sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-07 06:23:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Philipinho
2026-02-22 07:22:41 +00:00
parent 56ef3e72d4
commit 03d38695ec
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/server/src/core/page-access/page-access.service.ts
+8 -2
View File
@@ -44,7 +44,7 @@ export class PageAccessService {
async validateCanViewWithPermissions(
page: Page,
user: User,
): Promise<{ canEdit: boolean }> {
): Promise<{ canEdit: boolean; hasRestriction: boolean }> {
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
@@ -62,6 +62,7 @@ export class PageAccessService {
canEdit: hasAnyRestriction
? canEdit
: ability.can(SpaceCaslAction.Edit, SpaceCaslSubject.Page),
hasRestriction: hasAnyRestriction,
};
}
@@ -70,7 +71,10 @@ export class PageAccessService {
* If page has restrictions: page-level writer permission determines access.
* If no restrictions: space-level edit permission determines access.
*/
async validateCanEdit(page: Page, user: User): Promise<void> {
async validateCanEdit(
page: Page,
user: User,
): Promise<{ hasRestriction: boolean }> {
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
// User must be at least a space member
@@ -92,5 +96,7 @@ export class PageAccessService {
throw new ForbiddenException();
}
}
return { hasRestriction: hasAnyRestriction };
}
}
apps/server/src/core/page/page.controller.ts
+7 -6
View File
@@ -67,10 +67,10 @@ export class PageController {
throw new NotFoundException('Page not found');
}
const { canEdit } =
const { canEdit, hasRestriction } =
await this.pageAccessService.validateCanViewWithPermissions(page, user);
const permissions = { canEdit };
const permissions = { canEdit, hasRestriction };
if (dto.format && dto.format !== 'json' && page.content) {
const contentOutput =
@@ -124,10 +124,10 @@ export class PageController {
createPageDto,
);
const { canEdit } =
const { canEdit, hasRestriction } =
await this.pageAccessService.validateCanViewWithPermissions(page, user);
const permissions = { canEdit };
const permissions = { canEdit, hasRestriction };
if (
createPageDto.format &&
@@ -153,7 +153,8 @@ export class PageController {
throw new NotFoundException('Page not found');
}
await this.pageAccessService.validateCanEdit(page, user);
const { hasRestriction } =
await this.pageAccessService.validateCanEdit(page, user);
const updatedPage = await this.pageService.update(
page,
@@ -161,7 +162,7 @@ export class PageController {
user,
);
const permissions = { canEdit: true };
const permissions = { canEdit: true, hasRestriction };
if (
updatePageDto.format &&