feat: Memberships (#1032)
* WIP * feat: Add collection.memberships endpoint * feat: Add ability to filter collection.memberships with query * WIP * Merge stashed work * feat: Add ability to filter memberships by permission * continued refactoring * paginated list component * Collection member management * fix: Incorrect policy data sent down after collection.update * Reduce duplication, add empty state * cleanup * fix: Modal close should be a real button * fix: Allow opening edit from modal * fix: remove unused methods * test: fix * Passing test suite * Refactor * fix: Flow UI errors * test: Add collections.update tests * lint * test: moar tests * fix: Missing scopes, more missing tests * fix: Handle collection privacy change over socket * fix: More membership scopes * fix: view endpoint permissions * fix: respond to privacy change on socket event * policy driven menus * fix: share endpoint policies * chore: Use policies to drive documents UI * alignment * fix: Header height * fix: Correct behavior when collection becomes private * fix: Header height for read-only collection * send id's over socket instead of serialized objects * fix: Remote policy change * fix: reduce collection fetching * More websocket efficiencies * fix: Document collection pinning * fix: Restored ability to edit drafts fix: Removed ability to star drafts * fix: Require write permissions to pin doc to collection * fix: Header title overlaying document actions at small screen sizes * fix: Jank on load caused by previous commit * fix: Double collection fetch post-publish * fix: Hide publish button if draft is in no longer accessible collection * fix: Always allow deleting drafts fix: Improved handling of deleted documents * feat: Show collections in drafts view feat: Show more obvious 'draft' badge on documents * fix: incorrect policies after publish to private collection * fix: Duplicating a draft publishes it
This commit is contained in:
Tom Moor
GitHub
@@ -1,11 +1,17 @@
|
||||
// @flow
|
||||
import fs from 'fs';
|
||||
import Router from 'koa-router';
|
||||
import { Op } from '../sequelize';
|
||||
import auth from '../middlewares/authentication';
|
||||
import pagination from './middlewares/pagination';
|
||||
import { presentCollection, presentUser, presentPolicies } from '../presenters';
|
||||
import {
|
||||
presentCollection,
|
||||
presentUser,
|
||||
presentPolicies,
|
||||
presentMembership,
|
||||
} from '../presenters';
|
||||
import { Collection, CollectionUser, Team, Event, User } from '../models';
|
||||
import { ValidationError, InvalidRequestError } from '../errors';
|
||||
import { ValidationError } from '../errors';
|
||||
import { exportCollections } from '../logistics';
|
||||
import { archiveCollection, archiveCollections } from '../utils/zip';
|
||||
import policy from '../policies';
|
||||
@@ -44,7 +50,7 @@ router.post('collections.create', auth(), async ctx => {
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
data: await presentCollection(collection),
|
||||
data: presentCollection(collection),
|
||||
policies: presentPolicies(user, [collection]),
|
||||
};
|
||||
});
|
||||
@@ -54,11 +60,13 @@ router.post('collections.info', auth(), async ctx => {
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
|
||||
const user = ctx.state.user;
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'read', collection);
|
||||
|
||||
ctx.body = {
|
||||
data: await presentCollection(collection),
|
||||
data: presentCollection(collection),
|
||||
policies: presentPolicies(user, [collection]),
|
||||
};
|
||||
});
|
||||
@@ -68,23 +76,33 @@ router.post('collections.add_user', auth(), async ctx => {
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
ctx.assertUuid(userId, 'userId is required');
|
||||
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', ctx.state.user.id],
|
||||
}).findByPk(id);
|
||||
authorize(ctx.state.user, 'update', collection);
|
||||
|
||||
if (!collection.private) {
|
||||
throw new InvalidRequestError('Collection must be private to add users');
|
||||
}
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, 'read', user);
|
||||
|
||||
await CollectionUser.create({
|
||||
collectionId: id,
|
||||
userId,
|
||||
permission,
|
||||
createdById: ctx.state.user.id,
|
||||
let membership = await CollectionUser.findOne({
|
||||
where: {
|
||||
collectionId: id,
|
||||
userId,
|
||||
},
|
||||
});
|
||||
|
||||
if (!membership) {
|
||||
membership = await CollectionUser.create({
|
||||
collectionId: id,
|
||||
userId,
|
||||
permission,
|
||||
createdById: ctx.state.user.id,
|
||||
});
|
||||
} else if (permission) {
|
||||
membership.permission = permission;
|
||||
await membership.save();
|
||||
}
|
||||
|
||||
await Event.create({
|
||||
name: 'collections.add_user',
|
||||
userId,
|
||||
@@ -96,7 +114,10 @@ router.post('collections.add_user', auth(), async ctx => {
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
success: true,
|
||||
data: {
|
||||
users: [presentUser(user)],
|
||||
memberships: [presentMembership(membership)],
|
||||
},
|
||||
};
|
||||
});
|
||||
|
||||
@@ -105,13 +126,11 @@ router.post('collections.remove_user', auth(), async ctx => {
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
ctx.assertUuid(userId, 'userId is required');
|
||||
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', ctx.state.user.id],
|
||||
}).findByPk(id);
|
||||
authorize(ctx.state.user, 'update', collection);
|
||||
|
||||
if (!collection.private) {
|
||||
throw new InvalidRequestError('Collection must be private to remove users');
|
||||
}
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, 'read', user);
|
||||
|
||||
@@ -132,12 +151,16 @@ router.post('collections.remove_user', auth(), async ctx => {
|
||||
};
|
||||
});
|
||||
|
||||
// DEPRECATED: Use collection.memberships which has pagination, filtering and permissions
|
||||
router.post('collections.users', auth(), async ctx => {
|
||||
const { id } = ctx.body;
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
|
||||
const collection = await Collection.findByPk(id);
|
||||
authorize(ctx.state.user, 'read', collection);
|
||||
const user = ctx.state.user;
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'read', collection);
|
||||
|
||||
const users = await collection.getUsers();
|
||||
|
||||
@@ -146,12 +169,69 @@ router.post('collections.users', auth(), async ctx => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post('collections.memberships', auth(), pagination(), async ctx => {
|
||||
const { id, query, permission } = ctx.body;
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
|
||||
const user = ctx.state.user;
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'read', collection);
|
||||
|
||||
let where = {
|
||||
collectionId: id,
|
||||
};
|
||||
|
||||
let userWhere;
|
||||
|
||||
if (query) {
|
||||
userWhere = {
|
||||
name: {
|
||||
[Op.iLike]: `%${query}%`,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
if (permission) {
|
||||
where = {
|
||||
...where,
|
||||
permission,
|
||||
};
|
||||
}
|
||||
|
||||
const memberships = await CollectionUser.findAll({
|
||||
where,
|
||||
order: [['createdAt', 'DESC']],
|
||||
offset: ctx.state.pagination.offset,
|
||||
limit: ctx.state.pagination.limit,
|
||||
include: [
|
||||
{
|
||||
model: User,
|
||||
as: 'user',
|
||||
where: userWhere,
|
||||
required: true,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
pagination: ctx.state.pagination,
|
||||
data: {
|
||||
memberships: memberships.map(presentMembership),
|
||||
users: memberships.map(membership => presentUser(membership.user)),
|
||||
},
|
||||
};
|
||||
});
|
||||
|
||||
router.post('collections.export', auth(), async ctx => {
|
||||
const { id } = ctx.body;
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
|
||||
const user = ctx.state.user;
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'export', collection);
|
||||
|
||||
const filePath = await archiveCollection(collection);
|
||||
@@ -207,15 +287,20 @@ router.post('collections.exportAll', auth(), async ctx => {
|
||||
router.post('collections.update', auth(), async ctx => {
|
||||
const { id, name, description, color } = ctx.body;
|
||||
const isPrivate = ctx.body.private;
|
||||
|
||||
ctx.assertPresent(name, 'name is required');
|
||||
if (color)
|
||||
|
||||
if (color) {
|
||||
ctx.assertHexColor(color, 'Invalid hex value (please use format #FFFFFF)');
|
||||
}
|
||||
|
||||
const user = ctx.state.user;
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'update', collection);
|
||||
|
||||
// we're making this collection private right now, ensure that the current
|
||||
// user has a read-write membership so that at least they can edit it
|
||||
if (isPrivate && !collection.private) {
|
||||
await CollectionUser.findOrCreate({
|
||||
where: {
|
||||
@@ -229,6 +314,8 @@ router.post('collections.update', auth(), async ctx => {
|
||||
});
|
||||
}
|
||||
|
||||
const isPrivacyChanged = isPrivate !== collection.private;
|
||||
|
||||
collection.name = name;
|
||||
collection.description = description;
|
||||
collection.color = color;
|
||||
@@ -244,6 +331,16 @@ router.post('collections.update', auth(), async ctx => {
|
||||
ip: ctx.request.ip,
|
||||
});
|
||||
|
||||
// must reload to update collection membership for correct policy calculation
|
||||
// if the privacy level has changed. Otherwise skip this query for speed.
|
||||
if (isPrivacyChanged) {
|
||||
await collection.reload({
|
||||
scope: {
|
||||
method: ['withMembership', user.id],
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
ctx.body = {
|
||||
data: presentCollection(collection),
|
||||
policies: presentPolicies(user, [collection]),
|
||||
@@ -252,9 +349,10 @@ router.post('collections.update', auth(), async ctx => {
|
||||
|
||||
router.post('collections.list', auth(), pagination(), async ctx => {
|
||||
const user = ctx.state.user;
|
||||
|
||||
const collectionIds = await user.collectionIds();
|
||||
let collections = await Collection.findAll({
|
||||
let collections = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findAll({
|
||||
where: {
|
||||
teamId: user.teamId,
|
||||
id: collectionIds,
|
||||
@@ -264,15 +362,10 @@ router.post('collections.list', auth(), pagination(), async ctx => {
|
||||
limit: ctx.state.pagination.limit,
|
||||
});
|
||||
|
||||
const data = await Promise.all(
|
||||
collections.map(async collection => await presentCollection(collection))
|
||||
);
|
||||
const policies = presentPolicies(user, collections);
|
||||
|
||||
ctx.body = {
|
||||
pagination: ctx.state.pagination,
|
||||
data,
|
||||
policies,
|
||||
data: collections.map(presentCollection),
|
||||
policies: presentPolicies(user, collections),
|
||||
};
|
||||
});
|
||||
|
||||
@@ -281,7 +374,9 @@ router.post('collections.delete', auth(), async ctx => {
|
||||
const user = ctx.state.user;
|
||||
ctx.assertUuid(id, 'id is required');
|
||||
|
||||
const collection = await Collection.findByPk(id);
|
||||
const collection = await Collection.scope({
|
||||
method: ['withMembership', user.id],
|
||||
}).findByPk(id);
|
||||
authorize(user, 'delete', collection);
|
||||
|
||||
const total = await Collection.count();
|
||||
|
||||
Reference in New Issue
Block a user