Share permissions

apps/server/src/core/share/share.controller.ts

@@ -26,6 +26,7 @@ import {
   UpdateShareDto,
 } from './dto/share.dto';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
 import { PageAccessService } from '../page-access/page-access.service';
 import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
 import { Public } from '../../common/decorators/public.decorator';
@@ -42,6 +43,7 @@ export class ShareController {
     private readonly spaceAbility: SpaceAbilityFactory,
     private readonly shareRepo: ShareRepo,
     private readonly pageRepo: PageRepo,
+    private readonly pagePermissionRepo: PagePermissionRepo,
     private readonly pageAccessService: PageAccessService,
     private readonly environmentService: EnvironmentService,
   ) {}
@@ -126,8 +128,17 @@ export class ShareController {
     }
 
     // User must be able to edit the page to create a share
+    //TODO: i dont think this is neccessary if we prevent restricted pages from getting shared
+    // rather, use space level permission and workspace/space level sharing restriction
     await this.pageAccessService.validateCanEdit(page, user);
 
+    // Prevent sharing restricted pages
+    const isRestricted =
+      await this.pagePermissionRepo.hasRestrictedAncestor(page.id);
+    if (isRestricted) {
+      throw new BadRequestException('Cannot share a restricted page');
+    }
+
     return this.shareService.createShare({
       page,
       authUserId: user.id,