mirror of
https://github.com/docmost/docmost.git
synced 2026-06-10 10:13:01 +08:00
Philipinho
0615bcf222
BaseWsService.subscribe was the last surface that didn't go through the page-permission system. It checked authorization with a bespoke canReadBaseSpace(userId, spaceId) — which queried space membership directly and accepted ANY space role — so a user with a per-base restriction (revoked access via pagePermissionRepo) could still stream live updates and presence for a base they couldn't otherwise read. Replace it with pageAccessService.validateCanView(base, user) — the same gate the HTTP endpoints (info, list, rows query, etc.) and the page collab WS already use. Bases are pages structurally (isBase=true), so reusing the page validator keeps them on a single permission code path. Drops the now-unused SpaceMemberRepo / findHighestUserSpaceRole imports; injects UserRepo + PageAccessService instead (both are globally provided modules, no DI changes needed).