
-])
+@Policy('all', (r) =>
+  [r.Post, r.CommentThread, r.Comment].flatMap(
+    (it) => it.when(creator).edit.delete,
+  ),
+)
 export class UserCanManageOwnCommentsPolicy {}

src/components/authorization/policies/by-feature/user-can-manage-own-comments.policy.ts

@@ -1,10 +1,10 @@
-import { owner, Policy } from '../util';
+import { creator, Policy } from '../util';
 
 @Policy('all', (r) => [
   [
     r.ProgressReportCommunityStory,
     r.ProgressReportHighlight,
     r.ProgressReportTeamNews,
-  ].map((it) => it.specifically((p) => p.prompt.when(owner).edit)),
+  ].map((it) => it.specifically((p) => p.prompt.when(creator).edit)),
 ])
 export class UserCanManageOwnPromptsPolicy {}

src/components/authorization/policies/by-feature/user-can-manage-own-prompts.policy.ts

@@ -10,7 +10,6 @@ import {
   unwrapSecured,
 } from '~/common';
 import { type LinkTo } from '~/core/resources';
-import { User } from '../../../user/dto';
 import {
   AsCypherParams,
   Condition,
@@ -23,19 +22,15 @@ export interface HasCreator {
   creator: MaybeSecuredProp<ID | LinkTo<'User'>>;
 }
 
-class OwnerCondition<
-  TResourceStatic extends ResourceShape<HasCreator> | typeof User,
-> implements Condition<TResourceStatic>
+class CreatorCondition<TResourceStatic extends ResourceShape<HasCreator>>
+  implements Condition<TResourceStatic>
 {
-  isAllowed({ object, resource, session }: IsAllowedParams<TResourceStatic>) {
+  isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {
     if (!object) {
       throw new Error("Needed object but wasn't given");
     }
 
     const creator = (() => {
-      if (resource.is(User)) {
-        return (object as MaybeSecured<User>).id;
-      }
       const o = object as MaybeSecured<HasCreator>;
       const creator = unwrapSecured(o.creator);
       if (!creator) {
@@ -58,10 +53,10 @@ class OwnerCondition<
     prevApplied: Set<any>,
     other: AsCypherParams<TResourceStatic>,
   ) {
-    if (prevApplied.has('owner')) {
+    if (prevApplied.has('creator')) {
       return query;
     }
-    prevApplied.add('owner');
+    prevApplied.add('creator');
 
     const param = query.params.addParam(other.session.userId, CQL_VAR);
     Reflect.set(other, CQL_VAR, param);
@@ -71,9 +66,6 @@ class OwnerCondition<
 
   asCypherCondition(_query: Query, other: AsCypherParams<TResourceStatic>) {
     const requester = String(Reflect.get(other, CQL_VAR));
-    if (other.resource.is(User)) {
-      return `node:User AND node.id = ${requester}`;
-    }
     return [
       `node.creator = ${requester}`,
       `exists((node)-[:creator { active: true }]->(:Property { value: ${requester} }))`,
@@ -82,7 +74,7 @@ class OwnerCondition<
   }
 
   asEdgeQLCondition() {
-    return '(.isOwner ?? false)';
+    return '.isCreator';
   }
 
   union(this: void, conditions: this[]) {
@@ -94,11 +86,11 @@ class OwnerCondition<
   }
 
   [inspect.custom](_depth: number, _options: InspectOptionsStylized) {
-    return `Owner`;
+    return `Creator`;
   }
 }
 
 /**
- * The following actions only apply if the requester is the "owner" of the given object.
+ * The following actions only apply if the requester is the "creator" of the given object.
  */
-export const owner = new OwnerCondition();
+export const creator = new CreatorCondition();