sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-16 05:44:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Share permissions

Browse Source
This commit is contained in:
Philipinho
2026-01-02 03:45:39 +00:00
parent 8eb698648e
commit d17efaf26e
3 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/server/src/core/share/share.controller.ts
+11
View File
@@ -26,6 +26,7 @@ import {
UpdateShareDto,
} from './dto/share.dto';
import { PageRepo } from '@docmost/db/repos/page/page.repo';
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
import { PageAccessService } from '../page-access/page-access.service';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { Public } from '../../common/decorators/public.decorator';
@@ -42,6 +43,7 @@ export class ShareController {
private readonly spaceAbility: SpaceAbilityFactory,
private readonly shareRepo: ShareRepo,
private readonly pageRepo: PageRepo,
private readonly pagePermissionRepo: PagePermissionRepo,
private readonly pageAccessService: PageAccessService,
private readonly environmentService: EnvironmentService,
) {}
@@ -126,8 +128,17 @@ export class ShareController {
}
// User must be able to edit the page to create a share
//TODO: i dont think this is neccessary if we prevent restricted pages from getting shared
// rather, use space level permission and workspace/space level sharing restriction
await this.pageAccessService.validateCanEdit(page, user);
// Prevent sharing restricted pages
const isRestricted =
await this.pagePermissionRepo.hasRestrictedAncestor(page.id);
if (isRestricted) {
throw new BadRequestException('Cannot share a restricted page');
}
return this.shareService.createShare({
page,
authUserId: user.id,
apps/server/src/core/share/share.service.ts
+16 -1
View File
@@ -19,6 +19,7 @@ import {
} from '../../common/helpers/prosemirror/utils';
import { Node } from '@tiptap/pm/model';
import { ShareRepo } from '@docmost/db/repos/share/share.repo';
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
import { updateAttachmentAttr } from './share.util';
import { Page } from '@docmost/db/types/entity.types';
import { validate as isValidUUID } from 'uuid';
@@ -31,6 +32,7 @@ export class ShareService {
constructor(
private readonly shareRepo: ShareRepo,
private readonly pageRepo: PageRepo,
private readonly pagePermissionRepo: PagePermissionRepo,
@InjectKysely() private readonly db: KyselyDB,
private readonly tokenService: TokenService,
) {}
@@ -46,7 +48,13 @@ export class ShareService {
includeContent: false,
});
return { share, pageTree: pageList };
// Filter out restricted pages and their descendants
const restrictedIds =
await this.pagePermissionRepo.getRestrictedSubtreeIds(share.pageId);
const restrictedSet = new Set(restrictedIds);
const filteredPages = pageList.filter((page) => !restrictedSet.has(page.id));
return { share, pageTree: filteredPages };
} else {
return { share, pageTree: [] };
}
@@ -112,6 +120,13 @@ export class ShareService {
throw new NotFoundException('Shared page not found');
}
// Block access to restricted pages
const isRestricted =
await this.pagePermissionRepo.hasRestrictedAncestor(page.id);
if (isRestricted) {
throw new NotFoundException('Shared page not found');
}
page.content = await this.updatePublicAttachments(page);
return { page, share };