feat(ee): page-level access/permissions (#1971)

* Add page_hierarchy table * feat(ee): page-level permissions * pagination * rename migration fixes * fix * tabs * fix theme * cleanup * sync * page permissions notification * other fixes * sharing disbled * fix column nodes * toggle error handling
2026-05-16 14:14:06 +08:00 · 2026-02-26 19:49:10 +00:00
parent 22f33bab7c
commit 59e945562d
75 changed files with 4235 additions and 363 deletions
@@ -16,6 +16,7 @@ import { User } from '@docmost/db/types/entity.types';
 import SpaceAbilityFactory from '../../core/casl/abilities/space-ability.factory';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { PageAccessService } from '../../core/page/page-access/page-access.service';
 import {
  SpaceCaslAction,
  SpaceCaslSubject,
@@ -32,6 +33,7 @@ export class ExportController {
    private readonly exportService: ExportService,
    private readonly pageRepo: PageRepo,
    private readonly spaceAbility: SpaceAbilityFactory,
+    private readonly pageAccessService: PageAccessService,
  ) {}

  @UseGuards(JwtAuthGuard)
@@ -50,16 +52,14 @@ export class ExportController {
      throw new NotFoundException('Page not found');
    }

-    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
-    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
-      throw new ForbiddenException();
-    }
+    await this.pageAccessService.validateCanView(page, user);

    const zipFileStream = await this.exportService.exportPages(
      dto.pageId,
      dto.format,
      dto.includeAttachments,
      dto.includeChildren,
+      user.id,
    );

    const fileName = sanitize(page.title || 'untitled') + '.zip';
@@ -82,7 +82,7 @@ export class ExportController {
    @Res() res: FastifyReply,
  ) {
    const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
-    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
      throw new ForbiddenException();
    }

@@ -90,6 +90,7 @@ export class ExportController {
      dto.spaceId,
      dto.format,
      dto.includeAttachments,
+      user.id,
    );

    res.headers({
@@ -25,6 +25,7 @@ import {
  ExportPageMetadata,
 } from '../../common/helpers/types/export-metadata.types';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { Node } from '@tiptap/pm/model';
 import { EditorState } from '@tiptap/pm/state';
 // eslint-disable-next-line @typescript-eslint/no-require-imports
@@ -44,6 +45,7 @@ export class ExportService {

  constructor(
    private readonly pageRepo: PageRepo,
+    private readonly pagePermissionRepo: PagePermissionRepo,
    @InjectKysely() private readonly db: KyselyDB,
    private readonly storageService: StorageService,
    private readonly environmentService: EnvironmentService,
@@ -100,6 +102,8 @@ export class ExportService {
    format: string,
    includeAttachments: boolean,
    includeChildren: boolean,
+    userId?: string,
+    ignorePermissions = false,
  ) {
    let pages: Page[];

@@ -113,7 +117,7 @@ export class ExportService {
      const page = await this.pageRepo.findById(pageId, {
        includeContent: true,
      });
-      if (page){
+      if (page) {
        pages = [page];
      }
    }
@@ -122,14 +126,38 @@ export class ExportService {
      throw new BadRequestException('No pages to export');
    }

+    if (!ignorePermissions && userId) {
+      pages = await this.filterPagesForExport(
+        pages,
+        pageId,
+        userId,
+        pages[0].spaceId,
+      );
+      if (pages.length === 0) {
+        throw new BadRequestException('No accessible pages to export');
+      }
+    }
+
    const parentPageIndex = pages.findIndex((obj) => obj.id === pageId);
+
+    //After filtering by permissions, if the root page itself is not accessible to the user, findIndex returns -1
+    if (parentPageIndex === -1) {
+      throw new BadRequestException('Root page is not accessible');
+    }
    // set to null to make export of pages with parentId work
    pages[parentPageIndex].parentPageId = null;

    const tree = buildTree(pages as Page[]);

    const zip = new JSZip();
-    await this.zipPages(tree, format, zip, includeAttachments);
+    await this.zipPages(
+      tree,
+      format,
+      zip,
+      includeAttachments,
+      userId,
+      ignorePermissions,
+    );

    const zipFile = zip.generateNodeStream({
      type: 'nodebuffer',
@@ -144,10 +172,12 @@ export class ExportService {
    spaceId: string,
    format: string,
    includeAttachments: boolean,
+    userId?: string,
+    ignorePermissions = false,
  ) {
    const space = await this.db
      .selectFrom('spaces')
-      .selectAll()
+      .select(['id', 'name'])
      .where('id', '=', spaceId)
      .executeTakeFirst();

@@ -155,7 +185,7 @@ export class ExportService {
      throw new NotFoundException('Space not found');
    }

-    const pages = await this.db
+    let pages = await this.db
      .selectFrom('pages')
      .select([
        'pages.id',
@@ -174,11 +204,30 @@ export class ExportService {
      .where('deletedAt', 'is', null)
      .execute();

+    if (!ignorePermissions && userId) {
+      pages = await this.filterPagesForExport(
+        pages as Page[],
+        null,
+        userId,
+        spaceId,
+      );
+      if (pages.length === 0) {
+        throw new BadRequestException('No accessible pages to export');
+      }
+    }
+
    const tree = buildTree(pages as Page[]);

    const zip = new JSZip();

-    await this.zipPages(tree, format, zip, includeAttachments);
+    await this.zipPages(
+      tree,
+      format,
+      zip,
+      includeAttachments,
+      userId,
+      ignorePermissions,
+    );

    const zipFile = zip.generateNodeStream({
      type: 'nodebuffer',
@@ -198,6 +247,8 @@ export class ExportService {
    format: string,
    zip: JSZip,
    includeAttachments: boolean,
+    userId?: string,
+    ignorePermissions = false,
  ): Promise<void> {
    const slugIdToPath: Record<string, string> = {};
    const pageIdToFilePath: Record<string, string> = {};
@@ -219,6 +270,8 @@ export class ExportService {
        const prosemirrorJson = await this.turnPageMentionsToLinks(
          getProsemirrorContent(page.content),
          page.workspaceId,
+          userId,
+          ignorePermissions,
        );

        const currentPagePath = slugIdToPath[page.slugId];
@@ -303,10 +356,15 @@ export class ExportService {
    }
  }

-  async turnPageMentionsToLinks(prosemirrorJson: any, workspaceId: string) {
+  async turnPageMentionsToLinks(
+    prosemirrorJson: any,
+    workspaceId: string,
+    userId?: string,
+    ignorePermissions = false,
+  ) {
    const doc = jsonToNode(prosemirrorJson);

-    const pageMentionIds = [];
+    let pageMentionIds: string[] = [];

    doc.descendants((node: Node) => {
      if (node.type.name === 'mention' && node.attrs.entityType === 'page') {
@@ -320,13 +378,31 @@ export class ExportService {
      return prosemirrorJson;
    }

-    const pages = await this.db
-      .selectFrom('pages')
-      .select(['id', 'slugId', 'title', 'creatorId', 'spaceId', 'workspaceId'])
-      .select((eb) => this.pageRepo.withSpace(eb))
-      .where('id', 'in', pageMentionIds)
-      .where('workspaceId', '=', workspaceId)
-      .execute();
+    // Filter to only accessible pages if permissions are enforced
+    if (!ignorePermissions && userId) {
+      pageMentionIds = await this.pagePermissionRepo.filterAccessiblePageIds({
+        pageIds: pageMentionIds,
+        userId,
+      });
+    }
+
+    const pages =
+      pageMentionIds.length > 0
+        ? await this.db
+            .selectFrom('pages')
+            .select([
+              'id',
+              'slugId',
+              'title',
+              'creatorId',
+              'spaceId',
+              'workspaceId',
+            ])
+            .select((eb) => this.pageRepo.withSpace(eb))
+            .where('id', 'in', pageMentionIds)
+            .where('workspaceId', '=', workspaceId)
+            .execute()
+        : [];

    const pageMap = new Map(pages.map((page) => [page.id, page]));

@@ -398,4 +474,52 @@ export class ExportService {

    return updatedDoc.toJSON();
  }
+
+  private async filterPagesForExport(
+    pages: Page[],
+    rootPageId: string | null,
+    userId: string,
+    spaceId: string,
+  ): Promise<Page[]> {
+    if (pages.length === 0) return [];
+
+    const pageIds = pages.map((p) => p.id);
+    const accessibleIds = await this.pagePermissionRepo.filterAccessiblePageIds(
+      {
+        pageIds,
+        userId,
+        spaceId,
+      },
+    );
+    const accessibleSet = new Set(accessibleIds);
+
+    const includedIds = new Set<string>();
+
+    let changed = true;
+    while (changed) {
+      changed = false;
+      for (const page of pages) {
+        if (includedIds.has(page.id)) continue;
+        if (!accessibleSet.has(page.id)) continue;
+
+        // Root page or top-level page in space export
+        if (
+          page.id === rootPageId ||
+          (rootPageId === null && page.parentPageId === null)
+        ) {
+          includedIds.add(page.id);
+          changed = true;
+          continue;
+        }
+
+        // Non-root: include if parent is already included
+        if (page.parentPageId && includedIds.has(page.parentPageId)) {
+          includedIds.add(page.id);
+          changed = true;
+        }
+      }
+    }
+
+    return pages.filter((p) => includedIds.has(p.id));
+  }
 }