feat: Allow unpublishing documents (#1467)

* Allow unpublishing documents * add block unpublish files that has children * add api tests to new route
2020-09-01 00:03:05 -03:00
parent de59147418
commit 0aa338cccc
7 changed files with 159 additions and 12 deletions
--- a/server/api/documents.js
+++ b/server/api/documents.js
@@ -5,20 +5,20 @@ import documentMover from "../commands/documentMover";
 import { InvalidRequestError } from "../errors";
 import auth from "../middlewares/authentication";
 import {
+  Backlink,
  Collection,
  Document,
  Event,
+  Revision,
  Share,
  Star,
-  View,
-  Revision,
-  Backlink,
  User,
+  View,
 } from "../models";
 import policy from "../policies";
 import {
-  presentDocument,
  presentCollection,
+  presentDocument,
  presentPolicies,
 } from "../presenters";
 import { sequelize } from "../sequelize";
@@ -1018,4 +1018,31 @@ router.post("documents.delete", auth(), async (ctx) => {
  };
 });

+router.post("documents.unpublish", auth(), async (ctx) => {
+  const { id } = ctx.body;
+  ctx.assertPresent(id, "id is required");
+
+  const user = ctx.state.user;
+  const document = await Document.findByPk(id, { userId: user.id });
+
+  authorize(user, "unpublish", document);
+
+  await document.unpublish();
+
+  await Event.create({
+    name: "documents.unpublish",
+    documentId: document.id,
+    collectionId: document.collectionId,
+    teamId: document.teamId,
+    actorId: user.id,
+    data: { title: document.title },
+    ip: ctx.request.ip,
+  });
+
+  ctx.body = {
+    data: await presentDocument(document),
+    policies: presentPolicies(user, [document]),
+  };
+});
+
 export default router;
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -1736,3 +1736,59 @@ describe("#documents.delete", () => {
    expect(body).toMatchSnapshot();
  });
 });
+
+describe("#documents.unpublish", () => {
+  it("should unpublish a document", async () => {
+    const { user, document } = await seed();
+    const res = await server.post("/api/documents.unpublish", {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.id).toEqual(document.id);
+    expect(body.data.publishedAt).toBeNull();
+  });
+
+  it("should fail to unpublish a draft document", async () => {
+    const { user, document } = await seed();
+    document.publishedAt = null;
+    await document.save();
+
+    const res = await server.post("/api/documents.unpublish", {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+
+    expect(res.status).toEqual(403);
+  });
+
+  it("should fail to unpublish a deleted document", async () => {
+    const { user, document } = await seed();
+    await document.delete();
+
+    const res = await server.post("/api/documents.unpublish", {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+
+    expect(res.status).toEqual(403);
+  });
+
+  it("should fail to unpublish a archived document", async () => {
+    const { user, document } = await seed();
+    await document.archive();
+
+    const res = await server.post("/api/documents.unpublish", {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+
+    expect(res.status).toEqual(403);
+  });
+
+  it("should require authentication", async () => {
+    const { document } = await seed();
+    const res = await server.post("/api/documents.unpublish", {
+      body: { id: document.id },
+    });
+    expect(res.status).toEqual(401);
+  });
+});
--- a/server/models/Document.js
+++ b/server/models/Document.js
@@ -1,10 +1,9 @@
 // @flow
 import removeMarkdown from "@tommoor/remove-markdown";
-import { map, find, compact, uniq } from "lodash";
+import { compact, find, map, uniq } from "lodash";
 import randomstring from "randomstring";
-import Sequelize, { type Transaction } from "sequelize";
+import Sequelize, { Transaction } from "sequelize";
 import MarkdownSerializer from "slate-md-serializer";
-
 import isUUID from "validator/lib/isUUID";
 import parseTitle from "../../shared/utils/parseTitle";
 import unescape from "../../shared/utils/unescape";
@@ -556,6 +555,18 @@ Document.prototype.publish = async function (options) {
  return this;
 };

+Document.prototype.unpublish = async function (options) {
+  if (!this.publishedAt) return this;
+
+  const collection = await this.getCollection();
+  await collection.removeDocumentInStructure(this);
+
+  this.publishedAt = null;
+  await this.save(options);
+
+  return this;
+};
+
 // Moves a document from being visible to the team within a collection
 // to the archived area, where it can be subsequently restored.
 Document.prototype.archive = async function (userId) {
--- a/server/policies/document.js
+++ b/server/policies/document.js
@@ -157,3 +157,27 @@ allow(
  Revision,
  (document, revision) => document.id === revision.documentId
 );
+
+allow(User, "unpublish", Document, (user, document) => {
+  invariant(
+    document.collection,
+    "collection is missing, did you forget to include in the query scope?"
+  );
+
+  if (!document.publishedAt || !!document.deletedAt || !!document.archivedAt)
+    return false;
+
+  if (cannot(user, "update", document.collection)) return false;
+
+  const documentID = document.id;
+  const hasChild = (documents) =>
+    documents.some((doc) => {
+      if (doc.id === documentID) return doc.children.length > 0;
+      return hasChild(doc.children);
+    });
+
+  return (
+    !hasChild(document.collection.documentStructure) &&
+    user.teamId === document.teamId
+  );
+});