API to fetch users who have read/write permission on a document collection (#5047)

server/routes/api/documents/documents.ts

@@ -42,6 +42,7 @@ import {
   presentDocument,
   presentPolicies,
   presentPublicTeam,
+  presentUser,
 } from "@server/presenters";
 import { APIContext } from "@server/types";
 import { RateLimiterStrategy } from "@server/utils/RateLimiter";
@@ -435,6 +436,59 @@ router.post(
   }
 );
 
+router.post(
+  "documents.users",
+  auth(),
+  pagination(),
+  validate(T.DocumentsUsersSchema),
+  async (ctx: APIContext<T.DocumentsUsersReq>) => {
+    const { id, query } = ctx.input.body;
+    const actor = ctx.state.auth.user;
+    const { offset, limit } = ctx.state.pagination;
+    const document = await Document.findByPk(id);
+    authorize(actor, "read", document);
+
+    let users: User[] = [];
+    let total = 0;
+
+    if (document.collectionId) {
+      const [collection, memberIds] = await Promise.all([
+        Collection.findByPk(document.collectionId),
+        Collection.membershipUserIds(document.collectionId),
+      ]);
+      authorize(actor, "update", collection);
+
+      let where: WhereOptions<User> = {
+        id: {
+          [Op.in]: memberIds,
+        },
+        suspendedAt: {
+          [Op.is]: null,
+        },
+      };
+      if (query) {
+        where = {
+          ...where,
+          name: {
+            [Op.iLike]: `%${query}%`,
+          },
+        };
+      }
+
+      [users, total] = await Promise.all([
+        User.findAll({ where, offset, limit }),
+        User.count({ where }),
+      ]);
+    }
+
+    ctx.body = {
+      pagination: { ...ctx.state.pagination, total },
+      data: users.map((user) => presentUser(user)),
+      policies: presentPolicies(actor, users),
+    };
+  }
+);
+
 router.post(
   "documents.export",
   rateLimiter(RateLimiterStrategy.FivePerMinute),