mirror of
https://github.com/docmost/docmost.git
synced 2026-05-07 06:23:06 +08:00
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Philipinho
|
3bf3ca14cd | ||
|
Philipinho
|
5012a68d85 | ||
|
Philip Okugbe
|
5a3377790e | ||
|
Philip Okugbe
|
3b85f4b616 | ||
|
Philipinho
|
cb2a0398c7 | ||
|
Philip Okugbe
|
95b7be61df | ||
|
Philip Okugbe
|
b0c557272d | ||
|
Philip Okugbe
|
dddfd48934 | ||
|
Philipinho
|
aa6eec754e | ||
|
Philip Okugbe
|
97a7701f5d | ||
|
Philipinho
|
b97eb85d05 | ||
|
Philipinho
|
1615e0f4ad | ||
|
Philip Okugbe
|
1cb2535de3 | ||
|
Philipinho
|
83bc273cb0 |
+4
-1
@@ -43,4 +43,7 @@ POSTMARK_TOKEN=
|
||||
# for custom drawio server
|
||||
DRAWIO_URL=
|
||||
|
||||
DISABLE_TELEMETRY=false
|
||||
DISABLE_TELEMETRY=false
|
||||
|
||||
# Enable debug logging in production (default: false)
|
||||
DEBUG_MODE=false
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "client",
|
||||
"private": true,
|
||||
"version": "0.22.1",
|
||||
"version": "0.22.2",
|
||||
"scripts": {
|
||||
"dev": "vite",
|
||||
"build": "tsc && vite build",
|
||||
|
||||
@@ -34,7 +34,7 @@ import { useTrackOrigin } from "@/hooks/use-track-origin";
|
||||
import SpacesPage from "@/pages/spaces/spaces.tsx";
|
||||
import { MfaChallengePage } from "@/ee/mfa/pages/mfa-challenge-page";
|
||||
import { MfaSetupRequiredPage } from "@/ee/mfa/pages/mfa-setup-required-page";
|
||||
import SpaceTrash from "@/pages/space/trash.tsx";
|
||||
import SpaceTrash from "@/pages/space/space-trash.tsx";
|
||||
|
||||
export default function App() {
|
||||
const { t } = useTranslation();
|
||||
@@ -50,10 +50,7 @@ export default function App() {
|
||||
<Route path={"/forgot-password"} element={<ForgotPassword />} />
|
||||
<Route path={"/password-reset"} element={<PasswordReset />} />
|
||||
<Route path={"/login/mfa"} element={<MfaChallengePage />} />
|
||||
<Route
|
||||
path={"/login/mfa/setup"}
|
||||
element={<MfaSetupRequiredPage />}
|
||||
/>
|
||||
<Route path={"/login/mfa/setup"} element={<MfaSetupRequiredPage />} />
|
||||
|
||||
{!isCloud() && (
|
||||
<Route path={"/setup/register"} element={<SetupWorkspace />} />
|
||||
|
||||
@@ -29,19 +29,22 @@ export default function ExportModal({
|
||||
}: ExportModalProps) {
|
||||
const [format, setFormat] = useState<ExportFormat>(ExportFormat.Markdown);
|
||||
const [includeChildren, setIncludeChildren] = useState<boolean>(false);
|
||||
const [includeAttachments, setIncludeAttachments] = useState<boolean>(true);
|
||||
const [includeAttachments, setIncludeAttachments] = useState<boolean>(false);
|
||||
const { t } = useTranslation();
|
||||
|
||||
const handleExport = async () => {
|
||||
try {
|
||||
if (type === "page") {
|
||||
await exportPage({ pageId: id, format, includeChildren });
|
||||
await exportPage({
|
||||
pageId: id,
|
||||
format,
|
||||
includeChildren,
|
||||
includeAttachments,
|
||||
});
|
||||
}
|
||||
if (type === "space") {
|
||||
await exportSpace({ spaceId: id, format, includeAttachments });
|
||||
}
|
||||
setIncludeChildren(false);
|
||||
setIncludeAttachments(true);
|
||||
onClose();
|
||||
} catch (err) {
|
||||
notifications.show({
|
||||
@@ -96,6 +99,18 @@ export default function ExportModal({
|
||||
checked={includeChildren}
|
||||
/>
|
||||
</Group>
|
||||
|
||||
<Group justify="space-between" wrap="nowrap" mt="md">
|
||||
<div>
|
||||
<Text size="md">{t("Include attachments")}</Text>
|
||||
</div>
|
||||
<Switch
|
||||
onChange={(event) =>
|
||||
setIncludeAttachments(event.currentTarget.checked)
|
||||
}
|
||||
checked={includeAttachments}
|
||||
/>
|
||||
</Group>
|
||||
</>
|
||||
)}
|
||||
|
||||
|
||||
@@ -47,10 +47,6 @@ function CommentListWithTabs() {
|
||||
SpaceCaslSubject.Page
|
||||
);
|
||||
|
||||
console.log(spaceAbility)
|
||||
|
||||
console.log('can comment', canComment);
|
||||
|
||||
// Separate active and resolved comments
|
||||
const { activeComments, resolvedComments } = useMemo(() => {
|
||||
if (!comments?.items) {
|
||||
|
||||
@@ -1,105 +0,0 @@
|
||||
import { Modal, Button, Group, Text, Select, Switch } from "@mantine/core";
|
||||
import { exportPage } from "@/features/page/services/page-service.ts";
|
||||
import { useState } from "react";
|
||||
import * as React from "react";
|
||||
import { ExportFormat } from "@/features/page/types/page.types.ts";
|
||||
import { notifications } from "@mantine/notifications";
|
||||
import { useTranslation } from "react-i18next";
|
||||
|
||||
interface PageExportModalProps {
|
||||
pageId: string;
|
||||
open: boolean;
|
||||
onClose: () => void;
|
||||
}
|
||||
|
||||
export default function PageExportModal({
|
||||
pageId,
|
||||
open,
|
||||
onClose,
|
||||
}: PageExportModalProps) {
|
||||
const { t } = useTranslation();
|
||||
const [format, setFormat] = useState<ExportFormat>(ExportFormat.Markdown);
|
||||
|
||||
const handleExport = async () => {
|
||||
try {
|
||||
await exportPage({ pageId: pageId, format });
|
||||
onClose();
|
||||
} catch (err) {
|
||||
notifications.show({
|
||||
message: t("Export failed:") + err.response?.data.message,
|
||||
color: "red",
|
||||
});
|
||||
console.error("export error", err);
|
||||
}
|
||||
};
|
||||
|
||||
const handleChange = (format: ExportFormat) => {
|
||||
setFormat(format);
|
||||
};
|
||||
|
||||
return (
|
||||
<Modal.Root
|
||||
opened={open}
|
||||
onClose={onClose}
|
||||
size={500}
|
||||
padding="xl"
|
||||
yOffset="10vh"
|
||||
xOffset={0}
|
||||
mah={400}
|
||||
>
|
||||
<Modal.Overlay />
|
||||
<Modal.Content style={{ overflow: "hidden" }}>
|
||||
<Modal.Header py={0}>
|
||||
<Modal.Title fw={500}>{t("Export page")}</Modal.Title>
|
||||
<Modal.CloseButton />
|
||||
</Modal.Header>
|
||||
<Modal.Body>
|
||||
<Group justify="space-between" wrap="nowrap">
|
||||
<div>
|
||||
<Text size="md">{t("Format")}</Text>
|
||||
</div>
|
||||
<ExportFormatSelection format={format} onChange={handleChange} />
|
||||
</Group>
|
||||
|
||||
<Group justify="space-between" wrap="nowrap" pt="md">
|
||||
<div>
|
||||
<Text size="md">{t("Include subpages")}</Text>
|
||||
</div>
|
||||
<Switch defaultChecked />
|
||||
</Group>
|
||||
|
||||
<Group justify="center" mt="md">
|
||||
<Button onClick={onClose} variant="default">
|
||||
{t("Cancel")}
|
||||
</Button>
|
||||
<Button onClick={handleExport}>{t("Export")}</Button>
|
||||
</Group>
|
||||
</Modal.Body>
|
||||
</Modal.Content>
|
||||
</Modal.Root>
|
||||
);
|
||||
}
|
||||
|
||||
interface ExportFormatSelection {
|
||||
format: ExportFormat;
|
||||
onChange: (value: string) => void;
|
||||
}
|
||||
function ExportFormatSelection({ format, onChange }: ExportFormatSelection) {
|
||||
const { t } = useTranslation();
|
||||
|
||||
return (
|
||||
<Select
|
||||
data={[
|
||||
{ value: "markdown", label: "Markdown" },
|
||||
{ value: "html", label: "HTML" },
|
||||
]}
|
||||
defaultValue={format}
|
||||
onChange={onChange}
|
||||
styles={{ wrapper: { maxWidth: 120 } }}
|
||||
comboboxProps={{ width: "120" }}
|
||||
allowDeselect={false}
|
||||
withCheckIcon={false}
|
||||
aria-label={t("Select export format")}
|
||||
/>
|
||||
);
|
||||
}
|
||||
@@ -126,8 +126,9 @@ export function useUpdatePageMutation() {
|
||||
export function useRemovePageMutation() {
|
||||
return useMutation({
|
||||
mutationFn: (pageId: string) => deletePage(pageId, false),
|
||||
onSuccess: () => {
|
||||
onSuccess: (_, pageId) => {
|
||||
notifications.show({ message: "Page moved to trash" });
|
||||
invalidateOnDeletePage(pageId);
|
||||
queryClient.invalidateQueries({
|
||||
predicate: (item) =>
|
||||
["trash-list"].includes(item.queryKey[0] as string),
|
||||
|
||||
+1
-1
@@ -32,7 +32,7 @@ import { UserInfo } from "@/components/common/user-info.tsx";
|
||||
import Paginate from "@/components/common/paginate.tsx";
|
||||
import { usePaginateAndSearch } from "@/hooks/use-paginate-and-search";
|
||||
|
||||
export default function SpaceTrash() {
|
||||
export default function Trash() {
|
||||
const { t } = useTranslation();
|
||||
const { spaceSlug } = useParams();
|
||||
const { page, setPage } = usePaginateAndSearch();
|
||||
@@ -79,6 +79,7 @@ export interface IExportPageParams {
|
||||
pageId: string;
|
||||
format: ExportFormat;
|
||||
includeChildren?: boolean;
|
||||
includeAttachments?: boolean;
|
||||
}
|
||||
|
||||
export enum ExportFormat {
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
import Trash from "@/features/page/trash/components/trash.tsx";
|
||||
import { useParams } from "react-router-dom";
|
||||
import { useGetSpaceBySlugQuery } from "@/features/space/queries/space-query.ts";
|
||||
import { useSpaceAbility } from "@/features/space/permissions/use-space-ability.ts";
|
||||
import React from "react";
|
||||
import {
|
||||
SpaceCaslAction,
|
||||
SpaceCaslSubject,
|
||||
} from "@/features/space/permissions/permissions.type.ts";
|
||||
|
||||
export default function SpaceTrash() {
|
||||
const { spaceSlug } = useParams();
|
||||
const { data: space } = useGetSpaceBySlugQuery(spaceSlug);
|
||||
|
||||
const spaceRules = space?.membership?.permissions;
|
||||
const spaceAbility = useSpaceAbility(spaceRules);
|
||||
|
||||
if (!space) {
|
||||
return <></>;
|
||||
}
|
||||
|
||||
if (spaceAbility.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
return <></>;
|
||||
}
|
||||
|
||||
return <Trash />;
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "server",
|
||||
"version": "0.22.1",
|
||||
"version": "0.22.2",
|
||||
"description": "",
|
||||
"author": "",
|
||||
"private": true,
|
||||
|
||||
@@ -10,6 +10,12 @@ export enum SpaceRole {
|
||||
READER = 'reader', // can only read pages in space
|
||||
}
|
||||
|
||||
export enum PageRole {
|
||||
WRITER = 'writer', // can read and write pages in space
|
||||
READER = 'reader', // can only read pages in space
|
||||
RESTRICTED = 'restricted', // cannot access page
|
||||
}
|
||||
|
||||
export enum SpaceVisibility {
|
||||
OPEN = 'open', // any workspace member can see that it exists and join.
|
||||
PRIVATE = 'private', // only added space users can see
|
||||
|
||||
@@ -12,10 +12,14 @@ export class InternalLogFilter extends ConsoleLogger {
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
this.allowedLogLevels =
|
||||
process.env.NODE_ENV === 'production'
|
||||
? ['log', 'error', 'fatal']
|
||||
: ['log', 'debug', 'verbose', 'warn', 'error', 'fatal'];
|
||||
const isProduction = process.env.NODE_ENV === 'production';
|
||||
const isDebugMode = process.env.DEBUG_MODE === 'true';
|
||||
|
||||
if (isProduction && !isDebugMode) {
|
||||
this.allowedLogLevels = ['log', 'error', 'fatal'];
|
||||
} else {
|
||||
this.allowedLogLevels = ['log', 'debug', 'verbose', 'warn', 'error', 'fatal'];
|
||||
}
|
||||
}
|
||||
|
||||
private isLogLevelAllowed(level: string): boolean {
|
||||
|
||||
@@ -0,0 +1,168 @@
|
||||
import { Injectable, Logger, NotFoundException } from '@nestjs/common';
|
||||
import {
|
||||
AbilityBuilder,
|
||||
createMongoAbility,
|
||||
MongoAbility,
|
||||
} from '@casl/ability';
|
||||
import { PageRole, SpaceRole } from '../../../common/helpers/types/permission';
|
||||
import { User } from '@docmost/db/types/entity.types';
|
||||
import {
|
||||
PagePermissionRepo,
|
||||
PageMemberRole,
|
||||
} from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
import { PageRepo } from '@docmost/db/repos/page/page.repo';
|
||||
import {
|
||||
PageCaslAction,
|
||||
IPageAbility,
|
||||
PageCaslSubject,
|
||||
} from '../interfaces/page-ability.type';
|
||||
import { findHighestUserSpaceRole } from '@docmost/db/repos/Space/utils';
|
||||
import { UserSpaceRole } from '@docmost/db/repos/space/types';
|
||||
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
|
||||
|
||||
@Injectable()
|
||||
export default class PageAbilityFactory {
|
||||
private readonly logger = new Logger(PageAbilityFactory.name);
|
||||
|
||||
constructor(
|
||||
private readonly pagePermissionRepo: PagePermissionRepo,
|
||||
private readonly pageRepo: PageRepo,
|
||||
private readonly spaceMemberRepo: SpaceMemberRepo,
|
||||
) {}
|
||||
|
||||
async createForUser(user: User, pageId: string) {
|
||||
user.id = '0197750c-a70c-73a6-83ad-65a193433f5c';
|
||||
|
||||
// This opens the possibility to share pages with individual users from other Spaces
|
||||
|
||||
/*
|
||||
//TODO: we might account for space permission here too.
|
||||
// we could just do it all here. no need to call two abilities.
|
||||
const userSpaceRoles = await this.spaceMemberRepo.getUserSpaceRoles(
|
||||
user.id,
|
||||
spaceId,
|
||||
);
|
||||
*/
|
||||
|
||||
// const userPageRole = findHighestUserPageRole(userPageRoles);
|
||||
// if no role abort
|
||||
|
||||
// Check page-level permissions first if pageId provided
|
||||
|
||||
const permission = await this.pagePermissionRepo.getUserPagePermission({
|
||||
pageId: pageId,
|
||||
userId: user.id,
|
||||
});
|
||||
|
||||
// does it pick one? what if the user has permissions via groups? what roles takes precedence?
|
||||
|
||||
if (!permission) {
|
||||
//TODO: it means we should use the space level permission
|
||||
// need deeper understanding here though
|
||||
// call the space factory?
|
||||
}
|
||||
|
||||
this.logger.log('permissions', permission);
|
||||
if (permission) {
|
||||
// make sure the permission is for this page
|
||||
// or cascaded/inherited from a parent page
|
||||
this.logger.debug('role', permission.role, 'cascade', permission.cascade);
|
||||
if (permission.pageId !== pageId && !permission.cascade) {
|
||||
this.logger.debug('no permission');
|
||||
// No explicit access and not inheriting - deny
|
||||
return new AbilityBuilder<MongoAbility<IPageAbility>>(
|
||||
createMongoAbility,
|
||||
).build();
|
||||
}
|
||||
}
|
||||
|
||||
// if no permission should we use space permission here?
|
||||
// if non, skip for default to take precedence
|
||||
|
||||
switch (permission.role) {
|
||||
case PageRole.WRITER:
|
||||
return buildPageWriterAbility();
|
||||
case PageRole.READER:
|
||||
return buildPageReaderAbility();
|
||||
case PageRole.RESTRICTED:
|
||||
return buildPageRestrictedAbility();
|
||||
default:
|
||||
throw new NotFoundException('Page permissions not found');
|
||||
}
|
||||
}
|
||||
|
||||
private buildAbilityForRole(role: string) {
|
||||
switch (role) {
|
||||
case PageRole.WRITER:
|
||||
return buildPageWriterAbility();
|
||||
case PageRole.READER:
|
||||
return buildPageReaderAbility();
|
||||
case PageRole.RESTRICTED:
|
||||
return buildPageRestrictedAbility();
|
||||
default:
|
||||
return new AbilityBuilder<MongoAbility<IPageAbility>>(
|
||||
createMongoAbility,
|
||||
).build();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function buildPageWriterAbility() {
|
||||
const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
|
||||
createMongoAbility,
|
||||
);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Settings);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Member);
|
||||
can(PageCaslAction.Manage, PageCaslSubject.Page);
|
||||
can(PageCaslAction.Manage, PageCaslSubject.Share);
|
||||
return build();
|
||||
}
|
||||
|
||||
function buildPageReaderAbility() {
|
||||
const { can, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
|
||||
createMongoAbility,
|
||||
);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Settings);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Member);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Page);
|
||||
can(PageCaslAction.Read, PageCaslSubject.Share);
|
||||
return build();
|
||||
}
|
||||
|
||||
function buildPageRestrictedAbility() {
|
||||
const { cannot, build } = new AbilityBuilder<MongoAbility<IPageAbility>>(
|
||||
createMongoAbility,
|
||||
);
|
||||
cannot(PageCaslAction.Read, PageCaslSubject.Settings);
|
||||
cannot(PageCaslAction.Read, PageCaslSubject.Member);
|
||||
cannot(PageCaslAction.Read, PageCaslSubject.Page);
|
||||
cannot(PageCaslAction.Read, PageCaslSubject.Share);
|
||||
return build();
|
||||
}
|
||||
|
||||
export interface UserPageRole {
|
||||
userId: string;
|
||||
role: string;
|
||||
}
|
||||
|
||||
export function findHighestUserPageRole(userPageRoles: UserPageRole[]) {
|
||||
//TODO: perhaps, we want the lowest here?
|
||||
if (!userPageRoles) {
|
||||
return undefined;
|
||||
}
|
||||
|
||||
const roleOrder: { [key in PageRole]: number } = {
|
||||
[PageRole.WRITER]: 3,
|
||||
[PageRole.READER]: 2,
|
||||
[PageRole.RESTRICTED]: 1,
|
||||
};
|
||||
let highestRole: string;
|
||||
|
||||
for (const userPageRole of userPageRoles) {
|
||||
const currentRole = userPageRole.role;
|
||||
if (!highestRole || roleOrder[currentRole] > roleOrder[highestRole]) {
|
||||
highestRole = currentRole;
|
||||
}
|
||||
}
|
||||
return highestRole;
|
||||
}
|
||||
@@ -1,10 +1,11 @@
|
||||
import { Global, Module } from '@nestjs/common';
|
||||
import SpaceAbilityFactory from './abilities/space-ability.factory';
|
||||
import WorkspaceAbilityFactory from './abilities/workspace-ability.factory';
|
||||
import PageAbilityFactory from './abilities/page-ability.factory';
|
||||
|
||||
@Global()
|
||||
@Module({
|
||||
providers: [WorkspaceAbilityFactory, SpaceAbilityFactory],
|
||||
exports: [WorkspaceAbilityFactory, SpaceAbilityFactory],
|
||||
providers: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
|
||||
exports: [WorkspaceAbilityFactory, SpaceAbilityFactory, PageAbilityFactory],
|
||||
})
|
||||
export class CaslModule {}
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
export enum PageCaslAction {
|
||||
Manage = 'manage',
|
||||
Create = 'create',
|
||||
Read = 'read',
|
||||
Edit = 'edit',
|
||||
Delete = 'delete',
|
||||
}
|
||||
export enum PageCaslSubject {
|
||||
Settings = 'settings',
|
||||
Member = 'member',
|
||||
Page = 'page',
|
||||
Share = 'share',
|
||||
}
|
||||
|
||||
export type IPageAbility =
|
||||
| [PageCaslAction, PageCaslSubject.Settings]
|
||||
| [PageCaslAction, PageCaslSubject.Member]
|
||||
| [PageCaslAction, PageCaslSubject.Page]
|
||||
| [PageCaslAction, PageCaslSubject.Share];
|
||||
@@ -43,7 +43,7 @@ export class CommentController {
|
||||
@AuthWorkspace() workspace: Workspace,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(createCommentDto.pageId);
|
||||
if (!page) {
|
||||
if (!page || page.deletedAt) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
@@ -90,7 +90,10 @@ export class CommentController {
|
||||
throw new NotFoundException('Comment not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, comment.spaceId);
|
||||
const ability = await this.spaceAbility.createForUser(
|
||||
user,
|
||||
comment.spaceId,
|
||||
);
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
import { ArrayMaxSize, IsArray, IsBoolean, IsEnum, IsOptional, IsUUID } from 'class-validator';
|
||||
import { PageIdDto } from './page.dto';
|
||||
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
|
||||
export class AddPageMembersDto extends PageIdDto {
|
||||
@IsEnum(PageMemberRole)
|
||||
role: string;
|
||||
// optional
|
||||
@IsArray()
|
||||
@ArrayMaxSize(25, {
|
||||
message: 'userIds must be an array with no more than 25 elements',
|
||||
})
|
||||
@IsUUID('all', { each: true })
|
||||
userIds: string[];
|
||||
|
||||
@IsOptional()
|
||||
@IsArray()
|
||||
@ArrayMaxSize(25, {
|
||||
message: 'groupIds must be an array with no more than 25 elements',
|
||||
})
|
||||
@IsUUID('all', { each: true })
|
||||
groupIds: string[];
|
||||
|
||||
@IsBoolean()
|
||||
@IsOptional()
|
||||
cascade?: boolean; // Apply to all child pages
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
import { IsOptional, IsString } from 'class-validator';
|
||||
import { IsNotEmpty, IsString } from 'class-validator';
|
||||
|
||||
export class DeletedPageDto {
|
||||
@IsOptional()
|
||||
@IsNotEmpty()
|
||||
@IsString()
|
||||
spaceId: string;
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
import { IsOptional, IsNumber, IsString, Min, Max } from 'class-validator';
|
||||
import { PageIdDto } from './page.dto';
|
||||
import { Type } from 'class-transformer';
|
||||
|
||||
export class GetPageMembersDto extends PageIdDto {
|
||||
@IsOptional()
|
||||
@Type(() => Number)
|
||||
@IsNumber()
|
||||
@Min(1)
|
||||
page?: number = 1;
|
||||
|
||||
@IsOptional()
|
||||
@Type(() => Number)
|
||||
@IsNumber()
|
||||
@Min(1)
|
||||
@Max(100)
|
||||
limit?: number = 20;
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
query?: string;
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
import { IsUUID } from 'class-validator';
|
||||
import { PageIdDto } from './page.dto';
|
||||
|
||||
export class RemovePageMemberDto extends PageIdDto {
|
||||
@IsUUID()
|
||||
memberId: string;
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
import { IsEnum, IsUUID } from 'class-validator';
|
||||
import { PageIdDto } from './page.dto';
|
||||
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
|
||||
export class UpdatePageMemberRoleDto extends PageIdDto {
|
||||
@IsUUID()
|
||||
memberId: string;
|
||||
|
||||
@IsEnum(PageMemberRole)
|
||||
role: string;
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
import { IsBoolean, IsEnum, IsOptional, IsUUID } from 'class-validator';
|
||||
import { PageMemberRole } from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
|
||||
export class UpdatePagePermissionDto {
|
||||
@IsUUID()
|
||||
pageId: string;
|
||||
|
||||
@IsUUID()
|
||||
@IsOptional()
|
||||
userId?: string;
|
||||
|
||||
@IsUUID()
|
||||
@IsOptional()
|
||||
groupId?: string;
|
||||
|
||||
@IsEnum(PageMemberRole)
|
||||
role: string;
|
||||
|
||||
@IsBoolean()
|
||||
cascade: boolean; // Apply to all child pages
|
||||
}
|
||||
@@ -32,9 +32,24 @@ import {
|
||||
} from '../casl/interfaces/space-ability.type';
|
||||
import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
|
||||
import { PageRepo } from '@docmost/db/repos/page/page.repo';
|
||||
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
|
||||
import { RecentPageDto } from './dto/recent-page.dto';
|
||||
import { DuplicatePageDto } from './dto/duplicate-page.dto';
|
||||
import { DeletedPageDto } from './dto/deleted-page.dto';
|
||||
import { AddPageMembersDto } from './dto/add-page-members.dto';
|
||||
import { RemovePageMemberDto } from './dto/remove-page-member.dto';
|
||||
import { UpdatePageMemberRoleDto } from './dto/update-page-member-role.dto';
|
||||
import { UpdatePagePermissionDto } from './dto/update-page-permission.dto';
|
||||
import { GetPageMembersDto } from './dto/get-page-members.dto';
|
||||
import {
|
||||
PagePermissionService,
|
||||
PagePermissionsResponse,
|
||||
} from './services/page-member.service';
|
||||
import PageAbilityFactory from '../casl/abilities/page-ability.factory';
|
||||
import {
|
||||
PageCaslAction,
|
||||
PageCaslSubject,
|
||||
} from '../casl/interfaces/page-ability.type';
|
||||
|
||||
@UseGuards(JwtAuthGuard)
|
||||
@Controller('pages')
|
||||
@@ -44,6 +59,9 @@ export class PageController {
|
||||
private readonly pageRepo: PageRepo,
|
||||
private readonly pageHistoryService: PageHistoryService,
|
||||
private readonly spaceAbility: SpaceAbilityFactory,
|
||||
private readonly pageAbility: PageAbilityFactory,
|
||||
private readonly pagePermissionService: PagePermissionService,
|
||||
private readonly sharedPagesRepo: SharedPagesRepo,
|
||||
) {}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@@ -61,11 +79,21 @@ export class PageController {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
const pageAbility = await this.pageAbility.createForUser(user, page.id);
|
||||
|
||||
if (pageAbility.cannot(PageCaslAction.Read, PageCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
/*const ability = await this.spaceAbility.createForUser(
|
||||
user,
|
||||
page.spaceId,
|
||||
);
|
||||
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}*/
|
||||
|
||||
return page;
|
||||
}
|
||||
|
||||
@@ -194,7 +222,7 @@ export class PageController {
|
||||
deletedPageDto.spaceId,
|
||||
);
|
||||
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
@@ -372,4 +400,142 @@ export class PageController {
|
||||
}
|
||||
return this.pageService.getPageBreadCrumbs(page.id);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/add')
|
||||
async addPageMembers(
|
||||
@Body() dto: AddPageMembersDto,
|
||||
@AuthUser() user: User,
|
||||
@AuthWorkspace() workspace: Workspace,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return this.pagePermissionService.addMembersToPageBatch(
|
||||
dto,
|
||||
user,
|
||||
workspace.id,
|
||||
);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/remove')
|
||||
async removePageMember(
|
||||
@Body() dto: RemovePageMemberDto,
|
||||
@AuthUser() user: User,
|
||||
@AuthWorkspace() workspace: Workspace,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return this.pagePermissionService.removePageMember(dto, workspace.id);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/update-role')
|
||||
async updatePageMemberRole(
|
||||
@Body() dto: UpdatePageMemberRoleDto,
|
||||
@AuthUser() user: User,
|
||||
@AuthWorkspace() workspace: Workspace,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return this.pagePermissionService.updatePageMemberRole(dto, workspace.id);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/update')
|
||||
async updatePagePermissions(
|
||||
@Body() dto: UpdatePagePermissionDto,
|
||||
@AuthUser() user: User,
|
||||
): Promise<PagePermissionsResponse> {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return this.pagePermissionService.updatePagePermission(dto);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/info')
|
||||
async getPagePermissions(
|
||||
@Body() dto: PageIdDto,
|
||||
@AuthUser() user: User,
|
||||
): Promise<PagePermissionsResponse> {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
return this.pagePermissionService.getPagePermissions(dto.pageId);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('permissions/list')
|
||||
async getPageMembers(
|
||||
@Body() dto: GetPageMembersDto,
|
||||
@AuthUser() user: User,
|
||||
@AuthWorkspace() workspace: Workspace,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const ability = await this.spaceAbility.createForUser(user, page.spaceId);
|
||||
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Page)) {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
const pagination: PaginationOptions = {
|
||||
page: dto.page || 1,
|
||||
limit: dto.limit || 20,
|
||||
query: dto.query,
|
||||
};
|
||||
|
||||
return this.pagePermissionService.getPageMembers(
|
||||
dto.pageId,
|
||||
workspace.id,
|
||||
pagination,
|
||||
);
|
||||
}
|
||||
|
||||
@HttpCode(HttpStatus.OK)
|
||||
@Post('shared')
|
||||
async getUserSharedPages(@AuthUser() user: User) {
|
||||
return this.sharedPagesRepo.getUserSharedPages(user.id);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,12 +3,20 @@ import { PageService } from './services/page.service';
|
||||
import { PageController } from './page.controller';
|
||||
import { PageHistoryService } from './services/page-history.service';
|
||||
import { TrashCleanupService } from './services/trash-cleanup.service';
|
||||
import { PagePermissionService } from './services/page-member.service';
|
||||
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
|
||||
import { StorageModule } from '../../integrations/storage/storage.module';
|
||||
|
||||
@Module({
|
||||
controllers: [PageController],
|
||||
providers: [PageService, PageHistoryService, TrashCleanupService],
|
||||
exports: [PageService, PageHistoryService],
|
||||
imports: [StorageModule]
|
||||
providers: [
|
||||
PageService,
|
||||
PageHistoryService,
|
||||
TrashCleanupService,
|
||||
PagePermissionService,
|
||||
SharedPagesRepo,
|
||||
],
|
||||
exports: [PageService, PageHistoryService, PagePermissionService],
|
||||
imports: [StorageModule],
|
||||
})
|
||||
export class PageModule {}
|
||||
|
||||
@@ -0,0 +1,632 @@
|
||||
import {
|
||||
BadRequestException,
|
||||
Injectable,
|
||||
NotFoundException,
|
||||
} from '@nestjs/common';
|
||||
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
|
||||
import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
|
||||
import {
|
||||
PagePermissionRepo,
|
||||
PageMemberRole,
|
||||
} from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
import { SharedPagesRepo } from '@docmost/db/repos/page/shared-pages.repo';
|
||||
import { AddPageMembersDto } from '../dto/add-page-members.dto';
|
||||
import { InjectKysely } from 'nestjs-kysely';
|
||||
import { Page, PagePermission, User } from '@docmost/db/types/entity.types';
|
||||
import { PageRepo } from '@docmost/db/repos/page/page.repo';
|
||||
import { RemovePageMemberDto } from '../dto/remove-page-member.dto';
|
||||
import { UpdatePageMemberRoleDto } from '../dto/update-page-member-role.dto';
|
||||
import { UpdatePagePermissionDto } from '../dto/update-page-permission.dto';
|
||||
import { UserRepo } from '@docmost/db/repos/user/user.repo';
|
||||
import { GroupRepo } from '@docmost/db/repos/group/group.repo';
|
||||
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
|
||||
import { executeTx } from '@docmost/db/utils';
|
||||
|
||||
export interface IPagePermission {
|
||||
id: string;
|
||||
cascade: boolean;
|
||||
member: {
|
||||
id: string;
|
||||
type: 'user' | 'group' | 'public';
|
||||
email?: string;
|
||||
displayName?: string;
|
||||
avatarUrl?: string;
|
||||
workspaceRole?: string;
|
||||
name?: string;
|
||||
memberCount?: number;
|
||||
};
|
||||
membershipRole: {
|
||||
id: string;
|
||||
level: string;
|
||||
source: 'direct' | 'inherited';
|
||||
};
|
||||
grantedBy: {
|
||||
id: string;
|
||||
type: 'page' | 'space';
|
||||
title?: string;
|
||||
name?: string;
|
||||
parentId?: string;
|
||||
};
|
||||
}
|
||||
|
||||
export interface PagePermissionsResponse {
|
||||
page: {
|
||||
id: string;
|
||||
title: string;
|
||||
hasCustomPermissions: boolean;
|
||||
inheritPermissions: boolean;
|
||||
permissions: IPagePermission[];
|
||||
};
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class PagePermissionService {
|
||||
constructor(
|
||||
private pageMemberRepo: PagePermissionRepo,
|
||||
private pageRepo: PageRepo,
|
||||
private sharedPagesRepo: SharedPagesRepo,
|
||||
private userRepo: UserRepo,
|
||||
private groupRepo: GroupRepo,
|
||||
private spaceMemberRepo: SpaceMemberRepo,
|
||||
@InjectKysely() private readonly db: KyselyDB,
|
||||
) {}
|
||||
|
||||
async addUserToPage(
|
||||
userId: string,
|
||||
pageId: string,
|
||||
role: string,
|
||||
workspaceId: string,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
await this.pageMemberRepo.insertPageMember(
|
||||
{
|
||||
userId: userId,
|
||||
pageId: pageId,
|
||||
role: role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
}
|
||||
|
||||
async addGroupToPage(
|
||||
groupId: string,
|
||||
pageId: string,
|
||||
role: string,
|
||||
workspaceId: string,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
await this.pageMemberRepo.insertPageMember(
|
||||
{
|
||||
groupId: groupId,
|
||||
pageId: pageId,
|
||||
role: role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
}
|
||||
|
||||
async getPageMembers(
|
||||
pageId: string,
|
||||
workspaceId: string,
|
||||
pagination: PaginationOptions,
|
||||
) {
|
||||
const page = await this.pageRepo.findById(pageId);
|
||||
// const page = await this.pageRepo.findById(pageId, { workspaceId });
|
||||
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const members = await this.pageMemberRepo.getPageMembersPaginated(
|
||||
pageId,
|
||||
pagination,
|
||||
);
|
||||
|
||||
return members;
|
||||
}
|
||||
|
||||
async addMembersToPageBatch(
|
||||
dto: AddPageMembersDto,
|
||||
authUser: User,
|
||||
workspaceId: string,
|
||||
): Promise<void> {
|
||||
try {
|
||||
const page = await this.pageRepo.findById(dto.pageId);
|
||||
//const page = await this.pageRepo.findById(dto.pageId, { workspaceId });
|
||||
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
// Validate role
|
||||
if (!Object.values(PageMemberRole).includes(dto.role as PageMemberRole)) {
|
||||
throw new BadRequestException(`Invalid role: ${dto.role}`);
|
||||
}
|
||||
|
||||
// Enable custom permissions if adding first member
|
||||
/*if (!page.hasCustomPermissions) {
|
||||
await this.pageRepo.update(dto.pageId, {
|
||||
hasCustomPermissions: true,
|
||||
inheritPermissions: false,
|
||||
});
|
||||
}*/
|
||||
|
||||
// Make sure we have valid workspace users
|
||||
const validUsersQuery = this.db
|
||||
.selectFrom('users')
|
||||
.select(['id', 'name'])
|
||||
.where('users.id', 'in', dto.userIds)
|
||||
.where('users.workspaceId', '=', workspaceId)
|
||||
.where(({ not, exists, selectFrom }) =>
|
||||
not(
|
||||
exists(
|
||||
selectFrom('pagePermissions')
|
||||
.select('id')
|
||||
.whereRef('pagePermissions.userId', '=', 'users.id')
|
||||
.where('pagePermissions.pageId', '=', dto.pageId),
|
||||
),
|
||||
),
|
||||
);
|
||||
|
||||
const validGroupsQuery = this.db
|
||||
.selectFrom('groups')
|
||||
.select(['id', 'name'])
|
||||
.where('groups.id', 'in', dto.groupIds)
|
||||
.where('groups.workspaceId', '=', workspaceId)
|
||||
.where(({ not, exists, selectFrom }) =>
|
||||
not(
|
||||
exists(
|
||||
selectFrom('pagePermissions')
|
||||
.select('id')
|
||||
.whereRef('pagePermissions.groupId', '=', 'groups.id')
|
||||
.where('pagePermissions.pageId', '=', dto.pageId),
|
||||
),
|
||||
),
|
||||
);
|
||||
|
||||
let validUsers = [],
|
||||
validGroups = [];
|
||||
if (dto.userIds && dto.userIds.length > 0) {
|
||||
validUsers = await validUsersQuery.execute();
|
||||
}
|
||||
if (dto.groupIds && dto.groupIds.length > 0) {
|
||||
validGroups = await validGroupsQuery.execute();
|
||||
}
|
||||
|
||||
const usersToAdd = [];
|
||||
for (const user of validUsers) {
|
||||
usersToAdd.push({
|
||||
pageId: dto.pageId,
|
||||
userId: user.id,
|
||||
role: dto.role,
|
||||
addedById: authUser.id,
|
||||
});
|
||||
|
||||
// Track orphaned page access if user doesn't have parent access
|
||||
if (page.parentPageId && dto.role !== PageMemberRole.NONE) {
|
||||
const hasParentAccess = await this.checkParentAccess(
|
||||
user.id,
|
||||
page.parentPageId,
|
||||
);
|
||||
if (!hasParentAccess) {
|
||||
await this.sharedPagesRepo.addSharedPage(user.id, dto.pageId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const groupsToAdd = [];
|
||||
for (const group of validGroups) {
|
||||
groupsToAdd.push({
|
||||
pageId: dto.pageId,
|
||||
groupId: group.id,
|
||||
role: dto.role,
|
||||
addedById: authUser.id,
|
||||
});
|
||||
}
|
||||
|
||||
const membersToAdd = [...usersToAdd, ...groupsToAdd];
|
||||
if (membersToAdd.length > 0) {
|
||||
await this.db
|
||||
.insertInto('pagePermissions')
|
||||
.values(membersToAdd)
|
||||
.execute();
|
||||
}
|
||||
|
||||
// Apply to child pages if requested
|
||||
if (dto.cascade) {
|
||||
await this.cascadeToChildren(dto.pageId, membersToAdd);
|
||||
}
|
||||
} catch (error) {
|
||||
if (
|
||||
error instanceof NotFoundException ||
|
||||
error instanceof BadRequestException
|
||||
) {
|
||||
throw error;
|
||||
}
|
||||
throw new BadRequestException(
|
||||
'Failed to add members to page. Please try again.',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
async removePageMember(
|
||||
dto: RemovePageMemberDto,
|
||||
workspaceId: string,
|
||||
): Promise<void> {
|
||||
const member = await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
|
||||
.select(['pagePermissions.id', 'pagePermissions.userId'])
|
||||
.where('pagePermissions.id', '=', dto.memberId)
|
||||
.where('pagePermissions.pageId', '=', dto.pageId)
|
||||
.where('pages.workspaceId', '=', workspaceId)
|
||||
.executeTakeFirst();
|
||||
|
||||
if (!member) {
|
||||
throw new NotFoundException('Page member not found');
|
||||
}
|
||||
|
||||
// Check if this is the last admin
|
||||
const adminCount = await this.pageMemberRepo.roleCountByPageId(
|
||||
PageMemberRole.ADMIN,
|
||||
dto.pageId,
|
||||
);
|
||||
|
||||
if (adminCount === 1) {
|
||||
const memberToRemove = await this.pageMemberRepo.getPageMemberByTypeId(
|
||||
dto.pageId,
|
||||
{ userId: member.userId },
|
||||
);
|
||||
if (memberToRemove?.role === PageMemberRole.ADMIN) {
|
||||
throw new BadRequestException('Cannot remove the last admin from page');
|
||||
}
|
||||
}
|
||||
|
||||
await this.pageMemberRepo.removePageMemberById(dto.memberId, dto.pageId);
|
||||
|
||||
// Remove from shared pages if it was tracked
|
||||
if (member.userId) {
|
||||
await this.sharedPagesRepo.removeSharedPage(member.userId, dto.pageId);
|
||||
}
|
||||
}
|
||||
|
||||
async updatePageMemberRole(
|
||||
dto: UpdatePageMemberRoleDto,
|
||||
workspaceId: string,
|
||||
): Promise<void> {
|
||||
const member = await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
|
||||
.select(['pagePermissions.id', 'pagePermissions.role'])
|
||||
.where('pagePermissions.id', '=', dto.memberId)
|
||||
.where('pagePermissions.pageId', '=', dto.pageId)
|
||||
.where('pages.workspaceId', '=', workspaceId)
|
||||
.executeTakeFirst();
|
||||
|
||||
if (!member) {
|
||||
throw new NotFoundException('Page member not found');
|
||||
}
|
||||
|
||||
if (
|
||||
member.role === PageMemberRole.ADMIN &&
|
||||
dto.role !== PageMemberRole.ADMIN
|
||||
) {
|
||||
const adminCount = await this.pageMemberRepo.roleCountByPageId(
|
||||
PageMemberRole.ADMIN,
|
||||
dto.pageId,
|
||||
);
|
||||
if (adminCount === 1) {
|
||||
throw new BadRequestException('Cannot change role of the last admin');
|
||||
}
|
||||
}
|
||||
|
||||
await this.pageMemberRepo.updatePageMember(
|
||||
{ role: dto.role },
|
||||
dto.memberId,
|
||||
dto.pageId,
|
||||
);
|
||||
}
|
||||
|
||||
async updatePagePermission(
|
||||
dto: UpdatePagePermissionDto,
|
||||
): Promise<PagePermissionsResponse> {
|
||||
const { pageId, userId, groupId, role, cascade } = dto;
|
||||
|
||||
try {
|
||||
// Validate inputs
|
||||
if (!userId && !groupId) {
|
||||
throw new BadRequestException(
|
||||
'Either userId or groupId must be provided',
|
||||
);
|
||||
}
|
||||
|
||||
if (userId && groupId) {
|
||||
throw new BadRequestException('Cannot provide both userId and groupId');
|
||||
}
|
||||
|
||||
if (!Object.values(PageMemberRole).includes(role as PageMemberRole)) {
|
||||
throw new BadRequestException(`Invalid role: ${role}`);
|
||||
}
|
||||
|
||||
await executeTx(this.db, async (trx) => {
|
||||
// Update the role
|
||||
if (userId) {
|
||||
await this.pageMemberRepo.upsertPageMember(
|
||||
{
|
||||
pageId,
|
||||
userId,
|
||||
role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
} else if (groupId) {
|
||||
await this.pageMemberRepo.upsertPageMember(
|
||||
{
|
||||
pageId,
|
||||
groupId,
|
||||
role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
}
|
||||
|
||||
// Mark page as having custom permissions
|
||||
/* await this.pageRepo.update(
|
||||
pageId,
|
||||
{
|
||||
hasCustomPermissions: true,
|
||||
inheritPermissions: false,
|
||||
},
|
||||
trx,
|
||||
);*/
|
||||
|
||||
// Cascade to children if requested
|
||||
if (cascade) {
|
||||
const descendants = await this.pageRepo.getAllDescendants(
|
||||
pageId,
|
||||
trx,
|
||||
);
|
||||
for (const childId of descendants) {
|
||||
if (userId) {
|
||||
await this.pageMemberRepo.upsertPageMember(
|
||||
{
|
||||
pageId: childId,
|
||||
userId,
|
||||
role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
} else if (groupId) {
|
||||
await this.pageMemberRepo.upsertPageMember(
|
||||
{
|
||||
pageId: childId,
|
||||
groupId,
|
||||
role,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// Return comprehensive permission data
|
||||
return this.getPagePermissions(pageId);
|
||||
} catch (error) {
|
||||
if (error instanceof BadRequestException) {
|
||||
throw error;
|
||||
}
|
||||
throw new BadRequestException(
|
||||
'Failed to update page permissions. Please try again.',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
async getPagePermissions(pageId: string): Promise<PagePermissionsResponse> {
|
||||
const page = await this.pageRepo.findById(pageId, { includeSpace: true });
|
||||
if (!page) {
|
||||
throw new NotFoundException('Page not found');
|
||||
}
|
||||
|
||||
const permissions: IPagePermission[] = [];
|
||||
|
||||
// 1. Get direct page members
|
||||
const directMembers = await this.pageMemberRepo.getPageMembers(pageId);
|
||||
|
||||
// Batch fetch all users and groups
|
||||
const userIds = directMembers.filter((m) => m.userId).map((m) => m.userId);
|
||||
const groupIds = directMembers
|
||||
.filter((m) => m.groupId)
|
||||
.map((m) => m.groupId);
|
||||
|
||||
const [users, groups] = await Promise.all([
|
||||
userIds.length > 0
|
||||
? this.db
|
||||
.selectFrom('users')
|
||||
.selectAll()
|
||||
.where('id', 'in', userIds)
|
||||
.execute()
|
||||
: Promise.resolve([]),
|
||||
groupIds.length > 0
|
||||
? this.db
|
||||
.selectFrom('groups')
|
||||
.selectAll()
|
||||
.where('id', 'in', groupIds)
|
||||
.execute()
|
||||
: Promise.resolve([]),
|
||||
]);
|
||||
|
||||
const userMap = new Map(users.map((u) => [u.id, u] as const));
|
||||
const groupMap = new Map(groups.map((g) => [g.id, g] as const));
|
||||
|
||||
// Build permissions with batch-fetched data
|
||||
for (const member of directMembers) {
|
||||
let memberData: any = null;
|
||||
|
||||
if (member.userId) {
|
||||
const user = userMap.get(member.userId);
|
||||
if (user) {
|
||||
memberData = {
|
||||
id: user.id,
|
||||
type: 'user' as const,
|
||||
email: user.email,
|
||||
displayName: user.name,
|
||||
avatarUrl: user.avatarUrl,
|
||||
workspaceRole: user.role,
|
||||
};
|
||||
}
|
||||
} else if (member.groupId) {
|
||||
const group = groupMap.get(member.groupId);
|
||||
if (group) {
|
||||
memberData = {
|
||||
id: group.id,
|
||||
type: 'group' as const,
|
||||
name: group.name,
|
||||
memberCount: await this.db
|
||||
.selectFrom('groupUsers')
|
||||
.select((eb) => eb.fn.count('userId').as('count'))
|
||||
.where('groupId', '=', group.id)
|
||||
.executeTakeFirst()
|
||||
.then((result) => Number(result?.count || 0)),
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
if (memberData) {
|
||||
permissions.push({
|
||||
id: member.id,
|
||||
cascade: true, // Page permissions cascade by default
|
||||
member: memberData,
|
||||
membershipRole: {
|
||||
id: member.id,
|
||||
level: member.role,
|
||||
source: 'direct',
|
||||
},
|
||||
grantedBy: {
|
||||
id: pageId,
|
||||
type: 'page',
|
||||
title: page.title,
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// 2. Get inherited space members (if page inherits)
|
||||
if (page) {
|
||||
//if (page.inheritPermissions || !page.hasCustomPermissions) {
|
||||
const spaceMembers = await this.spaceMemberRepo.getSpaceMembersPaginated(
|
||||
page.spaceId,
|
||||
{ page: 1, limit: 100 },
|
||||
);
|
||||
|
||||
for (const spaceMember of spaceMembers.items as any[]) {
|
||||
// Skip if user has direct page permission
|
||||
const hasDirect = directMembers.some(
|
||||
(dm) =>
|
||||
(dm.userId === spaceMember.id && spaceMember.type === 'user') ||
|
||||
(dm.groupId === spaceMember.id && spaceMember.type === 'group'),
|
||||
);
|
||||
if (!hasDirect) {
|
||||
permissions.push({
|
||||
id: `space-${spaceMember.id}`,
|
||||
cascade: false, // Space permissions don't cascade to page children
|
||||
member: {
|
||||
id: spaceMember.id,
|
||||
type: spaceMember.type as 'user' | 'group',
|
||||
email: spaceMember.email,
|
||||
displayName: spaceMember.name,
|
||||
avatarUrl: spaceMember.avatarUrl,
|
||||
name: spaceMember.name,
|
||||
memberCount: Number(spaceMember.memberCount || 0),
|
||||
},
|
||||
membershipRole: {
|
||||
id: `space-role-${spaceMember.id}`,
|
||||
level: spaceMember.role,
|
||||
source: 'inherited',
|
||||
},
|
||||
grantedBy: {
|
||||
id: page.spaceId,
|
||||
type: 'space',
|
||||
name: (page as any).space?.name,
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
page: {
|
||||
id: page.id,
|
||||
title: page.title,
|
||||
hasCustomPermissions: true,
|
||||
inheritPermissions: false,
|
||||
permissions,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
private async checkParentAccess(
|
||||
userId: string,
|
||||
parentPageId: string | null,
|
||||
): Promise<boolean> {
|
||||
if (!parentPageId) return true; // Root pages always accessible
|
||||
|
||||
const parentAccess = await this.pageMemberRepo.resolveUserPageAccess(
|
||||
userId,
|
||||
parentPageId,
|
||||
);
|
||||
return parentAccess !== null && parentAccess !== PageMemberRole.NONE;
|
||||
}
|
||||
|
||||
private async cascadeToChildren(
|
||||
pageId: string,
|
||||
membersToAdd: any[],
|
||||
): Promise<void> {
|
||||
const descendants = await this.pageRepo.getAllDescendants(pageId);
|
||||
if (descendants.length === 0) return;
|
||||
|
||||
// Separate user and group members for proper conflict handling
|
||||
const userMembers = membersToAdd.filter((m) => m.userId);
|
||||
const groupMembers = membersToAdd.filter((m) => m.groupId);
|
||||
|
||||
for (const childId of descendants) {
|
||||
// Handle user members with proper conflict resolution
|
||||
if (userMembers.length > 0) {
|
||||
const childUserMembers = userMembers.map((m) => ({
|
||||
...m,
|
||||
pageId: childId,
|
||||
}));
|
||||
|
||||
await this.db
|
||||
.insertInto('pagePermissions')
|
||||
.values(childUserMembers)
|
||||
.onConflict((oc) =>
|
||||
oc.columns(['pageId', 'userId']).doUpdateSet({
|
||||
role: (eb) => eb.ref('excluded.role'),
|
||||
updatedAt: new Date(),
|
||||
}),
|
||||
)
|
||||
.execute();
|
||||
}
|
||||
|
||||
// Handle group members separately
|
||||
if (groupMembers.length > 0) {
|
||||
const childGroupMembers = groupMembers.map((m) => ({
|
||||
...m,
|
||||
pageId: childId,
|
||||
}));
|
||||
|
||||
await this.db
|
||||
.insertInto('pagePermissions')
|
||||
.values(childGroupMembers)
|
||||
.onConflict((oc) =>
|
||||
oc.columns(['pageId', 'groupId']).doUpdateSet({
|
||||
role: (eb) => eb.ref('excluded.role'),
|
||||
updatedAt: new Date(),
|
||||
}),
|
||||
)
|
||||
.execute();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -109,7 +109,8 @@ export class PageService {
|
||||
.selectFrom('pages')
|
||||
.select(['position'])
|
||||
.where('spaceId', '=', spaceId)
|
||||
.orderBy('position', 'desc')
|
||||
.where('deletedAt', 'is', null)
|
||||
.orderBy('position', (ob) => ob.collate('C').desc())
|
||||
.limit(1);
|
||||
|
||||
if (parentPageId) {
|
||||
@@ -190,7 +191,7 @@ export class PageService {
|
||||
'deletedAt',
|
||||
])
|
||||
.select((eb) => this.pageRepo.withHasChildren(eb))
|
||||
.orderBy('position', 'asc')
|
||||
.orderBy('position', (ob) => ob.collate('C').asc())
|
||||
.where('deletedAt', 'is', null)
|
||||
.where('spaceId', '=', spaceId);
|
||||
|
||||
|
||||
@@ -59,6 +59,7 @@ export class SearchService {
|
||||
.$if(Boolean(searchParams.creatorId), (qb) =>
|
||||
qb.where('creatorId', '=', searchParams.creatorId),
|
||||
)
|
||||
.where('deletedAt', 'is', null)
|
||||
.orderBy('rank', 'desc')
|
||||
.limit(searchParams.limit | 20)
|
||||
.offset(searchParams.offset || 0);
|
||||
@@ -191,6 +192,7 @@ export class SearchService {
|
||||
sql`LOWER(f_unaccent(${`%${query}%`}))`,
|
||||
),
|
||||
)
|
||||
.where('deletedAt', 'is', null)
|
||||
.where('workspaceId', '=', workspaceId)
|
||||
.limit(limit);
|
||||
|
||||
|
||||
@@ -108,12 +108,12 @@ export class ShareService {
|
||||
includeCreator: true,
|
||||
});
|
||||
|
||||
page.content = await this.updatePublicAttachments(page);
|
||||
|
||||
if (!page) {
|
||||
if (!page || page.deletedAt) {
|
||||
throw new NotFoundException('Shared page not found');
|
||||
}
|
||||
|
||||
page.content = await this.updatePublicAttachments(page);
|
||||
|
||||
return { page, share };
|
||||
}
|
||||
|
||||
@@ -132,6 +132,7 @@ export class ShareService {
|
||||
sql`0`.as('level'),
|
||||
])
|
||||
.where(isValidUUID(pageId) ? 'id' : 'slugId', '=', pageId)
|
||||
.where('deletedAt', 'is', null)
|
||||
.unionAll((union) =>
|
||||
union
|
||||
.selectFrom('pages as p')
|
||||
@@ -144,7 +145,8 @@ export class ShareService {
|
||||
// Increase the level by 1 for each ancestor.
|
||||
sql`ph.level + 1`.as('level'),
|
||||
])
|
||||
.innerJoin('page_hierarchy as ph', 'ph.parentPageId', 'p.id'),
|
||||
.innerJoin('page_hierarchy as ph', 'ph.parentPageId', 'p.id')
|
||||
.where('p.deletedAt', 'is', null),
|
||||
),
|
||||
)
|
||||
.selectFrom('page_hierarchy')
|
||||
|
||||
@@ -25,6 +25,7 @@ import { MigrationService } from '@docmost/db/services/migration.service';
|
||||
import { UserTokenRepo } from './repos/user-token/user-token.repo';
|
||||
import { BacklinkRepo } from '@docmost/db/repos/backlink/backlink.repo';
|
||||
import { ShareRepo } from '@docmost/db/repos/share/share.repo';
|
||||
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission-repo.service';
|
||||
|
||||
// https://github.com/brianc/node-postgres/issues/811
|
||||
types.setTypeParser(types.builtins.INT8, (val) => Number(val));
|
||||
@@ -75,7 +76,8 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
|
||||
AttachmentRepo,
|
||||
UserTokenRepo,
|
||||
BacklinkRepo,
|
||||
ShareRepo
|
||||
ShareRepo,
|
||||
PagePermissionRepo,
|
||||
],
|
||||
exports: [
|
||||
WorkspaceRepo,
|
||||
@@ -90,7 +92,8 @@ types.setTypeParser(types.builtins.INT8, (val) => Number(val));
|
||||
AttachmentRepo,
|
||||
UserTokenRepo,
|
||||
BacklinkRepo,
|
||||
ShareRepo
|
||||
ShareRepo,
|
||||
PagePermissionRepo,
|
||||
],
|
||||
})
|
||||
export class DatabaseModule
|
||||
|
||||
@@ -0,0 +1,90 @@
|
||||
import { Kysely, sql } from 'kysely';
|
||||
|
||||
export async function up(db: Kysely<any>): Promise<void> {
|
||||
await db.schema
|
||||
.createTable('page_permissions')
|
||||
.addColumn('id', 'uuid', (col) =>
|
||||
col.primaryKey().defaultTo(sql`gen_uuid_v7()`),
|
||||
)
|
||||
.addColumn('user_id', 'uuid', (col) =>
|
||||
col.references('users.id').onDelete('cascade'),
|
||||
)
|
||||
.addColumn('group_id', 'uuid', (col) =>
|
||||
col.references('groups.id').onDelete('cascade'),
|
||||
)
|
||||
.addColumn('page_id', 'uuid', (col) =>
|
||||
col.notNull().references('pages.id').onDelete('cascade'),
|
||||
)
|
||||
.addColumn('role', 'varchar', (col) => col.notNull())
|
||||
.addColumn('cascade', 'boolean', (col) => col.defaultTo(true).notNull()) // children can inherit
|
||||
.addColumn('added_by_id', 'uuid', (col) =>
|
||||
col.references('users.id').onDelete('set null'),
|
||||
)
|
||||
.addColumn('created_at', 'timestamptz', (col) =>
|
||||
col.notNull().defaultTo(sql`now()`),
|
||||
)
|
||||
.addColumn('updated_at', 'timestamptz', (col) =>
|
||||
col.notNull().defaultTo(sql`now()`),
|
||||
)
|
||||
.addColumn('deleted_at', 'timestamptz')
|
||||
.addUniqueConstraint('unique_page_user', ['page_id', 'user_id'])
|
||||
.addUniqueConstraint('unique_page_group', ['page_id', 'group_id'])
|
||||
.addCheckConstraint(
|
||||
'allow_either_user_id_or_group_id_check',
|
||||
sql`(user_id IS NOT NULL AND group_id IS NULL) OR (user_id IS NULL AND group_id IS NOT NULL)`,
|
||||
)
|
||||
.execute();
|
||||
|
||||
// Add indexes for performance
|
||||
await db.schema
|
||||
.createIndex('idx_page_permissions_page_id')
|
||||
.on('page_permissions')
|
||||
.column('page_id')
|
||||
.execute();
|
||||
|
||||
await db.schema
|
||||
.createIndex('idx_page_permissions_user_id')
|
||||
.on('page_permissions')
|
||||
.column('user_id')
|
||||
.execute();
|
||||
|
||||
await db.schema
|
||||
.createIndex('idx_page_permissions_group_id')
|
||||
.on('page_permissions')
|
||||
.column('group_id')
|
||||
.execute();
|
||||
|
||||
// Create user_shared_pages table for tracking orphaned page access
|
||||
await db.schema
|
||||
.createTable('user_shared_pages')
|
||||
.addColumn('user_id', 'uuid', (col) =>
|
||||
col.notNull().references('users.id').onDelete('cascade'),
|
||||
)
|
||||
.addColumn('page_id', 'uuid', (col) =>
|
||||
col.notNull().references('pages.id').onDelete('cascade'),
|
||||
)
|
||||
.addColumn('shared_at', 'timestamptz', (col) =>
|
||||
col.notNull().defaultTo(sql`now()`),
|
||||
)
|
||||
.addPrimaryKeyConstraint('user_shared_pages_pkey', ['user_id', 'page_id'])
|
||||
.execute();
|
||||
|
||||
await db.schema
|
||||
.createIndex('idx_user_shared_pages_user_id')
|
||||
.on('user_shared_pages')
|
||||
.column('user_id')
|
||||
.execute();
|
||||
|
||||
await db.schema
|
||||
.createIndex('idx_user_shared_pages_shared_at')
|
||||
.on('user_shared_pages')
|
||||
.column('shared_at')
|
||||
.execute();
|
||||
}
|
||||
|
||||
export async function down(db: Kysely<any>): Promise<void> {
|
||||
// Drop user_shared_pages table
|
||||
await db.schema.dropTable('user_shared_pages').execute();
|
||||
|
||||
await db.schema.dropTable('page_permissions').execute();
|
||||
}
|
||||
@@ -22,5 +22,5 @@ export class PaginationOptions {
|
||||
|
||||
@IsOptional()
|
||||
@IsString()
|
||||
query: string;
|
||||
query?: string;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,589 @@
|
||||
import { BadRequestException, Injectable } from '@nestjs/common';
|
||||
import { InjectKysely } from 'nestjs-kysely';
|
||||
import { KyselyDB, KyselyTransaction } from '../../types/kysely.types';
|
||||
import { sql } from 'kysely';
|
||||
import {
|
||||
InsertablePagePermission,
|
||||
PagePermission,
|
||||
UpdatablePagePermission,
|
||||
} from '../../types/entity.types';
|
||||
import { PaginationOptions } from '../../pagination/pagination-options';
|
||||
import { executeWithPagination } from '../../pagination/pagination';
|
||||
import { GroupRepo } from '../group/group.repo';
|
||||
import { PageRepo } from './page.repo';
|
||||
import { dbOrTx } from '@docmost/db/utils';
|
||||
|
||||
export interface UserPageRole {
|
||||
userId: string;
|
||||
role: string;
|
||||
}
|
||||
|
||||
export interface MemberInfo {
|
||||
id: string;
|
||||
name: string;
|
||||
email?: string;
|
||||
avatarUrl?: string;
|
||||
memberCount?: number;
|
||||
isDefault?: boolean;
|
||||
type: 'user' | 'group';
|
||||
}
|
||||
|
||||
export enum PageMemberRole {
|
||||
ADMIN = 'admin',
|
||||
WRITER = 'writer',
|
||||
READER = 'reader',
|
||||
NONE = 'none',
|
||||
}
|
||||
|
||||
@Injectable()
|
||||
export class PagePermissionRepo {
|
||||
constructor(
|
||||
@InjectKysely() private readonly db: KyselyDB,
|
||||
private readonly groupRepo: GroupRepo,
|
||||
private readonly pageRepo: PageRepo,
|
||||
) {}
|
||||
|
||||
async insertPageMember(
|
||||
insertablePageMember: InsertablePagePermission,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
await db
|
||||
.insertInto('pagePermissions')
|
||||
.values(insertablePageMember)
|
||||
.returningAll()
|
||||
.execute();
|
||||
}
|
||||
|
||||
async upsertPageMember(
|
||||
insertablePageMember: InsertablePagePermission,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
|
||||
// Check if member exists
|
||||
const existing = await this.getPageMemberByTypeId(
|
||||
insertablePageMember.pageId,
|
||||
{
|
||||
userId: insertablePageMember.userId,
|
||||
groupId: insertablePageMember.groupId,
|
||||
},
|
||||
trx,
|
||||
);
|
||||
|
||||
if (existing) {
|
||||
// Update existing member
|
||||
await db
|
||||
.updateTable('pagePermissions')
|
||||
.set({ role: insertablePageMember.role, updatedAt: new Date() })
|
||||
.where('id', '=', existing.id)
|
||||
.execute();
|
||||
} else {
|
||||
// Insert new member
|
||||
await this.insertPageMember(insertablePageMember, trx);
|
||||
}
|
||||
}
|
||||
|
||||
async updatePageMember(
|
||||
updatablePageMember: UpdatablePagePermission,
|
||||
pageMemberId: string,
|
||||
pageId: string,
|
||||
): Promise<void> {
|
||||
await this.db
|
||||
.updateTable('pagePermissions')
|
||||
.set(updatablePageMember)
|
||||
.where('id', '=', pageMemberId)
|
||||
.where('pageId', '=', pageId)
|
||||
.execute();
|
||||
}
|
||||
|
||||
async getPageMemberByTypeId(
|
||||
pageId: string,
|
||||
opts: {
|
||||
userId?: string;
|
||||
groupId?: string;
|
||||
},
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<PagePermission> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
let query = db
|
||||
.selectFrom('pagePermissions')
|
||||
.selectAll()
|
||||
.where('pageId', '=', pageId);
|
||||
if (opts.userId) {
|
||||
query = query.where('userId', '=', opts.userId);
|
||||
} else if (opts.groupId) {
|
||||
query = query.where('groupId', '=', opts.groupId);
|
||||
} else {
|
||||
throw new BadRequestException('Please provide a userId or groupId');
|
||||
}
|
||||
return query.executeTakeFirst();
|
||||
}
|
||||
////////
|
||||
//// get page permission start with user, not group.
|
||||
|
||||
async getUserPagePermission(opts: {
|
||||
pageId: string;
|
||||
userId: string;
|
||||
}): Promise<PagePermission[]> {
|
||||
// Query traverses the page hierarchy and returns ALL permissions found at the closest level
|
||||
// This handles cases where user has multiple permissions (direct + multiple groups)
|
||||
// Returns all permissions regardless of cascade value - cascade check is done in the calling code
|
||||
|
||||
// First, get the page hierarchy with levels
|
||||
const pageHierarchy = await this.db
|
||||
.withRecursive('page_hierarchy', (qb) =>
|
||||
qb
|
||||
.selectFrom('pages')
|
||||
.select(['id as pageId', 'parentPageId', sql<number>`0`.as('level')])
|
||||
.where('id', '=', opts.pageId)
|
||||
.where('deletedAt', 'is', null)
|
||||
.unionAll((eb) =>
|
||||
eb
|
||||
.selectFrom('pages as p')
|
||||
.innerJoin('page_hierarchy as ph', 'p.id', 'ph.parentPageId')
|
||||
.select([
|
||||
'p.id as pageId',
|
||||
'p.parentPageId',
|
||||
sql<number>`ph.level + 1`.as('level'),
|
||||
])
|
||||
.where('p.deletedAt', 'is', null),
|
||||
),
|
||||
)
|
||||
.selectFrom('page_hierarchy')
|
||||
.selectAll()
|
||||
.orderBy('level', 'asc')
|
||||
.execute();
|
||||
|
||||
// Check each level for permissions, starting from the current page
|
||||
for (const page of pageHierarchy) {
|
||||
const permissions = await this.db
|
||||
.selectFrom('pagePermissions as pp')
|
||||
.leftJoin('groupUsers as gu', (join) =>
|
||||
join
|
||||
.onRef('gu.groupId', '=', 'pp.groupId')
|
||||
.on('gu.userId', '=', opts.userId),
|
||||
)
|
||||
.selectAll('pp')
|
||||
.where('pp.pageId', '=', page.pageId)
|
||||
.where('pp.deletedAt', 'is', null)
|
||||
.where((eb) =>
|
||||
eb.or([
|
||||
eb('pp.userId', '=', opts.userId),
|
||||
eb('gu.userId', '=', opts.userId),
|
||||
]),
|
||||
)
|
||||
.execute();
|
||||
|
||||
// If we found permissions at this level, return them all
|
||||
if (permissions.length > 0) {
|
||||
return permissions;
|
||||
}
|
||||
}
|
||||
|
||||
// No permissions found in the hierarchy
|
||||
return [];
|
||||
}
|
||||
|
||||
///////
|
||||
|
||||
async removePageMemberById(
|
||||
memberId: string,
|
||||
pageId: string,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
await db
|
||||
.deleteFrom('pagePermissions')
|
||||
.where('id', '=', memberId)
|
||||
.where('pageId', '=', pageId)
|
||||
.execute();
|
||||
}
|
||||
|
||||
async roleCountByPageId(role: string, pageId: string): Promise<number> {
|
||||
const { count } = await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.select((eb) => eb.fn.count('role').as('count'))
|
||||
.where('role', '=', role)
|
||||
.where('pageId', '=', pageId)
|
||||
.executeTakeFirst();
|
||||
|
||||
return count as number;
|
||||
}
|
||||
|
||||
async getPageMembers(pageId: string): Promise<PagePermission[]> {
|
||||
return await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.selectAll()
|
||||
.where('pageId', '=', pageId)
|
||||
.where('deletedAt', 'is', null)
|
||||
.execute();
|
||||
}
|
||||
|
||||
async getPageMembersPaginated(pageId: string, pagination: PaginationOptions) {
|
||||
let query = this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.leftJoin('users', 'users.id', 'pagePermissions.userId')
|
||||
.leftJoin('groups', 'groups.id', 'pagePermissions.groupId')
|
||||
.select([
|
||||
'pagePermissions.id',
|
||||
'users.id as userId',
|
||||
'users.name as userName',
|
||||
'users.avatarUrl as userAvatarUrl',
|
||||
'users.email as userEmail',
|
||||
'groups.id as groupId',
|
||||
'groups.name as groupName',
|
||||
'groups.isDefault as groupIsDefault',
|
||||
'pagePermissions.role',
|
||||
'pagePermissions.createdAt',
|
||||
])
|
||||
.select((eb) => this.groupRepo.withMemberCount(eb))
|
||||
.where('pageId', '=', pageId)
|
||||
.orderBy((eb) => eb('groups.id', 'is not', null), 'desc')
|
||||
.orderBy('pagePermissions.createdAt', 'asc');
|
||||
|
||||
if (pagination.query) {
|
||||
query = query.where((eb) =>
|
||||
eb(
|
||||
sql`f_unaccent(users.name)`,
|
||||
'ilike',
|
||||
sql`f_unaccent(${'%' + pagination.query + '%'})`,
|
||||
)
|
||||
.or(
|
||||
sql`users.email`,
|
||||
'ilike',
|
||||
sql`f_unaccent(${'%' + pagination.query + '%'})`,
|
||||
)
|
||||
.or(
|
||||
sql`f_unaccent(groups.name)`,
|
||||
'ilike',
|
||||
sql`f_unaccent(${'%' + pagination.query + '%'})`,
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
const result = await executeWithPagination(query, {
|
||||
page: pagination.page,
|
||||
perPage: pagination.limit,
|
||||
});
|
||||
|
||||
let memberInfo: MemberInfo;
|
||||
|
||||
const members = result.items.map((member) => {
|
||||
if (member.userId) {
|
||||
memberInfo = {
|
||||
id: member.userId,
|
||||
name: member.userName,
|
||||
email: member.userEmail,
|
||||
avatarUrl: member.userAvatarUrl,
|
||||
type: 'user',
|
||||
};
|
||||
} else if (member.groupId) {
|
||||
memberInfo = {
|
||||
id: member.groupId,
|
||||
name: member.groupName,
|
||||
memberCount: member.memberCount as number,
|
||||
isDefault: member.groupIsDefault,
|
||||
type: 'group',
|
||||
};
|
||||
}
|
||||
|
||||
return {
|
||||
id: member.id,
|
||||
...memberInfo,
|
||||
role: member.role,
|
||||
createdAt: member.createdAt,
|
||||
};
|
||||
});
|
||||
|
||||
result.items = members as any;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
async getUserPageRoles(
|
||||
userId: string,
|
||||
pageId: string,
|
||||
): Promise<UserPageRole[]> {
|
||||
const roles = await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.select(['userId', 'role'])
|
||||
.where('userId', '=', userId)
|
||||
.where('pageId', '=', pageId)
|
||||
.where('deletedAt', 'is', null)
|
||||
.unionAll(
|
||||
this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.innerJoin(
|
||||
'groupUsers',
|
||||
'groupUsers.groupId',
|
||||
'pagePermissions.groupId',
|
||||
)
|
||||
.select(['groupUsers.userId', 'pagePermissions.role'])
|
||||
.where('groupUsers.userId', '=', userId)
|
||||
.where('pagePermissions.pageId', '=', pageId)
|
||||
.where('pagePermissions.deletedAt', 'is', null),
|
||||
)
|
||||
.execute();
|
||||
|
||||
if (!roles || roles.length === 0) {
|
||||
return undefined;
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
async resolveUserPageAccess(
|
||||
userId: string,
|
||||
pageId: string,
|
||||
): Promise<string | null> {
|
||||
// Use batch method for efficiency - single page is just a batch of 1
|
||||
const accessMap = await this.resolveUserPageAccessBatch(userId, [pageId]);
|
||||
return accessMap.get(pageId) || null;
|
||||
}
|
||||
|
||||
async resolveUserPageAccessBatch(
|
||||
userId: string,
|
||||
pageIds: string[],
|
||||
): Promise<Map<string, string | null>> {
|
||||
if (pageIds.length === 0) {
|
||||
return new Map();
|
||||
}
|
||||
|
||||
// Get all pages and their complete ancestor chains using recursive CTE
|
||||
const pagesWithAncestors = await this.db
|
||||
.withRecursive('page_tree', (qb) =>
|
||||
qb
|
||||
.selectFrom('pages')
|
||||
.select([
|
||||
'id',
|
||||
'parentPageId',
|
||||
// 'hasCustomPermissions',
|
||||
// 'inheritPermissions',
|
||||
])
|
||||
.where('id', 'in', pageIds)
|
||||
.unionAll((eb) =>
|
||||
eb
|
||||
.selectFrom('pages as p')
|
||||
.innerJoin('page_tree as pt', 'p.id', 'pt.parentPageId')
|
||||
.select([
|
||||
'p.id',
|
||||
'p.parentPageId',
|
||||
//'p.hasCustomPermissions',
|
||||
//'p.inheritPermissions',
|
||||
])
|
||||
.where('p.deletedAt', 'is', null),
|
||||
),
|
||||
)
|
||||
.selectFrom('page_tree')
|
||||
.selectAll()
|
||||
.execute();
|
||||
|
||||
console.log('pages', pagesWithAncestors);
|
||||
|
||||
// Build page hierarchy map
|
||||
const pageMap = new Map(pagesWithAncestors.map((p) => [p.id, p]));
|
||||
const allPageIds = Array.from(pageMap.keys());
|
||||
|
||||
// Get ALL permissions (including ancestors) for user in ONE query
|
||||
const allPermissions = await this.db
|
||||
.selectFrom('pagePermissions as pm')
|
||||
.leftJoin('groupUsers as gu', (join) =>
|
||||
join
|
||||
.on('gu.userId', '=', userId)
|
||||
.onRef('gu.groupId', '=', 'pm.groupId'),
|
||||
)
|
||||
.select(['pm.pageId', 'pm.role'])
|
||||
.where('pm.pageId', 'in', allPageIds) // Include ancestor pages
|
||||
.where('pm.deletedAt', 'is', null)
|
||||
.where((eb) =>
|
||||
eb.or([eb('pm.userId', '=', userId), eb('gu.userId', '=', userId)]),
|
||||
)
|
||||
.execute();
|
||||
|
||||
console.log('all permissions', allPermissions);
|
||||
|
||||
// Build permission map
|
||||
const permissionMap = new Map<string, string[]>();
|
||||
allPermissions.forEach((p) => {
|
||||
if (!permissionMap.has(p.pageId)) {
|
||||
permissionMap.set(p.pageId, []);
|
||||
}
|
||||
permissionMap.get(p.pageId).push(p.role);
|
||||
});
|
||||
|
||||
// Process each requested page
|
||||
const accessMap = new Map<string, string | null>();
|
||||
|
||||
for (const pageId of pageIds) {
|
||||
const page = pageMap.get(pageId);
|
||||
if (!page) {
|
||||
accessMap.set(pageId, null);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Build ancestor chain
|
||||
const ancestorChain: string[] = [];
|
||||
let current = page;
|
||||
while (current?.parentPageId) {
|
||||
ancestorChain.push(current.parentPageId);
|
||||
current = pageMap.get(current.parentPageId);
|
||||
}
|
||||
|
||||
// Check for ancestor NONE
|
||||
let hasAncestorDenial = false;
|
||||
for (const ancestorId of ancestorChain) {
|
||||
const ancestorRoles = permissionMap.get(ancestorId) || [];
|
||||
if (ancestorRoles.includes(PageMemberRole.NONE)) {
|
||||
hasAncestorDenial = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
const pageRoles = permissionMap.get(pageId) || [];
|
||||
|
||||
// Apply cascade logic
|
||||
if (hasAncestorDenial) {
|
||||
if (!pageRoles.length) {
|
||||
accessMap.set(pageId, PageMemberRole.NONE); // Inherit denial
|
||||
} else if (pageRoles.includes(PageMemberRole.NONE)) {
|
||||
accessMap.set(pageId, PageMemberRole.NONE); // Explicit denial
|
||||
} else {
|
||||
// Override with explicit permission
|
||||
accessMap.set(pageId, this.findHighestRoleFromStrings(pageRoles));
|
||||
}
|
||||
} else {
|
||||
// No ancestor denial
|
||||
if (pageRoles.includes(PageMemberRole.NONE)) {
|
||||
accessMap.set(pageId, PageMemberRole.NONE);
|
||||
} else if (pageRoles.length > 0) {
|
||||
accessMap.set(pageId, this.findHighestRoleFromStrings(pageRoles));
|
||||
} else {
|
||||
accessMap.set(pageId, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return accessMap;
|
||||
}
|
||||
|
||||
async getUserPageIds(userId: string): Promise<string[]> {
|
||||
const membership = await this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
|
||||
.select(['pages.id'])
|
||||
.where('userId', '=', userId)
|
||||
.where('pagePermissions.role', '!=', PageMemberRole.NONE)
|
||||
.where('pagePermissions.deletedAt', 'is', null)
|
||||
.union(
|
||||
this.db
|
||||
.selectFrom('pagePermissions')
|
||||
.innerJoin(
|
||||
'groupUsers',
|
||||
'groupUsers.groupId',
|
||||
'pagePermissions.groupId',
|
||||
)
|
||||
.innerJoin('pages', 'pages.id', 'pagePermissions.pageId')
|
||||
.select(['pages.id'])
|
||||
.where('groupUsers.userId', '=', userId)
|
||||
.where('pagePermissions.role', '!=', PageMemberRole.NONE)
|
||||
.where('pagePermissions.deletedAt', 'is', null),
|
||||
)
|
||||
.execute();
|
||||
|
||||
return membership.map((page) => page.id);
|
||||
}
|
||||
|
||||
async getUserAccessiblePageIds(
|
||||
userId: string,
|
||||
spaceId: string,
|
||||
pageIds: string[],
|
||||
): Promise<Set<string>> {
|
||||
// Single query to get all page permissions for user
|
||||
const accessiblePages = await this.db
|
||||
.selectFrom('pages as p')
|
||||
.leftJoin('pagePermissions as pm', 'pm.pageId', 'p.id')
|
||||
.leftJoin('groupUsers as gu', (join) =>
|
||||
join
|
||||
.on('gu.userId', '=', userId)
|
||||
.onRef('gu.groupId', '=', 'pm.groupId'),
|
||||
)
|
||||
.select([
|
||||
'p.id',
|
||||
// 'p.hasCustomPermissions',
|
||||
//'p.inheritPermissions',
|
||||
'pm.role',
|
||||
])
|
||||
.where('p.id', 'in', pageIds)
|
||||
.where('p.spaceId', '=', spaceId)
|
||||
.where((eb) =>
|
||||
eb.or([
|
||||
// Pages without custom permissions (inherit from space)
|
||||
// eb('p.hasCustomPermissions', '=', false),
|
||||
// Pages with custom permissions where user has direct access
|
||||
eb.and([
|
||||
// eb('p.hasCustomPermissions', '=', true),
|
||||
eb('pm.userId', '=', userId),
|
||||
eb('pm.role', '!=', PageMemberRole.NONE),
|
||||
eb('pm.deletedAt', 'is', null),
|
||||
]),
|
||||
// Pages with custom permissions where user has group access
|
||||
eb.and([
|
||||
// eb('p.hasCustomPermissions', '=', true),
|
||||
eb('gu.userId', '=', userId),
|
||||
eb('pm.role', '!=', PageMemberRole.NONE),
|
||||
eb('pm.deletedAt', 'is', null),
|
||||
]),
|
||||
// Pages that inherit and user has space access (checked separately)
|
||||
eb.and([
|
||||
// eb('p.hasCustomPermissions', '=', true),
|
||||
// eb('p.inheritPermissions', '=', true),
|
||||
]),
|
||||
]),
|
||||
)
|
||||
.execute();
|
||||
|
||||
// Also need to exclude pages where user has explicit "none" role
|
||||
const blockedPageIds = await this.db
|
||||
.selectFrom('pagePermissions as pm')
|
||||
.leftJoin('groupUsers as gu', (join) =>
|
||||
join
|
||||
.on('gu.userId', '=', userId)
|
||||
.onRef('gu.groupId', '=', 'pm.groupId'),
|
||||
)
|
||||
.select('pm.pageId')
|
||||
.where('pm.pageId', 'in', pageIds)
|
||||
.where('pm.role', '=', PageMemberRole.NONE)
|
||||
.where('pm.deletedAt', 'is', null)
|
||||
.where((eb) =>
|
||||
eb.or([eb('pm.userId', '=', userId), eb('gu.userId', '=', userId)]),
|
||||
)
|
||||
.execute();
|
||||
|
||||
const blockedSet = new Set(blockedPageIds.map((p) => p.pageId));
|
||||
return new Set(
|
||||
accessiblePages.filter((p) => !blockedSet.has(p.id)).map((p) => p.id),
|
||||
);
|
||||
}
|
||||
|
||||
private findHighestRole(roles: UserPageRole[]): string | null {
|
||||
if (!roles || roles.length === 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const roleValues = roles.map((r) => r.role);
|
||||
return this.findHighestRoleFromStrings(roleValues);
|
||||
}
|
||||
|
||||
private findHighestRoleFromStrings(roles: string[]): string | null {
|
||||
if (roles.includes(PageMemberRole.ADMIN)) {
|
||||
return PageMemberRole.ADMIN;
|
||||
}
|
||||
if (roles.includes(PageMemberRole.WRITER)) {
|
||||
return PageMemberRole.WRITER;
|
||||
}
|
||||
if (roles.includes(PageMemberRole.READER)) {
|
||||
return PageMemberRole.READER;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectKysely } from 'nestjs-kysely';
|
||||
import { KyselyDB, KyselyTransaction } from '../../types/kysely.types';
|
||||
import { dbOrTx } from '../../utils';
|
||||
import { dbOrTx, executeTx } from '../../utils';
|
||||
import {
|
||||
InsertablePage,
|
||||
Page,
|
||||
@@ -22,24 +22,6 @@ export class PageRepo {
|
||||
private spaceMemberRepo: SpaceMemberRepo,
|
||||
) {}
|
||||
|
||||
withHasChildren(eb: ExpressionBuilder<DB, 'pages'>) {
|
||||
return eb
|
||||
.selectFrom('pages as child')
|
||||
.select((eb) =>
|
||||
eb
|
||||
.case()
|
||||
.when(eb.fn.countAll(), '>', 0)
|
||||
.then(true)
|
||||
.else(false)
|
||||
.end()
|
||||
.as('count'),
|
||||
)
|
||||
.whereRef('child.parentPageId', '=', 'pages.id')
|
||||
.where('child.deletedAt', 'is', null)
|
||||
.limit(1)
|
||||
.as('hasChildren');
|
||||
}
|
||||
|
||||
private baseFields: Array<keyof Page> = [
|
||||
'id',
|
||||
'slugId',
|
||||
@@ -183,14 +165,20 @@ export class PageRepo {
|
||||
|
||||
const pageIds = descendants.map((d) => d.id);
|
||||
|
||||
await this.db
|
||||
.updateTable('pages')
|
||||
.set({
|
||||
deletedById: deletedById,
|
||||
deletedAt: currentDate,
|
||||
})
|
||||
.where('id', 'in', pageIds)
|
||||
.execute();
|
||||
if (pageIds.length > 0) {
|
||||
await executeTx(this.db, async (trx) => {
|
||||
await trx
|
||||
.updateTable('pages')
|
||||
.set({
|
||||
deletedById: deletedById,
|
||||
deletedAt: currentDate,
|
||||
})
|
||||
.where('id', 'in', pageIds)
|
||||
.execute();
|
||||
|
||||
await trx.deleteFrom('shares').where('pageId', 'in', pageIds).execute();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
async restorePage(pageId: string): Promise<void> {
|
||||
@@ -373,6 +361,24 @@ export class PageRepo {
|
||||
).as('contributors');
|
||||
}
|
||||
|
||||
withHasChildren(eb: ExpressionBuilder<DB, 'pages'>) {
|
||||
return eb
|
||||
.selectFrom('pages as child')
|
||||
.select((eb) =>
|
||||
eb
|
||||
.case()
|
||||
.when(eb.fn.countAll(), '>', 0)
|
||||
.then(true)
|
||||
.else(false)
|
||||
.end()
|
||||
.as('count'),
|
||||
)
|
||||
.whereRef('child.parentPageId', '=', 'pages.id')
|
||||
.where('child.deletedAt', 'is', null)
|
||||
.limit(1)
|
||||
.as('hasChildren');
|
||||
}
|
||||
|
||||
async getPageAndDescendants(
|
||||
parentPageId: string,
|
||||
opts: { includeContent: boolean },
|
||||
@@ -414,4 +420,46 @@ export class PageRepo {
|
||||
.selectAll()
|
||||
.execute();
|
||||
}
|
||||
|
||||
async update(
|
||||
pageId: string,
|
||||
updatablePage: UpdatablePage,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<void> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
await db
|
||||
.updateTable('pages')
|
||||
.set({ ...updatablePage, updatedAt: new Date() })
|
||||
.where('id', '=', pageId)
|
||||
.execute();
|
||||
}
|
||||
|
||||
async getAllDescendants(
|
||||
pageId: string,
|
||||
trx?: KyselyTransaction,
|
||||
): Promise<string[]> {
|
||||
const db = dbOrTx(this.db, trx);
|
||||
|
||||
// Recursive CTE to get all descendants
|
||||
const descendants = await db
|
||||
.withRecursive('page_tree', (qb) =>
|
||||
qb
|
||||
.selectFrom('pages')
|
||||
.select(['id', 'parentPageId'])
|
||||
.where('parentPageId', '=', pageId)
|
||||
.where('deletedAt', 'is', null)
|
||||
.unionAll((eb) =>
|
||||
eb
|
||||
.selectFrom('pages as p')
|
||||
.innerJoin('page_tree as pt', 'p.parentPageId', 'pt.id')
|
||||
.select(['p.id', 'p.parentPageId'])
|
||||
.where('p.deletedAt', 'is', null),
|
||||
),
|
||||
)
|
||||
.selectFrom('page_tree')
|
||||
.select('id')
|
||||
.execute();
|
||||
|
||||
return descendants.map((d) => d.id);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectKysely } from 'nestjs-kysely';
|
||||
import { KyselyDB } from '../../types/kysely.types';
|
||||
import { Page } from '../../types/entity.types';
|
||||
import { PageMemberRole } from './page-permission-repo.service';
|
||||
|
||||
@Injectable()
|
||||
export class SharedPagesRepo {
|
||||
constructor(@InjectKysely() private readonly db: KyselyDB) {}
|
||||
|
||||
async addSharedPage(userId: string, pageId: string): Promise<void> {
|
||||
await this.db
|
||||
.insertInto('userSharedPages')
|
||||
.values({
|
||||
userId,
|
||||
pageId,
|
||||
sharedAt: new Date(),
|
||||
})
|
||||
.onConflict((oc) => oc.columns(['userId', 'pageId']).doNothing())
|
||||
.execute();
|
||||
}
|
||||
|
||||
async removeSharedPage(userId: string, pageId: string): Promise<void> {
|
||||
await this.db
|
||||
.deleteFrom('userSharedPages')
|
||||
.where('userId', '=', userId)
|
||||
.where('pageId', '=', pageId)
|
||||
.execute();
|
||||
}
|
||||
|
||||
async getUserSharedPages(userId: string): Promise<Page[]> {
|
||||
return await this.db
|
||||
.selectFrom('userSharedPages as usp')
|
||||
.innerJoin('pages as p', 'p.id', 'usp.pageId')
|
||||
.innerJoin('pagePermissions as pm', (join) =>
|
||||
join
|
||||
.onRef('pm.pageId', '=', 'p.id')
|
||||
.on('pm.userId', '=', userId)
|
||||
.on('pm.role', '!=', PageMemberRole.NONE),
|
||||
)
|
||||
.selectAll('p')
|
||||
.where('usp.userId', '=', userId)
|
||||
.where('p.deletedAt', 'is', null)
|
||||
.orderBy('usp.sharedAt', 'desc')
|
||||
.execute();
|
||||
}
|
||||
|
||||
async isPageSharedWithUser(userId: string, pageId: string): Promise<boolean> {
|
||||
const result = await this.db
|
||||
.selectFrom('userSharedPages')
|
||||
.select('userId')
|
||||
.where('userId', '=', userId)
|
||||
.where('pageId', '=', pageId)
|
||||
.executeTakeFirst();
|
||||
|
||||
return !!result;
|
||||
}
|
||||
}
|
||||
+30
-3
@@ -5,8 +5,6 @@
|
||||
|
||||
import type { ColumnType } from "kysely";
|
||||
|
||||
export type AuthProviderType = "google" | "oidc" | "saml";
|
||||
|
||||
export type Generated<T> = T extends ColumnType<infer S, infer I, infer U>
|
||||
? ColumnType<S, I | undefined, U>
|
||||
: ColumnType<T, T | undefined, T>;
|
||||
@@ -62,13 +60,21 @@ export interface AuthProviders {
|
||||
deletedAt: Timestamp | null;
|
||||
id: Generated<string>;
|
||||
isEnabled: Generated<boolean>;
|
||||
ldapBaseDn: string | null;
|
||||
ldapBindDn: string | null;
|
||||
ldapBindPassword: string | null;
|
||||
ldapTlsCaCert: string | null;
|
||||
ldapTlsEnabled: Generated<boolean | null>;
|
||||
ldapUrl: string | null;
|
||||
ldapUserAttributes: Json | null;
|
||||
ldapUserSearchFilter: string | null;
|
||||
name: string;
|
||||
oidcClientId: string | null;
|
||||
oidcClientSecret: string | null;
|
||||
oidcIssuer: string | null;
|
||||
samlCertificate: string | null;
|
||||
samlUrl: string | null;
|
||||
type: AuthProviderType;
|
||||
type: string;
|
||||
updatedAt: Generated<Timestamp>;
|
||||
workspaceId: string;
|
||||
}
|
||||
@@ -186,6 +192,19 @@ export interface PageHistory {
|
||||
workspaceId: string;
|
||||
}
|
||||
|
||||
export interface PagePermissions {
|
||||
addedById: string | null;
|
||||
cascade: Generated<boolean>;
|
||||
createdAt: Generated<Timestamp>;
|
||||
deletedAt: Timestamp | null;
|
||||
groupId: string | null;
|
||||
id: Generated<string>;
|
||||
pageId: string;
|
||||
role: string;
|
||||
updatedAt: Generated<Timestamp>;
|
||||
userId: string | null;
|
||||
}
|
||||
|
||||
export interface Pages {
|
||||
content: Json | null;
|
||||
contributorIds: Generated<string[] | null>;
|
||||
@@ -284,6 +303,12 @@ export interface Users {
|
||||
workspaceId: string | null;
|
||||
}
|
||||
|
||||
export interface UserSharedPages {
|
||||
pageId: string;
|
||||
sharedAt: Generated<Timestamp>;
|
||||
userId: string;
|
||||
}
|
||||
|
||||
export interface UserTokens {
|
||||
createdAt: Generated<Timestamp>;
|
||||
expiresAt: Timestamp | null;
|
||||
@@ -342,12 +367,14 @@ export interface DB {
|
||||
groups: Groups;
|
||||
groupUsers: GroupUsers;
|
||||
pageHistory: PageHistory;
|
||||
pagePermissions: PagePermissions;
|
||||
pages: Pages;
|
||||
shares: Shares;
|
||||
spaceMembers: SpaceMembers;
|
||||
spaces: Spaces;
|
||||
userMfa: UserMfa;
|
||||
users: Users;
|
||||
userSharedPages: UserSharedPages;
|
||||
userTokens: UserTokens;
|
||||
workspaceInvitations: WorkspaceInvitations;
|
||||
workspaces: Workspaces;
|
||||
|
||||
@@ -4,8 +4,10 @@ import {
|
||||
Comments,
|
||||
Groups,
|
||||
Pages,
|
||||
PagePermissions,
|
||||
Spaces,
|
||||
Users,
|
||||
UserSharedPages,
|
||||
Workspaces,
|
||||
PageHistory as History,
|
||||
GroupUsers,
|
||||
@@ -48,6 +50,15 @@ export type SpaceMember = Selectable<SpaceMembers>;
|
||||
export type InsertableSpaceMember = Insertable<SpaceMembers>;
|
||||
export type UpdatableSpaceMember = Updateable<Omit<SpaceMembers, 'id'>>;
|
||||
|
||||
// PageMember
|
||||
export type PagePermission = Selectable<PagePermissions>;
|
||||
export type InsertablePagePermission = Insertable<PagePermissions>;
|
||||
export type UpdatablePagePermission = Updateable<Omit<PagePermissions, 'id'>>;
|
||||
|
||||
// UserSharedPage
|
||||
export type UserSharedPage = Selectable<UserSharedPages>;
|
||||
export type InsertableUserSharedPage = Insertable<UserSharedPages>;
|
||||
|
||||
// Group
|
||||
export type ExtendedGroup = Groups & { memberCount: number };
|
||||
|
||||
|
||||
+1
-1
Submodule apps/server/src/ee updated: d39ddc4b5e...fbc01d808f
@@ -23,6 +23,10 @@ export class ExportPageDto {
|
||||
@IsOptional()
|
||||
@IsBoolean()
|
||||
includeChildren?: boolean;
|
||||
|
||||
@IsOptional()
|
||||
@IsBoolean()
|
||||
includeAttachments?: boolean;
|
||||
}
|
||||
|
||||
export class ExportSpaceDto {
|
||||
|
||||
@@ -55,40 +55,22 @@ export class ExportController {
|
||||
throw new ForbiddenException();
|
||||
}
|
||||
|
||||
const fileExt = getExportExtension(dto.format);
|
||||
const fileName = sanitize(page.title || 'untitled') + fileExt;
|
||||
|
||||
if (dto.includeChildren) {
|
||||
const zipFileBuffer = await this.exportService.exportPageWithChildren(
|
||||
dto.pageId,
|
||||
dto.format,
|
||||
);
|
||||
|
||||
const newName = path.parse(fileName).name + '.zip';
|
||||
|
||||
res.headers({
|
||||
'Content-Type': 'application/zip',
|
||||
'Content-Disposition':
|
||||
'attachment; filename="' + encodeURIComponent(newName) + '"',
|
||||
});
|
||||
|
||||
res.send(zipFileBuffer);
|
||||
return;
|
||||
}
|
||||
|
||||
const rawContent = await this.exportService.exportPage(
|
||||
const zipFileBuffer = await this.exportService.exportPages(
|
||||
dto.pageId,
|
||||
dto.format,
|
||||
page,
|
||||
true,
|
||||
dto.includeAttachments,
|
||||
dto.includeChildren,
|
||||
);
|
||||
|
||||
const fileName = sanitize(page.title || 'untitled') + '.zip';
|
||||
|
||||
res.headers({
|
||||
'Content-Type': getMimeType(fileExt),
|
||||
'Content-Type': 'application/zip',
|
||||
'Content-Disposition':
|
||||
'attachment; filename="' + encodeURIComponent(fileName) + '"',
|
||||
});
|
||||
|
||||
res.send(rawContent);
|
||||
res.send(zipFileBuffer);
|
||||
}
|
||||
|
||||
@UseGuards(JwtAuthGuard)
|
||||
|
||||
@@ -89,10 +89,28 @@ export class ExportService {
|
||||
return;
|
||||
}
|
||||
|
||||
async exportPageWithChildren(pageId: string, format: string) {
|
||||
const pages = await this.pageRepo.getPageAndDescendants(pageId, {
|
||||
includeContent: true,
|
||||
});
|
||||
async exportPages(
|
||||
pageId: string,
|
||||
format: string,
|
||||
includeAttachments: boolean,
|
||||
includeChildren: boolean,
|
||||
) {
|
||||
let pages: Page[];
|
||||
|
||||
if (includeChildren) {
|
||||
//@ts-ignore
|
||||
pages = await this.pageRepo.getPageAndDescendants(pageId, {
|
||||
includeContent: true,
|
||||
});
|
||||
} else {
|
||||
// Only fetch the single page when includeChildren is false
|
||||
const page = await this.pageRepo.findById(pageId, {
|
||||
includeContent: true,
|
||||
});
|
||||
if (page){
|
||||
pages = [page];
|
||||
}
|
||||
}
|
||||
|
||||
if (!pages || pages.length === 0) {
|
||||
throw new BadRequestException('No pages to export');
|
||||
@@ -105,7 +123,7 @@ export class ExportService {
|
||||
const tree = buildTree(pages as Page[]);
|
||||
|
||||
const zip = new JSZip();
|
||||
await this.zipPages(tree, format, zip);
|
||||
await this.zipPages(tree, format, zip, includeAttachments);
|
||||
|
||||
const zipFile = zip.generateNodeStream({
|
||||
type: 'nodebuffer',
|
||||
@@ -168,7 +186,7 @@ export class ExportService {
|
||||
tree: PageExportTree,
|
||||
format: string,
|
||||
zip: JSZip,
|
||||
includeAttachments = true,
|
||||
includeAttachments: boolean,
|
||||
): Promise<void> {
|
||||
const slugIdToPath: Record<string, string> = {};
|
||||
|
||||
@@ -200,7 +218,8 @@ export class ExportService {
|
||||
|
||||
if (includeAttachments) {
|
||||
await this.zipAttachments(updatedJsonContent, page.spaceId, folder);
|
||||
updatedJsonContent = updateAttachmentUrlsToLocalPaths(updatedJsonContent);
|
||||
updatedJsonContent =
|
||||
updateAttachmentUrlsToLocalPaths(updatedJsonContent);
|
||||
}
|
||||
|
||||
const pageTitle = getPageTitle(page.title);
|
||||
|
||||
@@ -69,8 +69,17 @@ function taskList(turndownService: TurndownService) {
|
||||
'input[type="checkbox"]',
|
||||
) as HTMLInputElement;
|
||||
const isChecked = checkbox.checked;
|
||||
|
||||
return `- ${isChecked ? '[x]' : '[ ]'} ${content.trim()} \n`;
|
||||
|
||||
// Process content like regular list items
|
||||
content = content
|
||||
.replace(/^\n+/, '') // remove leading newlines
|
||||
.replace(/\n+$/, '\n') // replace trailing newlines with just a single one
|
||||
.replace(/\n/gm, '\n '); // indent nested content with 2 spaces
|
||||
|
||||
// Create the checkbox prefix
|
||||
const prefix = `- ${isChecked ? '[x]' : '[ ]'} `;
|
||||
|
||||
return prefix + content + (node.nextSibling && !/\n$/.test(content) ? '\n' : '');
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
@@ -178,7 +178,7 @@ export class ImportService {
|
||||
.selectFrom('pages')
|
||||
.select(['id', 'position'])
|
||||
.where('spaceId', '=', spaceId)
|
||||
.orderBy('position', 'desc')
|
||||
.orderBy('position', (ob) => ob.collate('C').desc())
|
||||
.limit(1)
|
||||
.where('parentPageId', 'is', null)
|
||||
.executeTakeFirst();
|
||||
|
||||
@@ -40,8 +40,11 @@ export class LocalDriver implements StorageDriver {
|
||||
|
||||
async copy(fromFilePath: string, toFilePath: string): Promise<void> {
|
||||
try {
|
||||
const fromFullPath = this._fullPath(fromFilePath);
|
||||
const toFullPath = this._fullPath(toFilePath);
|
||||
|
||||
if (await this.exists(fromFilePath)) {
|
||||
await fs.copy(fromFilePath, toFilePath);
|
||||
await fs.copy(fromFullPath, toFullPath);
|
||||
}
|
||||
} catch (err) {
|
||||
throw new Error(`Failed to copy file: ${(err as Error).message}`);
|
||||
|
||||
+1
-1
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "docmost",
|
||||
"homepage": "https://docmost.com",
|
||||
"version": "0.22.1",
|
||||
"version": "0.22.2",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"build": "nx run-many -t build",
|
||||
|
||||
Reference in New Issue
Block a user