page export permission check

2026-05-07 14:43:06 +08:00 · 2026-01-07 00:41:04 +00:00
parent f2de4a1839
commit 077d9723aa
3 changed files with 108 additions and 2 deletions
@@ -572,6 +572,21 @@ export class PagePermissionRepo {
    return !!result;
  }

+  /**
+   * Check if any page in a space has restrictions.
+   * Used as a quick check to skip heavy permission filtering when no restrictions exist.
+   */
+  async hasRestrictedPagesInSpace(spaceId: string): Promise<boolean> {
+    const result = await this.db
+      .selectFrom('pageAccess')
+      .innerJoin('pages', 'pages.id', 'pageAccess.pageId')
+      .select('pageAccess.id')
+      .where('pages.spaceId', '=', spaceId)
+      .executeTakeFirst();
+
+    return !!result;
+  }
+
  /**
   * Given a list of parent page IDs, return which ones have at least one accessible child.
   * Efficient batch query for sidebar hasChildren calculation.
@@ -60,6 +60,7 @@ export class ExportController {
      dto.format,
      dto.includeAttachments,
      dto.includeChildren,
+      user.id,
    );

    const fileName = sanitize(page.title || 'untitled') + '.zip';
@@ -90,6 +91,7 @@ export class ExportController {
      dto.spaceId,
      dto.format,
      dto.includeAttachments,
+      user.id,
    );

    res.headers({
@@ -22,6 +22,7 @@ import {
  updateAttachmentUrlsToLocalPaths,
 } from './utils';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { Node } from '@tiptap/pm/model';
 import { EditorState } from '@tiptap/pm/state';
 // eslint-disable-next-line @typescript-eslint/no-require-imports
@@ -38,6 +39,7 @@ export class ExportService {

  constructor(
    private readonly pageRepo: PageRepo,
+    private readonly pagePermissionRepo: PagePermissionRepo,
    @InjectKysely() private readonly db: KyselyDB,
    private readonly storageService: StorageService,
    private readonly environmentService: EnvironmentService,
@@ -94,6 +96,8 @@ export class ExportService {
    format: string,
    includeAttachments: boolean,
    includeChildren: boolean,
+    userId?: string,
+    ignorePermissions = false,
  ) {
    let pages: Page[];

@@ -107,7 +111,7 @@ export class ExportService {
      const page = await this.pageRepo.findById(pageId, {
        includeContent: true,
      });
-      if (page){
+      if (page) {
        pages = [page];
      }
    }
@@ -116,7 +120,24 @@ export class ExportService {
      throw new BadRequestException('No pages to export');
    }

+    if (!ignorePermissions && userId) {
+      pages = await this.filterPagesForExport(
+        pages,
+        pageId,
+        userId,
+        pages[0].spaceId,
+      );
+      if (pages.length === 0) {
+        throw new BadRequestException('No accessible pages to export');
+      }
+    }
+
    const parentPageIndex = pages.findIndex((obj) => obj.id === pageId);
+
+    //After filtering by permissions, if the root page itself is not accessible to the user, findIndex returns -1
+    if (parentPageIndex === -1) {
+      throw new BadRequestException('Root page is not accessible');
+    }
    // set to null to make export of pages with parentId work
    pages[parentPageIndex].parentPageId = null;

@@ -138,6 +159,8 @@ export class ExportService {
    spaceId: string,
    format: string,
    includeAttachments: boolean,
+    userId?: string,
+    ignorePermissions = false,
  ) {
    const space = await this.db
      .selectFrom('spaces')
@@ -149,7 +172,7 @@ export class ExportService {
      throw new NotFoundException('Space not found');
    }

-    const pages = await this.db
+    let pages = await this.db
      .selectFrom('pages')
      .select([
        'pages.id',
@@ -161,8 +184,21 @@ export class ExportService {
        'pages.workspaceId',
      ])
      .where('spaceId', '=', spaceId)
+      .where('deletedAt', 'is', null)
      .execute();

+    if (!ignorePermissions && userId) {
+      pages = await this.filterPagesForExport(
+        pages as Page[],
+        null,
+        userId,
+        spaceId,
+      );
+      if (pages.length === 0) {
+        throw new BadRequestException('No accessible pages to export');
+      }
+    }
+
    const tree = buildTree(pages as Page[]);

    const zip = new JSZip();
@@ -362,4 +398,57 @@ export class ExportService {

    return updatedDoc.toJSON();
  }
+
+  private async filterPagesForExport(
+    pages: Page[],
+    rootPageId: string | null,
+    userId: string,
+    spaceId: string,
+  ): Promise<Page[]> {
+    if (pages.length === 0) return [];
+
+    // skip heavy filtering if no restrictions exist in this space
+    const hasRestrictions =
+      await this.pagePermissionRepo.hasRestrictedPagesInSpace(spaceId);
+    if (!hasRestrictions) {
+      return pages;
+    }
+
+    const pageIds = pages.map((p) => p.id);
+    const accessiblePages =
+      await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
+        pageIds,
+        userId,
+      );
+    const accessibleSet = new Set(accessiblePages.map((p) => p.id));
+
+    const includedIds = new Set<string>();
+
+    let changed = true;
+    while (changed) {
+      changed = false;
+      for (const page of pages) {
+        if (includedIds.has(page.id)) continue;
+        if (!accessibleSet.has(page.id)) continue;
+
+        // Root page or top-level page in space export
+        if (
+          page.id === rootPageId ||
+          (rootPageId === null && page.parentPageId === null)
+        ) {
+          includedIds.add(page.id);
+          changed = true;
+          continue;
+        }
+
+        // Non-root: include if parent is already included
+        if (page.parentPageId && includedIds.has(page.parentPageId)) {
+          includedIds.add(page.id);
+          changed = true;
+        }
+      }
+    }
+
+    return pages.filter((p) => includedIds.has(p.id));
+  }
 }