feat: Add groups and group permissions (#1204)

* WIP - got one API test to pass yay * adds group update endpoint * added group policies * adds groups.list API * adds groups.info * remove comment * WIP * tests for delete * adds group membership list * adds tests for groups list * add and remove user endpoints for group * ask some questions * fix up some issues around primary keys * remove export from group permissions Co-Authored-By: Tom Moor <tom.moor@gmail.com> * remove random file * only create events on actual updates, add tests to ensure * adds uniqueness validation to group name * throw validation errors on model and let it pass through the controller * fix linting * WIP * WIP * WIP * WIP * WIP basic edit and delete * basic CRUD for groups and memberships in place * got member counts working * add member count and limit the number of users sent over teh wire to 6 * factor avatar with AvatarWithPresence into its own class * wip * WIP avatars in group lists * WIP collection groups * add and remove group endpoints * wip add collection groups * wip get group adding to collections to work * wip get updating collection group memberships to work * wip get new group modal working * add tests for collection index * include collection groups in the withmemberships scope * tie permissions to group memberships * remove unused import * Update app/components/GroupListItem.js update title copy Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/migrations/20191211044318-create-groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/CollectionMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/models/Group.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * minor fixes * Update app/scenes/CollectionMembers/AddGroupsToCollection.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/Collection.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/CollectionMembers/CollectionMembers.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/GroupNew.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/GroupNew.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/Settings/Groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/documents.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/CollectionMembers/components/CollectionGroupMemberListItem.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * address comments * WIP - getting websocket stuff up and running * socket event for group deletion * wrapped up cascading deletes * lint * flow * fix: UI feedback * fix: Facepile size * fix: Lots of missing await's * Allow clicking facepile on group list item to open members * remove unused route push, grammar * fix: Remove bad analytics events feat: Add group events to audit log * collection. -> collections. * Add groups to entity websocket events (sync create/update/delete) between clients * fix: Users should not be able to see groups they are not a member of * fix: Not caching errors in UI when changing group memberships * fix: Hide unusable UI * test * fix: Tweak language * feat: Automatically open 'add member' modal after creating group Co-authored-by: Tom Moor <tom.moor@gmail.com>
2020-03-14 20:48:32 -07:00
parent 6c451a34d4
commit 142303b3de
81 changed files with 4259 additions and 257 deletions
--- a/server/api/collections.js
+++ b/server/api/collections.js
@@ -9,8 +9,18 @@ import {
  presentUser,
  presentPolicies,
  presentMembership,
+  presentGroup,
+  presentCollectionGroupMembership,
 } from '../presenters';
-import { Collection, CollectionUser, Team, Event, User } from '../models';
+import {
+  Collection,
+  CollectionUser,
+  CollectionGroup,
+  Team,
+  Event,
+  User,
+  Group,
+} from '../models';
 import { ValidationError } from '../errors';
 import { exportCollections } from '../logistics';
 import { archiveCollection, archiveCollections } from '../utils/zip';
@@ -79,6 +89,148 @@ router.post('collections.info', auth(), async ctx => {
  };
 });

+router.post('collections.add_group', auth(), async ctx => {
+  const { id, groupId, permission = 'read_write' } = ctx.body;
+  ctx.assertUuid(id, 'id is required');
+  ctx.assertUuid(groupId, 'groupId is required');
+
+  const collection = await Collection.scope({
+    method: ['withMembership', ctx.state.user.id],
+  }).findByPk(id);
+  authorize(ctx.state.user, 'update', collection);
+
+  const group = await Group.findByPk(groupId);
+  authorize(ctx.state.user, 'read', group);
+
+  let membership = await CollectionGroup.findOne({
+    where: {
+      collectionId: id,
+      groupId,
+    },
+  });
+
+  if (!membership) {
+    membership = await CollectionGroup.create({
+      collectionId: id,
+      groupId,
+      permission,
+      createdById: ctx.state.user.id,
+    });
+  } else if (permission) {
+    membership.permission = permission;
+    await membership.save();
+  }
+
+  await Event.create({
+    name: 'collections.add_group',
+    collectionId: collection.id,
+    teamId: collection.teamId,
+    actorId: ctx.state.user.id,
+    data: { name: group.name, groupId },
+    ip: ctx.request.ip,
+  });
+
+  ctx.body = {
+    data: {
+      collectionGroupMemberships: [
+        presentCollectionGroupMembership(membership),
+      ],
+    },
+  };
+});
+
+router.post('collections.remove_group', auth(), async ctx => {
+  const { id, groupId } = ctx.body;
+  ctx.assertUuid(id, 'id is required');
+  ctx.assertUuid(groupId, 'groupId is required');
+
+  const collection = await Collection.scope({
+    method: ['withMembership', ctx.state.user.id],
+  }).findByPk(id);
+  authorize(ctx.state.user, 'update', collection);
+
+  const group = await Group.findByPk(groupId);
+  authorize(ctx.state.user, 'read', group);
+
+  await collection.removeGroup(group);
+
+  await Event.create({
+    name: 'collections.remove_group',
+    collectionId: collection.id,
+    teamId: collection.teamId,
+    actorId: ctx.state.user.id,
+    data: { name: group.name, groupId },
+    ip: ctx.request.ip,
+  });
+
+  ctx.body = {
+    success: true,
+  };
+});
+
+router.post(
+  'collections.group_memberships',
+  auth(),
+  pagination(),
+  async ctx => {
+    const { id, query, permission } = ctx.body;
+    ctx.assertUuid(id, 'id is required');
+
+    const user = ctx.state.user;
+    const collection = await Collection.scope({
+      method: ['withMembership', user.id],
+    }).findByPk(id);
+
+    authorize(user, 'read', collection);
+
+    let where = {
+      collectionId: id,
+    };
+
+    let groupWhere;
+
+    if (query) {
+      groupWhere = {
+        name: {
+          [Op.iLike]: `%${query}%`,
+        },
+      };
+    }
+
+    if (permission) {
+      where = {
+        ...where,
+        permission,
+      };
+    }
+
+    const memberships = await CollectionGroup.findAll({
+      where,
+      order: [['createdAt', 'DESC']],
+      offset: ctx.state.pagination.offset,
+      limit: ctx.state.pagination.limit,
+      include: [
+        {
+          model: Group,
+          as: 'group',
+          where: groupWhere,
+          required: true,
+        },
+      ],
+    });
+
+    ctx.body = {
+      pagination: ctx.state.pagination,
+      data: {
+        collectionGroupMemberships: memberships.map(
+          presentCollectionGroupMembership
+        ),
+        groups: memberships.map(membership => presentGroup(membership.group)),
+      },
+    };
+  }
+);
+
 router.post('collections.add_user', auth(), async ctx => {
  const { id, userId, permission = 'read_write' } = ctx.body;
  ctx.assertUuid(id, 'id is required');
@@ -302,9 +454,11 @@ router.post('collections.update', auth(), async ctx => {
  }

  const user = ctx.state.user;
+
  const collection = await Collection.scope({
    method: ['withMembership', user.id],
  }).findByPk(id);
+
  authorize(user, 'update', collection);

  // we're making this collection private right now, ensure that the current
@@ -328,6 +482,7 @@ router.post('collections.update', auth(), async ctx => {
  collection.description = description;
  collection.color = color;
  collection.private = isPrivate;
+
  await collection.save();

  await Event.create({
@@ -342,11 +497,7 @@ router.post('collections.update', auth(), async ctx => {
  // must reload to update collection membership for correct policy calculation
  // if the privacy level has changed. Otherwise skip this query for speed.
  if (isPrivacyChanged) {
-    await collection.reload({
-      scope: {
-        method: ['withMembership', user.id],
-      },
-    });
+    await collection.reload();
  }

  ctx.body = {
@@ -385,6 +536,7 @@ router.post('collections.delete', auth(), async ctx => {
  const collection = await Collection.scope({
    method: ['withMembership', user.id],
  }).findByPk(id);
+
  authorize(user, 'delete', collection);

  const total = await Collection.count();