mirror of
https://github.com/docmost/docmost.git
synced 2026-06-16 06:57:01 +08:00
short circuit sidebar permissions
This commit is contained in:
Philipinho
@@ -298,11 +298,17 @@ export class PageController {
|
|||||||
throw new ForbiddenException();
|
throw new ForbiddenException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const spaceCanEdit = ability.can(
|
||||||
|
SpaceCaslAction.Edit,
|
||||||
|
SpaceCaslSubject.Page,
|
||||||
|
);
|
||||||
|
|
||||||
return this.pageService.getSidebarPages(
|
return this.pageService.getSidebarPages(
|
||||||
spaceId,
|
spaceId,
|
||||||
pagination,
|
pagination,
|
||||||
dto.pageId,
|
dto.pageId,
|
||||||
user.id,
|
user.id,
|
||||||
|
spaceCanEdit,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -183,6 +183,7 @@ export class PageService {
|
|||||||
pagination: PaginationOptions,
|
pagination: PaginationOptions,
|
||||||
pageId?: string,
|
pageId?: string,
|
||||||
userId?: string,
|
userId?: string,
|
||||||
|
spaceCanEdit?: boolean,
|
||||||
): Promise<CursorPaginationResult<Partial<Page> & { hasChildren: boolean }>> {
|
): Promise<CursorPaginationResult<Partial<Page> & { hasChildren: boolean }>> {
|
||||||
let query = this.db
|
let query = this.db
|
||||||
.selectFrom('pages')
|
.selectFrom('pages')
|
||||||
@@ -222,9 +223,17 @@ export class PageService {
|
|||||||
});
|
});
|
||||||
|
|
||||||
if (userId && result.items.length > 0) {
|
if (userId && result.items.length > 0) {
|
||||||
|
const hasRestrictions =
|
||||||
|
await this.pagePermissionRepo.hasRestrictedPagesInSpace(spaceId);
|
||||||
|
|
||||||
|
if (!hasRestrictions) {
|
||||||
|
result.items = result.items.map((p: any) => ({
|
||||||
|
...p,
|
||||||
|
canEdit: spaceCanEdit ?? true,
|
||||||
|
}));
|
||||||
|
} else {
|
||||||
const pageIds = result.items.map((p: any) => p.id);
|
const pageIds = result.items.map((p: any) => p.id);
|
||||||
|
|
||||||
// Single query to get accessible pages with their edit permissions
|
|
||||||
const accessiblePages =
|
const accessiblePages =
|
||||||
await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
|
await this.pagePermissionRepo.filterAccessiblePageIdsWithPermissions(
|
||||||
pageIds,
|
pageIds,
|
||||||
@@ -235,7 +244,6 @@ export class PageService {
|
|||||||
accessiblePages.map((p) => [p.id, p.canEdit]),
|
accessiblePages.map((p) => [p.id, p.canEdit]),
|
||||||
);
|
);
|
||||||
|
|
||||||
// Filter and add canEdit flag in one pass
|
|
||||||
result.items = result.items
|
result.items = result.items
|
||||||
.filter((p: any) => permissionMap.has(p.id))
|
.filter((p: any) => permissionMap.has(p.id))
|
||||||
.map((p: any) => ({
|
.map((p: any) => ({
|
||||||
@@ -243,8 +251,9 @@ export class PageService {
|
|||||||
canEdit: permissionMap.get(p.id),
|
canEdit: permissionMap.get(p.id),
|
||||||
}));
|
}));
|
||||||
|
|
||||||
// For pages with hasChildren: true, verify they have accessible children
|
const pagesWithChildren = result.items.filter(
|
||||||
const pagesWithChildren = result.items.filter((p: any) => p.hasChildren);
|
(p: any) => p.hasChildren,
|
||||||
|
);
|
||||||
if (pagesWithChildren.length > 0) {
|
if (pagesWithChildren.length > 0) {
|
||||||
const parentIds = pagesWithChildren.map((p: any) => p.id);
|
const parentIds = pagesWithChildren.map((p: any) => p.id);
|
||||||
const parentsWithAccessibleChildren =
|
const parentsWithAccessibleChildren =
|
||||||
@@ -252,7 +261,9 @@ export class PageService {
|
|||||||
parentIds,
|
parentIds,
|
||||||
userId,
|
userId,
|
||||||
);
|
);
|
||||||
const hasAccessibleChildrenSet = new Set(parentsWithAccessibleChildren);
|
const hasAccessibleChildrenSet = new Set(
|
||||||
|
parentsWithAccessibleChildren,
|
||||||
|
);
|
||||||
|
|
||||||
result.items = result.items.map((p: any) => ({
|
result.items = result.items.map((p: any) => ({
|
||||||
...p,
|
...p,
|
||||||
@@ -260,6 +271,7 @@ export class PageService {
|
|||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user