Only show 'edit' on published pages when viewer is the owner. Shared

pages don't grant edit permissions, so this is good enough. All actual security is enforced in the API, so this just displays (or not) the UI.
dannon · Sep 12, 2023 · c26e5b6 · c26e5b6
1 parent cd50265
commit c26e5b6
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/client/src/components/PageDisplay/PageDisplay.vue b/client/src/components/PageDisplay/PageDisplay.vue
@@ -9,6 +9,7 @@
                         :enable_beta_markdown_export="config.enable_beta_markdown_export"
                         :download-endpoint="stsUrl(config)"
                         :export-link="exportUrl"
+                        :read-only="!userOwnsPage"
                         @onEdit="onEdit" />
                     <PageHtml v-else :page="page" />
                 </div>
@@ -22,6 +23,8 @@
 import { urlData } from "utils/url";
 import { withPrefix } from "utils/redirect";
 import ConfigProvider from "components/providers/ConfigProvider";
+import { mapState } from "pinia";
+import { useUserStore } from "@/stores/userStore";
 import Markdown from "components/Markdown/Markdown";
 import Published from "components/Common/Published";
 import PageHtml from "./PageHtml";
@@ -45,6 +48,10 @@ export default {
         };
     },
     computed: {
+        ...mapState(useUserStore, ["currentUser"]),
+        userOwnsPage() {
+            return this.currentUser.username === this.page.username;
+        },
         dataUrl() {
             return `/api/pages/${this.pageId}`;
         },