sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-19 16:04:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

WIP 4

Browse Source
This commit is contained in:
Philipinho
2025-12-29 22:13:58 +00:00
parent c2e722ee5c
commit 0c3901abf5
15 changed files with 612 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/server/src/collaboration/extensions/authentication.extension.ts
+23 -28
View File
@@ -70,36 +70,31 @@ export class AuthenticationExtension implements Extension {
throw new UnauthorizedException();
}
if (userSpaceRole === SpaceRole.READER) {
data.connection.readOnly = true;
this.logger.debug(`User granted readonly access to page: ${pageId}`);
}
// Check page-level permissions
const { hasRestriction, canAccess, canEdit } =
await this.pagePermissionRepo.getUserPageAccessLevel(user.id, page.id);
// Check page-level permissions (in addition to space permissions)
const canAccessPage = await this.pagePermissionRepo.canUserAccessPage(
user.id,
page.id,
);
if (hasRestriction) {
// Page has restrictions - use page-level permissions
if (!canAccess) {
this.logger.warn(
`User ${user.id} denied page-level access to page: ${pageId}`,
);
throw new UnauthorizedException();
}
if (!canAccessPage) {
this.logger.warn(
`User ${user.id} denied page-level access to page: ${pageId}`,
);
throw new UnauthorizedException();
}
// Check if user can edit (has writer role on all restricted ancestors)
const canEditPage = await this.pagePermissionRepo.canUserEditPage(
user.id,
page.id,
);
// If user has space edit permission but lacks page-level write permission, force readonly
if (!canEditPage && !data.connection.readOnly) {
data.connection.readOnly = true;
this.logger.debug(
`User ${user.id} granted readonly access to restricted page: ${pageId}`,
);
if (!canEdit) {
data.connection.readOnly = true;
this.logger.debug(
`User ${user.id} granted readonly access to restricted page: ${pageId}`,
);
}
} else {
// No restrictions - use space-level permissions
if (userSpaceRole === SpaceRole.READER) {
data.connection.readOnly = true;
this.logger.debug(`User granted readonly access to page: ${pageId}`);
}
}
this.logger.debug(`Authenticated user ${user.id} on page ${pageId}`);