check

apps/server/src/integrations/export/export.controller.ts

@@ -16,6 +16,7 @@ import { User } from '@docmost/db/types/entity.types';
 import SpaceAbilityFactory from '../../core/casl/abilities/space-ability.factory';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { PageAccessService } from '../../core/page-access/page-access.service';
 import {
   SpaceCaslAction,
   SpaceCaslSubject,
@@ -32,6 +33,7 @@ export class ExportController {
     private readonly exportService: ExportService,
     private readonly pageRepo: PageRepo,
     private readonly spaceAbility: SpaceAbilityFactory,
+    private readonly pageAccessService: PageAccessService,
   ) {}
 
   @UseGuards(JwtAuthGuard)
@@ -50,10 +52,7 @@ export class ExportController {
       throw new NotFoundException('Page not found');
     }
 
-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    await this.pageAccessService.validateCanView(page, user);
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
 
     const zipFileStream = await this.exportService.exportPages(
       dto.pageId,