feat: Memberships (#1032)

* WIP

* feat: Add collection.memberships endpoint

* feat: Add ability to filter collection.memberships with query

* WIP

* Merge stashed work

* feat: Add ability to filter memberships by permission

* continued refactoring

* paginated list component

* Collection member management

* fix: Incorrect policy data sent down after collection.update

* Reduce duplication, add empty state

* cleanup

* fix: Modal close should be a real button

* fix: Allow opening edit from modal

* fix: remove unused methods

* test: fix

* Passing test suite

* Refactor

* fix: Flow UI errors

* test: Add collections.update tests

* lint

* test: moar tests

* fix: Missing scopes, more missing tests

* fix: Handle collection privacy change over socket

* fix: More membership scopes

* fix: view endpoint permissions

* fix: respond to privacy change on socket event

* policy driven menus

* fix: share endpoint policies

* chore: Use policies to drive documents UI

* alignment

* fix: Header height

* fix: Correct behavior when collection becomes private

* fix: Header height for read-only collection

* send id's over socket instead of serialized objects

* fix: Remote policy change

* fix: reduce collection fetching

* More websocket efficiencies

* fix: Document collection pinning

* fix: Restored ability to edit drafts
fix: Removed ability to star drafts

* fix: Require write permissions to pin doc to collection

* fix: Header title overlaying document actions at small screen sizes

* fix: Jank on load caused by previous commit

* fix: Double collection fetch post-publish

* fix: Hide publish button if draft is in no longer accessible collection

* fix: Always allow deleting drafts
fix: Improved handling of deleted documents

* feat: Show collections in drafts view
feat: Show more obvious 'draft' badge on documents

* fix: incorrect policies after publish to private collection

* fix: Duplicating a draft publishes it

server/models/Collection.js

@@ -21,6 +21,7 @@ const Collection = sequelize.define(
     description: DataTypes.STRING,
     color: DataTypes.STRING,
     private: DataTypes.BOOLEAN,
+    maintainerApprovalRequired: DataTypes.BOOLEAN,
     type: {
       type: DataTypes.STRING,
       validate: { isIn: [['atlas', 'journal']] },
@@ -53,6 +54,11 @@ Collection.associate = models => {
     foreignKey: 'collectionId',
     onDelete: 'cascade',
   });
+  Collection.hasMany(models.CollectionUser, {
+    as: 'memberships',
+    foreignKey: 'collectionId',
+    onDelete: 'cascade',
+  });
   Collection.belongsToMany(models.User, {
     as: 'users',
     through: models.CollectionUser,
@@ -65,20 +71,16 @@ Collection.associate = models => {
   Collection.belongsTo(models.Team, {
     as: 'team',
   });
-  Collection.addScope(
-    'defaultScope',
-    {
-      include: [
-        {
-          model: models.User,
-          as: 'users',
-          through: 'collection_users',
-          paranoid: false,
-        },
-      ],
-    },
-    { override: true }
-  );
+  Collection.addScope('withMembership', userId => ({
+    include: [
+      {
+        model: models.CollectionUser,
+        as: 'memberships',
+        where: { userId },
+        required: false,
+      },
+    ],
+  }));
 };
 
 Collection.addHook('afterDestroy', async (model: Collection) => {

server/models/CollectionUser.js

@@ -6,8 +6,9 @@ const CollectionUser = sequelize.define(
   {
     permission: {
       type: DataTypes.STRING,
+      defaultValue: 'read_write',
       validate: {
-        isIn: [['read', 'read_write']],
+        isIn: [['read', 'read_write', 'maintainer']],
       },
     },
   },

server/models/Document.js

@@ -154,25 +154,43 @@ Document.associate = models => {
   Document.hasMany(models.View, {
     as: 'views',
   });
-  Document.addScope(
-    'defaultScope',
-    {
-      include: [
-        { model: models.Collection, as: 'collection' },
-        { model: models.User, as: 'createdBy', paranoid: false },
-        { model: models.User, as: 'updatedBy', paranoid: false },
-      ],
-      where: {
-        publishedAt: {
-          [Op.ne]: null,
-        },
+  Document.addScope('defaultScope', {
+    include: [
+      { model: models.User, as: 'createdBy', paranoid: false },
+      { model: models.User, as: 'updatedBy', paranoid: false },
+    ],
+    where: {
+      publishedAt: {
+        [Op.ne]: null,
       },
     },
-    { override: true }
-  );
+  });
+  Document.addScope('withCollection', userId => {
+    if (userId) {
+      return {
+        include: [
+          {
+            model: models.Collection,
+            as: 'collection',
+            include: [
+              {
+                model: models.CollectionUser,
+                as: 'memberships',
+                where: { userId },
+                required: false,
+              },
+            ],
+          },
+        ],
+      };
+    }
+
+    return {
+      include: [{ model: models.Collection, as: 'collection' }],
+    };
+  });
   Document.addScope('withUnpublished', {
     include: [
-      { model: models.Collection, as: 'collection' },
       { model: models.User, as: 'createdBy', paranoid: false },
       { model: models.User, as: 'updatedBy', paranoid: false },
     ],
@@ -189,8 +207,12 @@ Document.associate = models => {
   }));
 };
 
-Document.findByPk = async (id, options) => {
-  const scope = Document.scope('withUnpublished');
+Document.findByPk = async function(id, options = {}) {
+  // allow default preloading of collection membership if `userId` is passed in find options
+  // almost every endpoint needs the collection membership to determine policy permissions.
+  const scope = this.scope('withUnpublished', {
+    method: ['withCollection', options.userId],
+  });
 
   if (isUUID(id)) {
     return scope.findOne({
@@ -350,14 +372,18 @@ Document.searchForUser = async (
   });
 
   // Final query to get associated document data
-  const documents = await Document.scope({
-    method: ['withViews', user.id],
-  }).findAll({
+  const documents = await Document.scope(
+    {
+      method: ['withViews', user.id],
+    },
+    {
+      method: ['withCollection', user.id],
+    }
+  ).findAll({
     where: {
       id: map(results, 'id'),
     },
     include: [
-      { model: Collection, as: 'collection' },
       { model: User, as: 'createdBy', paranoid: false },
       { model: User, as: 'updatedBy', paranoid: false },
     ],
@@ -450,7 +476,6 @@ Document.prototype.publish = async function(options) {
 
   this.publishedAt = new Date();
   await this.save(options);
-  this.collection = collection;
 
   return this;
 };

server/models/User.js

@@ -51,6 +51,11 @@ User.associate = models => {
   });
   User.hasMany(models.Document, { as: 'documents' });
   User.hasMany(models.View, { as: 'views' });
+  User.belongsToMany(models.User, {
+    as: 'users',
+    through: 'collection_users',
+    onDelete: 'cascade',
+  });
 };
 
 // Instance methods
@@ -61,7 +66,6 @@ User.prototype.collectionIds = async function(paranoid: boolean = true) {
     include: [
       {
         model: User,
-        through: 'collection_users',
         as: 'users',
         where: { id: this.id },
         required: false,