Add notifications for document and collection access (#6460)

* Add notification for added to document * Add notifications for document and collection access * Add notification delay * fix: Collection notifications not appearing * Add notification settings
2024-01-31 15:01:27 -08:00
parent 5ce8827a8c
commit 47d168a29b
18 changed files with 437 additions and 31 deletions
--- a/server/routes/api/collections/collections.ts
+++ b/server/routes/api/collections/collections.ts
@@ -382,6 +382,7 @@ router.post(
 router.post(
  "collections.add_user",
  auth(),
+  rateLimiter(RateLimiterStrategy.OneHundredPerHour),
  transaction(),
  validate(T.CollectionsAddUserSchema),
  async (ctx: APIContext<T.CollectionsAddUserReq>) => {
@@ -397,28 +398,20 @@ router.post(
    const user = await User.findByPk(userId);
    authorize(actor, "read", user);

-    let membership = await UserMembership.findOne({
+    const [membership, isNew] = await UserMembership.findOrCreate({
      where: {
        collectionId: id,
        userId,
      },
+      defaults: {
+        permission: permission || user.defaultCollectionPermission,
+        createdById: actor.id,
+      },
      transaction,
      lock: transaction.LOCK.UPDATE,
    });

-    if (!membership) {
-      membership = await UserMembership.create(
-        {
-          collectionId: id,
-          userId,
-          permission: permission || user.defaultCollectionPermission,
-          createdById: actor.id,
-        },
-        {
-          transaction,
-        }
-      );
-    } else if (permission) {
+    if (permission) {
      membership.permission = permission;
      await membership.save({ transaction });
    }
@@ -427,12 +420,13 @@ router.post(
      {
        name: "collections.add_user",
        userId,
+        modelId: membership.id,
        collectionId: collection.id,
        teamId: collection.teamId,
        actorId: actor.id,
        data: {
-          name: user.name,
-          membershipId: membership.id,
+          isNew,
+          permission: membership.permission,
        },
        ip: ctx.request.ip,
      },
@@ -482,12 +476,12 @@ router.post(
      {
        name: "collections.remove_user",
        userId,
+        modelId: membership.id,
        collectionId: collection.id,
        teamId: collection.teamId,
        actorId: actor.id,
        data: {
          name: user.name,
-          membershipId: membership.id,
        },
        ip: ctx.request.ip,
      },
--- a/server/routes/api/documents/documents.ts
+++ b/server/routes/api/documents/documents.ts
@@ -1475,6 +1475,7 @@ router.post(
  "documents.add_user",
  auth(),
  validate(T.DocumentsAddUserSchema),
+  rateLimiter(RateLimiterStrategy.OneHundredPerHour),
  transaction(),
  async (ctx: APIContext<T.DocumentsAddUserReq>) => {
    const { auth, transaction } = ctx.state;
@@ -1521,7 +1522,7 @@ router.post(
      UserMemberships.length ? UserMemberships[0].index : null
    );

-    const [membership] = await UserMembership.findOrCreate({
+    const [membership, isNew] = await UserMembership.findOrCreate({
      where: {
        documentId: id,
        userId,
@@ -1553,6 +1554,11 @@ router.post(
        teamId: document.teamId,
        actorId: actor.id,
        ip: ctx.request.ip,
+        data: {
+          title: document.title,
+          isNew,
+          permission: membership.permission,
+        },
      },
      {
        transaction,