yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Collection admins (#5273

Browse Source 
* Split permissions for reading documents from updating collection

* fix: Admins should have collection read permission, tests

* tsc

* Add admin option to permission selector

* Combine publish and create permissions, update -> createDocuments where appropriate

* Plural -> singular

* wip

* Quick version of collection structure loading, will revisit

* Remove documentIds method

* stash

* fixing tests to account for admin creation

* Add self-hosted migration

* fix: Allow groups to have admin permission

* Prefetch collection documents

* fix: Document explorer (move/publish) not working with async documents

* fix: Cannot re-parent document to collection by drag and drop

* fix: Cannot drag to import into collection item without admin permission

* Remove unused isEditor getter
This commit is contained in:
Tom Moor
2023-04-30 09:38:47 -04:00
committed by GitHub
parent 2942e9c78e
commit d8b4fef554
44 changed files with 799 additions and 535 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/components/AuthenticatedLayout.tsx
View File

@@ -61,7 +61,7 @@ const AuthenticatedLayout: React.FC = ({ children }) => {
return;
}
const { activeCollectionId } = ui;
if (!activeCollectionId || !can.update) {
if (!activeCollectionId || !can.createDocument) {
return;
}
history.push(newDocumentPath(activeCollectionId));

51
app/components/DocumentExplorer.tsx
View File

@@ -48,7 +48,6 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
const [initialScrollOffset, setInitialScrollOffset] = React.useState<number>(
0
);
const [nodes, setNodes] = React.useState<NavigationNode[]>([]);
const [activeNode, setActiveNode] = React.useState<number>(0);
const [expandedNodes, setExpandedNodes] = React.useState<string[]>([]);
const [itemRefs, setItemRefs] = React.useState<
@@ -79,19 +78,6 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
setActiveNode(0);
}, [searchTerm]);
React.useEffect(() => {
let results;
if (searchTerm) {
results = searchIndex.search(searchTerm);
} else {
results = items.filter((item) => item.type === "collection");
}
setInitialScrollOffset(0);
setNodes(results);
}, [searchTerm, items, searchIndex]);
React.useEffect(() => {
setItemRefs((itemRefs) =>
map(
@@ -105,6 +91,22 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
onSelect(selectedNode);
}, [selectedNode, onSelect]);
function getNodes() {
function includeDescendants(item: NavigationNode): NavigationNode[] {
return expandedNodes.includes(item.id)
? [item, ...descendants(item, 1).flatMap(includeDescendants)]
: [item];
}
return searchTerm
? searchIndex.search(searchTerm)
: items
.filter((item) => item.type === "collection")
.flatMap(includeDescendants);
}
const nodes = getNodes();
const scrollNodeIntoView = React.useCallback(
(node: number) => {
if (itemRefs[node] && itemRefs[node].current) {
@@ -130,7 +132,7 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
scrollOffset: number;
};
const itemsHeight = itemCount * itemSize;
return itemsHeight < height ? 0 : scrollOffset;
return itemsHeight < Number(height) ? 0 : scrollOffset;
}
return 0;
};
@@ -145,7 +147,6 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
const newNodes = filter(nodes, (node) => !includes(descendantIds, node.id));
const scrollOffset = calculateInitialScrollOffset(newNodes.length);
setInitialScrollOffset(scrollOffset);
setNodes(newNodes);
};
const expand = (node: number) => {
@@ -156,9 +157,18 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
newNodes.splice(node + 1, 0, ...descendants(nodes[node], 1));
const scrollOffset = calculateInitialScrollOffset(newNodes.length);
setInitialScrollOffset(scrollOffset);
setNodes(newNodes);
};
React.useEffect(() => {
collections.orderedData
.filter(
(collection) => expandedNodes.includes(collection.id) || searchTerm
)
.forEach((collection) => {
collection.fetchDocuments();
});
}, [collections, expandedNodes, searchTerm]);
const isSelected = (node: number) => {
if (!selectedNode) {
return false;
@@ -169,7 +179,8 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
return selectedNodeId === nodeId;
};
const hasChildren = (node: number) => nodes[node].children.length > 0;
const hasChildren = (node: number) =>
nodes[node].children.length > 0 || nodes[node].type === "collection";
const toggleCollapse = (node: number) => {
if (!hasChildren(node)) {
@@ -219,7 +230,7 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
} else if (doc?.isStarred) {
icon = <StarredIcon color={theme.yellow} />;
} else {
icon = <DocumentIcon />;
icon = <DocumentIcon color={theme.textSecondary} />;
}
path = ancestors(node)
@@ -281,12 +292,14 @@ function DocumentExplorer({ onSubmit, onSelect, items }: Props) {
switch (ev.key) {
case "ArrowDown": {
ev.preventDefault();
ev.stopPropagation();
setActiveNode(next());
scrollNodeIntoView(next());
break;
}
case "ArrowUp": {
ev.preventDefault();
ev.stopPropagation();
if (activeNode === 0) {
focusSearchInput();
} else {

21
app/components/DocumentsLoader.tsx Normal file
View File

@@ -0,0 +1,21 @@
import { observer } from "mobx-react";
import * as React from "react";
import Collection from "~/models/Collection";
type Props = {
enabled: boolean;
collection: Collection;
children: React.ReactNode;
};
function DocumentsLoader({ collection, enabled, children }: Props) {
React.useEffect(() => {
if (enabled) {
void collection.fetchDocuments();
}
}, [collection, enabled]);
return <>{children}</>;
}
export default observer(DocumentsLoader);

11
app/components/Sidebar/components/CollectionLink.tsx
View File

@@ -44,7 +44,7 @@ const CollectionLink: React.FC<Props> = ({
const { dialogs, documents, collections } = useStores();
const [menuOpen, handleMenuOpen, handleMenuClose] = useBoolean();
const [isEditing, setIsEditing] = React.useState(false);
const canUpdate = usePolicy(collection).update;
const can = usePolicy(collection);
const { t } = useTranslation();
const history = useHistory();
const inStarredSection = useStarredContext();
@@ -105,7 +105,7 @@ const CollectionLink: React.FC<Props> = ({
}
}
},
canDrop: () => canUpdate,
canDrop: () => can.createDocument,
collect: (monitor) => ({
isOver: !!monitor.isOver({
shallow: true,
@@ -118,6 +118,10 @@ const CollectionLink: React.FC<Props> = ({
setIsEditing(isEditing);
}, []);
const handleMouseEnter = React.useCallback(() => {
void collection.fetchDocuments();
}, [collection]);
const context = useActionContext({
activeCollectionId: collection.id,
inStarredSection,
@@ -134,6 +138,7 @@ const CollectionLink: React.FC<Props> = ({
}}
expanded={expanded}
onDisclosureClick={onDisclosureClick}
onMouseEnter={handleMouseEnter}
icon={
<CollectionIcon collection={collection} expanded={expanded} />
}
@@ -147,7 +152,7 @@ const CollectionLink: React.FC<Props> = ({
title={collection.name}
onSubmit={handleTitleChange}
onEditing={handleTitleEditing}
canUpdate={canUpdate}
canUpdate={can.update}
/>
}
exact={false}

47
app/components/Sidebar/components/CollectionLinkChildren.tsx
View File

@@ -2,8 +2,12 @@ import { observer } from "mobx-react";
import * as React from "react";
import { useDrop } from "react-dnd";
import { useTranslation } from "react-i18next";
import styled from "styled-components";
import Collection from "~/models/Collection";
import Document from "~/models/Document";
import DelayedMount from "~/components/DelayedMount";
import DocumentsLoader from "~/components/DocumentsLoader";
import { ResizingHeightContainer } from "~/components/ResizingHeightContainer";
import usePolicy from "~/hooks/usePolicy";
import useStores from "~/hooks/useStores";
import useToasts from "~/hooks/useToasts";
@@ -11,6 +15,7 @@ import DocumentLink from "./DocumentLink";
import DropCursor from "./DropCursor";
import EmptyCollectionPlaceholder from "./EmptyCollectionPlaceholder";
import Folder from "./Folder";
import PlaceholderCollections from "./PlaceholderCollections";
import { DragObject } from "./SidebarLink";
import useCollectionDocuments from "./useCollectionDocuments";
@@ -63,28 +68,42 @@ function CollectionLinkChildren({
return (
<Folder expanded={expanded}>
{isDraggingAnyDocument && can.update && manualSort && (
{isDraggingAnyDocument && can.createDocument && manualSort && (
<DropCursor
isActiveDrop={isOverReorder}
innerRef={dropToReorder}
position="top"
/>
)}
{childDocuments.map((node, index) => (
<DocumentLink
key={node.id}
node={node}
collection={collection}
activeDocument={documents.active}
prefetchDocument={prefetchDocument}
isDraft={node.isDraft}
depth={2}
index={index}
/>
))}
{childDocuments.length === 0 && <EmptyCollectionPlaceholder />}
<DocumentsLoader collection={collection} enabled={expanded}>
{!childDocuments && (
<ResizingHeightContainer hideOverflow>
<DelayedMount>
<Loading />
</DelayedMount>
</ResizingHeightContainer>
)}
{childDocuments?.map((node, index) => (
<DocumentLink
key={node.id}
node={node}
collection={collection}
activeDocument={documents.active}
prefetchDocument={prefetchDocument}
isDraft={node.isDraft}
depth={2}
index={index}
/>
))}
{childDocuments?.length === 0 && <EmptyCollectionPlaceholder />}
</DocumentsLoader>
</Folder>
);
}
const Loading = styled(PlaceholderCollections)`
margin-left: 44px;
min-height: 90px;
`;
export default observer(CollectionLinkChildren);

16
app/components/Sidebar/components/DropToImport.tsx
View File

@@ -26,10 +26,14 @@ function DropToImport({ disabled, children, collectionId, documentId }: Props) {
collectionId,
documentId
);
const targetId = collectionId || documentId;
invariant(targetId, "Must provide either collectionId or documentId");
invariant(
collectionId || documentId,
"Must provide either collectionId or documentId"
);
const canCollection = usePolicy(collectionId);
const canDocument = usePolicy(documentId);
const can = usePolicy(targetId);
const handleRejection = React.useCallback(() => {
showToast(
t("Document not supported try Markdown, Plain text, HTML, or Word"),
@@ -39,7 +43,11 @@ function DropToImport({ disabled, children, collectionId, documentId }: Props) {
);
}, [t, showToast]);
if (disabled || !can.update) {
if (
disabled ||
(collectionId && !canCollection.createDocument) ||
(documentId && !canDocument.createChildDocument)
) {
return children;
}

4
app/components/Sidebar/components/PlaceholderCollections.tsx
View File

@@ -2,9 +2,9 @@ import * as React from "react";
import styled from "styled-components";
import PlaceholderText from "~/components/PlaceholderText";
function PlaceholderCollections() {
function PlaceholderCollections(props: React.HTMLAttributes<HTMLDivElement>) {
return (
<Wrapper>
<Wrapper {...props}>
<PlaceholderText />
<PlaceholderText delay={0.2} />
<PlaceholderText delay={0.4} />

4
app/components/Sidebar/components/useCollectionDocuments.ts
View File

@@ -8,8 +8,8 @@ export default function useCollectionDocuments(
activeDocument: Document | undefined
) {
return React.useMemo(() => {
if (!collection) {
return [];
if (!collection?.sortedDocuments) {
return undefined;
}
const insertDraftDocument =

6
app/components/WebsocketProvider.tsx
View File

@@ -196,7 +196,7 @@ class WebsocketProvider extends React.Component<Props> {
}
try {
await collections.fetch(collectionId, {
await collection?.fetchDocuments({
force: true,
});
} catch (err) {
@@ -293,6 +293,10 @@ class WebsocketProvider extends React.Component<Props> {
collections.add(event);
});
this.socket.on("collections.update", (event: PartialWithId<Collection>) => {
collections.add(event);
});
this.socket.on(
"collections.delete",
action((event: WebsocketEntityDeletedEvent) => {

4
app/hooks/useCollectionTrees.ts
View File

@@ -73,9 +73,11 @@ export default function useCollectionTrees(): NavigationNode[] {
return addParent(addCollectionId(addDepth(addType(collectionNode))));
};
const key = collections.orderedData.map((o) => o.documents?.length).join("-");
const collectionTrees = React.useMemo(
() => collections.orderedData.map(getCollectionTree),
[collections.orderedData]
// eslint-disable-next-line react-hooks/exhaustive-deps
[collections.orderedData, key]
);
return collectionTrees;

5
app/menus/CollectionMenu.tsx
View File

@@ -200,14 +200,14 @@ function CollectionMenu({
{
type: "button",
title: t("New document"),
visible: can.update,
visible: can.createDocument,
onClick: handleNewDocument,
icon: <NewDocumentIcon />,
},
{
type: "button",
title: t("Import document"),
visible: can.update,
visible: can.createDocument,
onClick: handleImportDocument,
icon: <ImportIcon />,
},
@@ -261,6 +261,7 @@ function CollectionMenu({
collection,
can.unstar,
can.star,
can.createDocument,
can.update,
can.delete,
handleStar,

2
app/menus/DocumentMenu.tsx
View File

@@ -132,7 +132,7 @@ function DocumentMenu({
...collections.orderedData.reduce<MenuItem[]>((filtered, collection) => {
const can = policies.abilities(collection.id);
if (can.update) {
if (can.createDocument) {
filtered.push({
type: "button",
onClick: (ev) =>

1
app/models/BaseModel.ts
View File

@@ -60,7 +60,6 @@ export default abstract class BaseModel {
};
updateFromJson = (data: any) => {
// const isNew = !data.id && !this.id && this.isNew;
set(this, { ...data, isNew: false });
this.persistedAttributes = this.toAPI();
};

71
app/models/Collection.ts
View File

@@ -1,5 +1,5 @@
import { trim } from "lodash";
import { action, computed, observable } from "mobx";
import { action, computed, observable, runInAction } from "mobx";
import {
CollectionPermission,
FileOperationFormat,
@@ -18,6 +18,8 @@ export default class Collection extends ParanoidModel {
@observable
isSaving: boolean;
isFetching = false;
@Field
@observable
id: string;
@@ -57,32 +59,34 @@ export default class Collection extends ParanoidModel {
direction: "asc" | "desc";
};
documents: NavigationNode[];
@observable
documents?: NavigationNode[];
url: string;
urlId: string;
@computed
get isEmpty(): boolean {
get isEmpty(): boolean | undefined {
if (!this.documents) {
return undefined;
}
return (
this.documents.length === 0 &&
this.store.rootStore.documents.inCollection(this.id).length === 0
);
}
@computed
get documentIds(): string[] {
const results: string[] = [];
const travelNodes = (nodes: NavigationNode[]) =>
nodes.forEach((node) => {
results.push(node.id);
travelNodes(node.children);
});
travelNodes(this.documents);
return results;
/**
* Convenience method to return if a collection is considered private.
* This means that a membership is required to view it rather than just being
* a workspace member.
*
* @returns boolean
*/
get isPrivate(): boolean {
return !this.permission;
}
@computed
@@ -98,10 +102,35 @@ export default class Collection extends ParanoidModel {
}
@computed
get sortedDocuments() {
get sortedDocuments(): NavigationNode[] | undefined {
if (!this.documents) {
return undefined;
}
return sortNavigationNodes(this.documents, this.sort);
}
fetchDocuments = async (options?: { force: boolean }) => {
if (this.isFetching) {
return;
}
if (this.documents && options?.force !== true) {
return;
}
try {
this.isFetching = true;
const { data } = await client.post("/collections.documents", {
id: this.id,
});
runInAction("Collection#fetchDocuments", () => {
this.documents = data;
});
} finally {
this.isFetching = false;
}
};
/**
* Updates the document identified by the given id in the collection in memory.
* Does not update the document in the database.
@@ -110,6 +139,10 @@ export default class Collection extends ParanoidModel {
*/
@action
updateDocument(document: Pick<Document, "id" | "title" | "url">) {
if (!this.documents) {
throw new Error("Collection documents not loaded");
}
const travelNodes = (nodes: NavigationNode[]) =>
nodes.forEach((node) => {
if (node.id === document.id) {
@@ -131,6 +164,10 @@ export default class Collection extends ParanoidModel {
*/
@action
removeDocument(documentId: string) {
if (!this.documents) {
throw new Error("Collection documents not loaded");
}
this.documents = this.documents.filter(function f(node): boolean {
if (node.id === documentId) {
return false;
@@ -163,7 +200,7 @@ export default class Collection extends ParanoidModel {
});
};
if (this.documents) {
if (this.sortedDocuments) {
travelNodes(this.sortedDocuments);
}

8
app/models/CollectionGroupMembership.ts
View File

@@ -1,4 +1,4 @@
import { computed } from "mobx";
import { observable } from "mobx";
import { CollectionPermission } from "@shared/types";
import BaseModel from "./BaseModel";
@@ -9,12 +9,8 @@ class CollectionGroupMembership extends BaseModel {
collectionId: string;
@observable
permission: CollectionPermission;
@computed
get isEditor(): boolean {
return this.permission === CollectionPermission.ReadWrite;
}
}
export default CollectionGroupMembership;

8
app/models/Membership.ts
View File

@@ -1,4 +1,4 @@
import { computed } from "mobx";
import { observable } from "mobx";
import { CollectionPermission } from "@shared/types";
import BaseModel from "./BaseModel";
@@ -9,12 +9,8 @@ class Membership extends BaseModel {
collectionId: string;
@observable
permission: CollectionPermission;
@computed
get isEditor(): boolean {
return this.permission === CollectionPermission.ReadWrite;
}
}
export default Membership;

4
app/scenes/Collection.tsx
View File

@@ -148,7 +148,7 @@ function CollectionScene() {
>
<DropToImport
accept={documents.importFileTypes.join(", ")}
disabled={!can.update}
disabled={!can.createDocument}
collectionId={collection.id}
>
<CenteredContent withStickyHeader>
@@ -159,7 +159,7 @@ function CollectionScene() {
<HeadingWithIcon $isStarred={collection.isStarred}>
<HeadingIcon collection={collection} size={40} expanded />
{collection.name}
{!collection.permission && (
{collection.isPrivate && (
<Tooltip
tooltip={t(
"This collection is only visible to those given access"

6
app/scenes/Collection/Empty.tsx
View File

@@ -37,9 +37,11 @@ function EmptyCollection({ collection }: Props) {
}}
/>
<br />
{can.update && <Trans>Get started by creating a new one!</Trans>}
{can.createDocument && (
<Trans>Get started by creating a new one!</Trans>
)}
</Text>
{can.update && (
{can.createDocument && (
<Empty>
<Link to={newDocumentPath(collection.id)}>
<Button icon={<NewDocumentIcon />} neutral>

79
app/scenes/CollectionPermissions/components/CollectionGroupMemberListItem.tsx
View File

@@ -1,13 +1,10 @@
import * as React from "react";
import { useTranslation } from "react-i18next";
import styled from "styled-components";
import { s } from "@shared/styles";
import { CollectionPermission } from "@shared/types";
import CollectionGroupMembership from "~/models/CollectionGroupMembership";
import Group from "~/models/Group";
import GroupListItem from "~/components/GroupListItem";
import InputSelect, { Props as SelectProps } from "~/components/InputSelect";
import CollectionGroupMemberMenu from "~/menus/CollectionGroupMemberMenu";
import InputMemberPermissionSelect from "./InputMemberPermissionSelect";
type Props = {
group: Group;
@@ -21,57 +18,27 @@ const CollectionGroupMemberListItem = ({
collectionGroupMembership,
onUpdate,
onRemove,
}: Props) => {
const { t } = useTranslation();
return (
<GroupListItem
group={group}
showAvatar
renderActions={({ openMembersModal }) => (
<>
<Select
label={t("Permissions")}
options={[
{
label: t("View only"),
value: CollectionPermission.Read,
},
{
label: t("View and edit"),
value: CollectionPermission.ReadWrite,
},
]}
value={
collectionGroupMembership
? collectionGroupMembership.permission
: undefined
}
onChange={onUpdate}
ariaLabel={t("Permissions")}
labelHidden
nude
/>
<CollectionGroupMemberMenu
onMembers={openMembersModal}
onRemove={onRemove}
/>
</>
)}
/>
);
};
const Select = styled(InputSelect)`
margin: 0;
font-size: 14px;
border-color: transparent;
box-shadow: none;
color: ${s("textSecondary")};
select {
margin: 0;
}
` as React.ComponentType<SelectProps>;
}: Props) => (
<GroupListItem
group={group}
showAvatar
renderActions={({ openMembersModal }) => (
<>
<InputMemberPermissionSelect
value={
collectionGroupMembership
? collectionGroupMembership.permission
: undefined
}
onChange={onUpdate}
/>
<CollectionGroupMemberMenu
onMembers={openMembersModal}
onRemove={onRemove}
/>
</>
)}
/>
);
export default CollectionGroupMemberListItem;

48
app/scenes/CollectionPermissions/components/InputMemberPermissionSelect.tsx Normal file
View File

@@ -0,0 +1,48 @@
import * as React from "react";
import { useTranslation } from "react-i18next";
import styled from "styled-components";
import { s } from "@shared/styles";
import { CollectionPermission } from "@shared/types";
import InputSelect, { Props as SelectProps } from "~/components/InputSelect";
export default function InputMemberPermissionSelect(
props: Partial<SelectProps>
) {
const { t } = useTranslation();
return (
<Select
label={t("Permissions")}
options={[
{
label: t("View only"),
value: CollectionPermission.Read,
},
{
label: t("View and edit"),
value: CollectionPermission.ReadWrite,
},
{
label: t("Admin"),
value: CollectionPermission.Admin,
},
]}
ariaLabel={t("Permissions")}
labelHidden
nude
{...props}
/>
);
}
const Select = styled(InputSelect)`
margin: 0;
font-size: 14px;
border-color: transparent;
box-shadow: none;
color: ${s("textSecondary")};
select {
margin: 0;
}
` as React.ComponentType<SelectProps>;

32
app/scenes/CollectionPermissions/components/MemberListItem.tsx
View File

@@ -1,8 +1,6 @@
import { observer } from "mobx-react";
import * as React from "react";
import { Trans, useTranslation } from "react-i18next";
import styled from "styled-components";
import { s } from "@shared/styles";
import { CollectionPermission } from "@shared/types";
import Membership from "~/models/Membership";
import User from "~/models/User";
@@ -10,10 +8,10 @@ import Avatar from "~/components/Avatar";
import Badge from "~/components/Badge";
import Button from "~/components/Button";
import Flex from "~/components/Flex";
import InputSelect, { Props as SelectProps } from "~/components/InputSelect";
import ListItem from "~/components/List/Item";
import Time from "~/components/Time";
import MemberMenu from "~/menus/MemberMenu";
import InputMemberPermissionSelect from "./InputMemberPermissionSelect";
type Props = {
user: User;
@@ -54,24 +52,10 @@ const MemberListItem = ({
actions={
<Flex align="center" gap={8}>
{onUpdate && (
<Select
label={t("Permissions")}
options={[
{
label: t("View only"),
value: CollectionPermission.Read,
},
{
label: t("View and edit"),
value: CollectionPermission.ReadWrite,
},
]}
<InputMemberPermissionSelect
value={membership ? membership.permission : undefined}
onChange={onUpdate}
disabled={!canEdit}
ariaLabel={t("Permissions")}
labelHidden
nude
/>
)}
{canEdit && (
@@ -90,16 +74,4 @@ const MemberListItem = ({
);
};
const Select = styled(InputSelect)`
margin: 0;
font-size: 14px;
border-color: transparent;
box-shadow: none;
color: ${s("textSecondary")};
select {
margin: 0;
}
` as React.ComponentType<SelectProps>;
export default observer(MemberListItem);

2
app/scenes/CollectionPermissions/index.tsx
View File

@@ -211,7 +211,7 @@ function CollectionPermissions({ collectionId }: Props) {
value={collection.permission || ""}
/>
<PermissionExplainer size="small">
{!collection.permission && (
{collection.isPrivate && (
<Trans
defaults="The <em>{{ collectionName }}</em> collection is private. Workspace members have no access to it by default."
values={{

14
app/scenes/DocumentMove.tsx
View File

@@ -28,13 +28,15 @@ function DocumentMove({ document }: Props) {
null
);
const moveOptions = React.useMemo(() => {
// filter out the document itself and also its parent doc if any
const items = React.useMemo(() => {
// Filter out the document itself and its existing parent doc, if any.
const nodes = flatten(collectionTrees.map(flattenTree)).filter(
(node) => node.id !== document.id && node.id !== document.parentDocumentId
);
// If the document we're moving is a template, only show collections as
// move targets.
if (document.isTemplate) {
// only show collections with children stripped off to prevent node expansion
return nodes
.filter((node) => node.type === "collection")
.map((node) => ({ ...node, children: [] }));
@@ -80,11 +82,7 @@ function DocumentMove({ document }: Props) {
return (
<FlexContainer column>
<DocumentExplorer
items={moveOptions}
onSubmit={move}
onSelect={selectPath}
/>
<DocumentExplorer items={items} onSubmit={move} onSelect={selectPath} />
<Footer justify="space-between" align="center" gap={8}>
<StyledText type="secondary">
{selectedPath ? (

23
app/stores/CollectionsStore.ts
View File

@@ -34,8 +34,14 @@ export default class CollectionsStore extends BaseStore<Collection> {
super(rootStore, Collection);
}
/**
* Returns the currently active collection, or undefined if not in the context
* of a collection.
*
* @returns The active Collection or undefined
*/
@computed
get active(): Collection | null | undefined {
get active(): Collection | undefined {
return this.rootStore.ui.activeCollectionId
? this.data.get(this.rootStore.ui.activeCollectionId)
: undefined;
@@ -92,7 +98,10 @@ export default class CollectionsStore extends BaseStore<Collection> {
url,
};
results.push([node]);
travelDocuments(collection.documents, id, [node]);
if (collection.documents) {
travelDocuments(collection.documents, id, [node]);
}
});
}
@@ -132,13 +141,9 @@ export default class CollectionsStore extends BaseStore<Collection> {
// remove all locally cached policies for documents in the collection as they
// are now invalid
if (params.sharing !== undefined) {
const collection = this.get(params.id);
if (collection) {
collection.documentIds.forEach((id) => {
this.rootStore.policies.remove(id);
});
}
this.rootStore.documents.inCollection(params.id).forEach((document) => {
this.rootStore.policies.remove(document.id);
});
}
return result;

2
app/stores/DocumentsStore.ts
View File

@@ -139,7 +139,7 @@ export default class DocumentsStore extends BaseStore<Document> {
rootInCollection(collectionId: string): Document[] {
const collection = this.rootStore.collections.get(collectionId);
if (!collection) {
if (!collection || !collection.sortedDocuments) {
return [];
}

56
server/migrations/20230429005039-collection-admins.js Normal file
View File

@@ -0,0 +1,56 @@
'use strict';
module.exports = {
async up(queryInterface) {
if (process.env.DEPLOYMENT === "hosted") {
return;
}
await queryInterface.sequelize.transaction(async (transaction) => {
// Convert collection members to admins where the user is the only
// membership in the collection.
await queryInterface.sequelize.query(
`UPDATE collection_users cu
SET permission = 'admin'
WHERE (
SELECT COUNT(*)
FROM collection_users
WHERE "collectionId" = cu."collectionId"
AND permission = 'read_write'
) = 1;`,
{
type: queryInterface.sequelize.QueryTypes.SELECT,
}
);
// Convert collection members to admins where the collection is private
// and they currently have read_write permission
await queryInterface.sequelize.query(
`UPDATE collection_users
SET permission = 'admin'
WHERE permission = 'read_write'
AND "collectionId" IN (
SELECT c."id"
FROM collections c
WHERE c.permission IS NULL
);`,
{
type: queryInterface.sequelize.QueryTypes.SELECT,
}
);
});
},
async down(queryInterface) {
if (process.env.DEPLOYMENT === "hosted") {
return;
}
await queryInterface.sequelize.query(
"UPDATE collection_users SET permission = 'read_write' WHERE permission = 'admin'",
{
type: queryInterface.sequelize.QueryTypes.SELECT,
}
);
}
};

37
server/models/Collection.ts
View File

@@ -254,21 +254,17 @@ class Collection extends ParanoidModel {
model: Collection,
options: { transaction: Transaction }
) {
if (model.permission !== CollectionPermission.ReadWrite) {
return CollectionUser.findOrCreate({
where: {
collectionId: model.id,
userId: model.createdById,
},
defaults: {
permission: CollectionPermission.ReadWrite,
createdById: model.createdById,
},
transaction: options.transaction,
});
}
return undefined;
return CollectionUser.findOrCreate({
where: {
collectionId: model.id,
userId: model.createdById,
},
defaults: {
permission: CollectionPermission.Admin,
createdById: model.createdById,
},
transaction: options.transaction,
});
}
// associations
@@ -396,6 +392,17 @@ class Collection extends ParanoidModel {
});
}
/**
* Convenience method to return if a collection is considered private.
* This means that a membership is required to view it rather than just being
* a workspace member.
*
* @returns boolean
*/
get isPrivate() {
return !this.permission;
}
getDocumentTree = (documentId: string): NavigationNode | null => {
if (!this.documentStructure) {
return null;

19
server/models/Document.ts
View File

@@ -473,6 +473,25 @@ class Document extends ParanoidModel {
// instance methods
/**
* Whether this document is considered active or not. A document is active if
* it has not been archived or deleted.
*
* @returns boolean
*/
get isActive(): boolean {
return !this.archivedAt && !this.deletedAt;
}
/**
* Convenience method that returns whether this document is a draft.
*
* @returns boolean
*/
get isDraft(): boolean {
return !this.publishedAt;
}
get titleWithDefault(): string {
return this.title || "Untitled";
}

5
server/models/User.ts
View File

@@ -380,8 +380,9 @@ class User extends ParanoidModel {
return collectionStubs
.filter(
(c) =>
c.permission === CollectionPermission.Read ||
c.permission === CollectionPermission.ReadWrite ||
Object.values(CollectionPermission).includes(
c.permission as CollectionPermission
) ||
c.memberships.length > 0 ||
c.collectionGroupMemberships.length > 0
)

91
server/policies/collection.test.ts
View File

@@ -1,14 +1,71 @@
import { CollectionPermission } from "@shared/types";
import { CollectionUser, Collection } from "@server/models";
import { buildUser, buildTeam, buildCollection } from "@server/test/factories";
import {
buildUser,
buildTeam,
buildCollection,
buildAdmin,
} from "@server/test/factories";
import { setupTestDatabase } from "@server/test/support";
import { serialize } from "./index";
setupTestDatabase();
describe("admin", () => {
it("should allow updating collection but not reading documents", async () => {
const team = await buildTeam();
const user = await buildAdmin({
teamId: team.id,
});
const collection = await buildCollection({
teamId: team.id,
permission: null,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.readDocument).toEqual(false);
expect(abilities.createDocument).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
});
});
describe("member", () => {
describe("admin permission", () => {
it("should allow updating collection", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
});
const collection = await buildCollection({
teamId: team.id,
permission: CollectionPermission.ReadWrite,
});
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.Admin,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.createDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(true);
});
});
describe("read_write permission", () => {
it("should allow read write permissions for team member", async () => {
it("should allow read write documents for team member", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
@@ -19,8 +76,9 @@ describe("member", () => {
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
it("should override read membership permission", async () => {
@@ -44,8 +102,9 @@ describe("member", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
@@ -86,8 +145,9 @@ describe("member", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
@@ -103,8 +163,10 @@ describe("member", () => {
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.readDocument).toEqual(false);
expect(abilities.createDocument).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.update).toEqual(false);
});
it("should allow override with team member membership permission", async () => {
@@ -128,8 +190,10 @@ describe("member", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.createDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
});
@@ -148,6 +212,8 @@ describe("viewer", () => {
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.createDocument).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.share).toEqual(false);
});
@@ -174,8 +240,9 @@ describe("viewer", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
@@ -202,8 +269,10 @@ describe("viewer", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.createDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
@@ -246,8 +315,10 @@ describe("viewer", () => {
}).findByPk(collection.id);
const abilities = serialize(user, reloaded);
expect(abilities.read).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.readDocument).toEqual(true);
expect(abilities.createDocument).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.update).toEqual(false);
});
});
});

150
server/policies/collection.ts
View File

@@ -40,26 +40,29 @@ allow(User, "move", Collection, (user, collection) => {
throw AdminRequiredError();
});
allow(User, ["read", "star", "unstar"], Collection, (user, collection) => {
allow(User, "read", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (user.isAdmin) {
return true;
}
if (!collection.permission) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(allMemberships, (m) =>
Object.values(CollectionPermission).includes(m.permission)
);
if (collection.isPrivate) {
return includesMembership(collection, Object.values(CollectionPermission));
}
return true;
});
allow(User, ["star", "unstar"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (collection.isPrivate) {
return includesMembership(collection, Object.values(CollectionPermission));
}
return true;
@@ -72,32 +75,56 @@ allow(User, "share", Collection, (user, collection) => {
if (!collection.sharing) {
return false;
}
if (user.isAdmin) {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
return includesMembership(collection, [
CollectionPermission.ReadWrite,
CollectionPermission.Admin,
]);
}
return true;
});
allow(User, ["publish", "update"], Collection, (user, collection) => {
allow(User, "readDocument", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (collection.isPrivate) {
return includesMembership(collection, Object.values(CollectionPermission));
}
return true;
});
allow(
User,
["updateDocument", "createDocument", "deleteDocument"],
Collection,
(user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
return includesMembership(collection, [
CollectionPermission.ReadWrite,
CollectionPermission.Admin,
]);
}
return true;
}
);
allow(User, ["update", "delete"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
@@ -105,56 +132,19 @@ allow(User, ["publish", "update"], Collection, (user, collection) => {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
}
return true;
return includesMembership(collection, [CollectionPermission.Admin]);
});
allow(User, "delete", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) {
return false;
}
if (user.isAdmin) {
return true;
}
if (
collection.permission !== CollectionPermission.ReadWrite ||
user.isViewer
) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
);
const allMemberships = [
...collection.memberships,
...collection.collectionGroupMemberships,
];
return some(
allMemberships,
(m) => m.permission === CollectionPermission.ReadWrite
);
}
if (user.id === collection.createdById) {
return true;
}
throw AdminRequiredError();
});
function includesMembership(
collection: Collection,
memberships: CollectionPermission[]
) {
invariant(
collection.memberships,
"memberships should be preloaded, did you forget withMembership scope?"
);
return some(
[...collection.memberships, ...collection.collectionGroupMemberships],
(m) => memberships.includes(m.permission)
);
}

164
server/policies/document.ts
View File

@@ -16,7 +16,10 @@ allow(User, ["read", "comment"], Document, (user, document) => {
}
// existence of collection option is not required here to account for share tokens
if (document.collection && cannot(user, "read", document.collection)) {
if (
document.collection &&
cannot(user, "readDocument", document.collection)
) {
return false;
}
@@ -29,7 +32,10 @@ allow(User, "download", Document, (user, document) => {
}
// existence of collection option is not required here to account for share tokens
if (document.collection && cannot(user, "read", document.collection)) {
if (
document.collection &&
cannot(user, "readDocument", document.collection)
) {
return false;
}
@@ -44,16 +50,7 @@ allow(User, "download", Document, (user, document) => {
});
allow(User, "star", Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.template) {
if (!document || !document.isActive || document.template) {
return false;
}
@@ -62,7 +59,7 @@ allow(User, "star", Document, (user, document) => {
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "read", document.collection)) {
if (cannot(user, "readDocument", document.collection)) {
return false;
}
}
@@ -83,7 +80,7 @@ allow(User, "unstar", Document, (user, document) => {
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "read", document.collection)) {
if (cannot(user, "readDocument", document.collection)) {
return false;
}
}
@@ -114,13 +111,7 @@ allow(User, "share", Document, (user, document) => {
});
allow(User, "update", Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
if (!document || !document.isActive) {
return false;
}
@@ -130,7 +121,7 @@ allow(User, "update", Document, (user, document) => {
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
if (cannot(user, "updateDocument", document.collection)) {
return false;
}
}
@@ -139,63 +130,42 @@ allow(User, "update", Document, (user, document) => {
});
allow(User, "createChildDocument", Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
if (!document || !document.isActive || document.isDraft) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
if (cannot(user, "updateDocument", document.collection)) {
return false;
}
return user.teamId === document.teamId;
});
allow(User, "move", Document, (user, document) => {
if (!document) {
if (!document || !document.isActive) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.collection && cannot(user, "update", document.collection)) {
if (
document.collection &&
cannot(user, "updateDocument", document.collection)
) {
return false;
}
return user.teamId === document.teamId;
});
allow(User, ["pin", "unpin"], Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
if (!document || !document.isActive || document.isDraft) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
@@ -207,46 +177,30 @@ allow(User, ["pin", "unpin"], Document, (user, document) => {
});
allow(User, ["subscribe", "unsubscribe"], Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
if (!document || !document.isActive || document.isDraft) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "read", document.collection)) {
if (cannot(user, "readDocument", document.collection)) {
return false;
}
return user.teamId === document.teamId;
});
allow(User, ["pinToHome"], Document, (user, document) => {
if (!document) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
return false;
}
if (document.template) {
return false;
}
if (!document.publishedAt) {
allow(User, "pinToHome", Document, (user, document) => {
if (
!document ||
!document.isActive ||
document.isDraft ||
document.template
) {
return false;
}
@@ -254,23 +208,23 @@ allow(User, ["pinToHome"], Document, (user, document) => {
});
allow(User, "delete", Document, (user, document) => {
if (!document) {
return false;
}
if (document.deletedAt) {
if (!document || document.deletedAt) {
return false;
}
// allow deleting document without a collection
if (document.collection && cannot(user, "update", document.collection)) {
if (
document.collection &&
cannot(user, "deleteDocument", document.collection)
) {
return false;
}
// unpublished drafts can always be deleted
// unpublished drafts can always be deleted by their owner
if (
!document.deletedAt &&
!document.publishedAt &&
user.teamId === document.teamId
document.isDraft &&
user.id === document.createdById
) {
return true;
}
@@ -279,15 +233,15 @@ allow(User, "delete", Document, (user, document) => {
});
allow(User, "permanentDelete", Document, (user, document) => {
if (!document) {
return false;
}
if (!document.deletedAt) {
if (!document || !document.deletedAt) {
return false;
}
// allow deleting document without a collection
if (document.collection && cannot(user, "update", document.collection)) {
if (
document.collection &&
cannot(user, "updateDocument", document.collection)
) {
return false;
}
@@ -295,14 +249,14 @@ allow(User, "permanentDelete", Document, (user, document) => {
});
allow(User, "restore", Document, (user, document) => {
if (!document) {
return false;
}
if (!document.deletedAt) {
if (!document || !document.deletedAt) {
return false;
}
if (document.collection && cannot(user, "update", document.collection)) {
if (
document.collection &&
cannot(user, "updateDocument", document.collection)
) {
return false;
}
@@ -310,23 +264,14 @@ allow(User, "restore", Document, (user, document) => {
});
allow(User, "archive", Document, (user, document) => {
if (!document) {
return false;
}
if (!document.publishedAt) {
return false;
}
if (document.archivedAt) {
return false;
}
if (document.deletedAt) {
if (!document || !document.isActive || document.isDraft) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
if (cannot(user, "updateDocument", document.collection)) {
return false;
}
return user.teamId === document.teamId;
@@ -340,7 +285,7 @@ allow(User, "unarchive", Document, (user, document) => {
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (cannot(user, "update", document.collection)) {
if (cannot(user, "updateDocument", document.collection)) {
return false;
}
if (!document.archivedAt) {
@@ -360,17 +305,14 @@ allow(
);
allow(User, "unpublish", Document, (user, document) => {
if (!document) {
if (!document || !document.isActive || document.isDraft) {
return false;
}
invariant(
document.collection,
"collection is missing, did you forget to include in the query scope?"
);
if (!document.publishedAt || !!document.deletedAt || !!document.archivedAt) {
return false;
}
if (cannot(user, "update", document.collection)) {
if (cannot(user, "updateDocument", document.collection)) {
return false;
}
return user.teamId === document.teamId;

4
server/presenters/collection.ts
View File

@@ -1,3 +1,4 @@
import { colorPalette } from "@shared/utils/collections";
import Collection from "@server/models/Collection";
export default function presentCollection(collection: Collection) {
@@ -10,12 +11,11 @@ export default function presentCollection(collection: Collection) {
sort: collection.sort,
icon: collection.icon,
index: collection.index,
color: collection.color || "#4E5C6E",
color: collection.color || colorPalette[0],
permission: collection.permission,
sharing: collection.sharing,
createdAt: collection.createdAt,
updatedAt: collection.updatedAt,
deletedAt: collection.deletedAt,
documents: collection.documentStructure || [],
};
}

30
server/queues/processors/WebsocketsProcessor.ts
View File

@@ -170,20 +170,30 @@ export default class WebsocketsProcessor {
if (!collection) {
return;
}
return socketio.to(`team-${collection.teamId}`).emit("entities", {
event: event.name,
collectionIds: [
{
id: collection.id,
updatedAt: collection.updatedAt,
},
],
});
return socketio
.to(
collection.permission
? `collection-${event.collectionId}`
: `team-${collection.teamId}`
)
.emit(event.name, presentCollection(collection));
}
case "collections.delete": {
const collection = await Collection.findByPk(event.collectionId, {
paranoid: false,
});
if (!collection) {
return;
}
return socketio
.to(`collection-${event.collectionId}`)
.to(
collection.permission
? `collection-${event.collectionId}`
: `team-${collection.teamId}`
)
.emit(event.name, {
modelId: event.collectionId,
});

2
server/queues/tasks/CollectionCreatedNotificationsTask.ts
View File

@@ -11,7 +11,7 @@ export default class CollectionCreatedNotificationsTask extends BaseTask<
const collection = await Collection.findByPk(event.collectionId);
// We only send notifications for collections visible to the entire team
if (!collection || !collection.permission) {
if (!collection || collection.isPrivate) {
return;
}

2
server/queues/tasks/ExportJSONTask.ts
View File

@@ -56,7 +56,7 @@ export default class ExportJSONTask extends ExportTask {
private async addCollectionToArchive(zip: JSZip, collection: Collection) {
const output: CollectionJSONExport = {
collection: {
...omit(presentCollection(collection), ["url", "documents"]),
...omit(presentCollection(collection), ["url"]),
description: collection.description
? parser.parse(collection.description)
: null,

129
server/routes/api/collections.test.ts
View File

@@ -396,18 +396,18 @@ describe("#collections.export_all", () => {
describe("#collections.add_user", () => {
it("should add user to collection", async () => {
const user = await buildUser();
const admin = await buildAdmin();
const collection = await buildCollection({
teamId: user.teamId,
userId: user.id,
teamId: admin.teamId,
userId: admin.id,
permission: null,
});
const anotherUser = await buildUser({
teamId: user.teamId,
teamId: admin.teamId,
});
const res = await server.post("/api/collections.add_user", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -616,25 +616,25 @@ describe("#collections.remove_group", () => {
describe("#collections.remove_user", () => {
it("should remove user from collection", async () => {
const user = await buildUser();
const admin = await buildAdmin();
const collection = await buildCollection({
teamId: user.teamId,
userId: user.id,
teamId: admin.teamId,
userId: admin.id,
permission: null,
});
const anotherUser = await buildUser({
teamId: user.teamId,
teamId: admin.teamId,
});
await server.post("/api/collections.add_user", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
});
const res = await server.post("/api/collections.remove_user", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -839,12 +839,7 @@ describe("#collections.memberships", () => {
const { collection, user } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.memberships", {
body: {
token: user.getJwtToken(),
@@ -857,7 +852,7 @@ describe("#collections.memberships", () => {
expect(body.data.users[0].id).toEqual(user.id);
expect(body.data.memberships.length).toEqual(1);
expect(body.data.memberships[0].permission).toEqual(
CollectionPermission.ReadWrite
CollectionPermission.Admin
);
});
@@ -866,12 +861,6 @@ describe("#collections.memberships", () => {
const user2 = await buildUser({
name: "Won't find",
});
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.ReadWrite,
});
await CollectionUser.create({
createdById: user2.id,
collectionId: collection.id,
@@ -957,6 +946,12 @@ describe("#collections.info", () => {
const { user, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.destroy({
where: {
collectionId: collection.id,
userId: user.id,
},
});
const res = await server.post("/api/collections.info", {
body: {
token: user.getJwtToken(),
@@ -1181,10 +1176,10 @@ describe("#collections.update", () => {
});
it("allows editing non-private collection", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1196,14 +1191,14 @@ describe("#collections.update", () => {
});
it("allows editing sort", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const sort = {
field: "index",
direction: "desc",
};
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1215,10 +1210,10 @@ describe("#collections.update", () => {
});
it("allows editing individual fields", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
permission: null,
},
@@ -1230,10 +1225,10 @@ describe("#collections.update", () => {
});
it("allows editing from non-private to private collection, and trims whitespace", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
permission: null,
name: " Test ",
@@ -1249,18 +1244,18 @@ describe("#collections.update", () => {
});
it("allows editing from private to non-private collection", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
collectionId: collection.id,
userId: user.id,
createdById: user.id,
userId: admin.id,
createdById: admin.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
permission: CollectionPermission.ReadWrite,
name: "Test",
@@ -1276,18 +1271,18 @@ describe("#collections.update", () => {
});
it("allows editing by read-write collection user", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
collectionId: collection.id,
userId: user.id,
createdById: user.id,
userId: admin.id,
createdById: admin.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1298,7 +1293,7 @@ describe("#collections.update", () => {
expect(body.policies.length).toBe(1);
});
it("allows editing by read-write collection group user", async () => {
it("allows editing by admin collection group user", async () => {
const user = await buildUser();
const collection = await buildCollection({
permission: null,
@@ -1314,7 +1309,7 @@ describe("#collections.update", () => {
});
await collection.$add("group", group, {
through: {
permission: CollectionPermission.ReadWrite,
permission: CollectionPermission.Admin,
createdById: user.id,
},
});
@@ -1335,12 +1330,18 @@ describe("#collections.update", () => {
const { user, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
collectionId: collection.id,
userId: user.id,
createdById: user.id,
permission: CollectionPermission.Read,
});
await CollectionUser.update(
{
createdById: user.id,
permission: CollectionPermission.Read,
},
{
where: {
collectionId: collection.id,
userId: user.id,
},
}
);
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
@@ -1352,14 +1353,14 @@ describe("#collections.update", () => {
});
it("does not allow setting unknown sort fields", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const sort = {
field: "blah",
direction: "desc",
};
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1368,14 +1369,14 @@ describe("#collections.update", () => {
});
it("does not allow setting unknown sort directions", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const sort = {
field: "title",
direction: "blah",
};
const res = await server.post("/api/collections.update", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1405,10 +1406,10 @@ describe("#collections.delete", () => {
});
it("should not allow deleting last collection", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
const res = await server.post("/api/collections.delete", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1416,15 +1417,15 @@ describe("#collections.delete", () => {
});
it("should delete collection", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
// to ensure it isn't the last collection
await buildCollection({
teamId: user.teamId,
createdById: user.id,
teamId: admin.teamId,
createdById: admin.id,
});
const res = await server.post("/api/collections.delete", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1434,11 +1435,11 @@ describe("#collections.delete", () => {
});
it("should delete published documents", async () => {
const { user, collection } = await seed();
const { admin, collection } = await seed();
// to ensure it isn't the last collection
await buildCollection({
teamId: user.teamId,
createdById: user.id,
teamId: admin.teamId,
createdById: admin.id,
});
// archived document should not be deleted
await buildDocument({
@@ -1447,7 +1448,7 @@ describe("#collections.delete", () => {
});
const res = await server.post("/api/collections.delete", {
body: {
token: user.getJwtToken(),
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1463,7 +1464,7 @@ describe("#collections.delete", () => {
).toEqual(1);
});
it("allows deleting by read-write collection group user", async () => {
it("allows deleting by admin collection group user", async () => {
const user = await buildUser();
const collection = await buildCollection({
permission: null,
@@ -1482,7 +1483,7 @@ describe("#collections.delete", () => {
});
await collection.$add("group", group, {
through: {
permission: CollectionPermission.ReadWrite,
permission: CollectionPermission.Admin,
createdById: user.id,
},
});

19
server/routes/api/collections.ts
View File

@@ -148,6 +148,21 @@ router.post("collections.info", auth(), async (ctx: APIContext) => {
};
});
router.post("collections.documents", auth(), async (ctx: APIContext) => {
const { id } = ctx.request.body;
assertPresent(id, "id is required");
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id);
authorize(user, "readDocument", collection);
ctx.body = {
data: collection.documentStructure || [],
};
});
router.post(
"collections.import",
rateLimiter(RateLimiterStrategy.TenPerHour),
@@ -641,7 +656,7 @@ router.post("collections.update", auth(), async (ctx: APIContext) => {
authorize(user, "update", collection);
// we're making this collection have no default access, ensure that the
// current user has a read-write membership so that at least they can edit it
// current user has an admin membership so that at least they can manage it.
if (
permission !== CollectionPermission.ReadWrite &&
collection.permission === CollectionPermission.ReadWrite
@@ -652,7 +667,7 @@ router.post("collections.update", auth(), async (ctx: APIContext) => {
userId: user.id,
},
defaults: {
permission: CollectionPermission.ReadWrite,
permission: CollectionPermission.Admin,
createdById: user.id,
},
});

106
server/routes/api/documents/documents.test.ts
View File

@@ -695,6 +695,12 @@ describe("#documents.list", () => {
const { user, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.destroy({
where: {
userId: user.id,
collectionId: collection.id,
},
});
const res = await server.post("/api/documents.list", {
body: {
token: user.getJwtToken(),
@@ -766,12 +772,18 @@ describe("#documents.list", () => {
const { user, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.Read,
});
await CollectionUser.update(
{
userId: user.id,
permission: CollectionPermission.Read,
},
{
where: {
createdById: user.id,
collectionId: collection.id,
},
}
);
const res = await server.post("/api/documents.list", {
body: {
token: user.getJwtToken(),
@@ -891,6 +903,12 @@ describe("#documents.drafts", () => {
await document.save();
collection.permission = null;
await collection.save();
await CollectionUser.destroy({
where: {
userId: user.id,
collectionId: collection.id,
},
});
const res = await server.post("/api/documents.drafts", {
body: {
token: user.getJwtToken(),
@@ -1792,6 +1810,12 @@ describe("#documents.viewed", () => {
});
collection.permission = null;
await collection.save();
await CollectionUser.destroy({
where: {
userId: user.id,
collectionId: collection.id,
},
});
const res = await server.post("/api/documents.viewed", {
body: {
token: user.getJwtToken(),
@@ -2565,12 +2589,18 @@ describe("#documents.update", () => {
await document.save();
collection.permission = null;
await collection.save();
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.ReadWrite,
});
await CollectionUser.update(
{
userId: user.id,
permission: CollectionPermission.ReadWrite,
},
{
where: {
createdById: user.id,
collectionId: collection.id,
},
}
);
const res = await server.post("/api/documents.update", {
body: {
token: user.getJwtToken(),
@@ -2634,18 +2664,24 @@ describe("#documents.update", () => {
});
it("allows editing by read-write collection user", async () => {
const { admin, document, collection } = await seed();
const { user, document, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
collectionId: collection.id,
userId: admin.id,
createdById: admin.id,
permission: CollectionPermission.ReadWrite,
});
await CollectionUser.update(
{
createdById: user.id,
permission: CollectionPermission.ReadWrite,
},
{
where: {
collectionId: collection.id,
userId: user.id,
},
}
);
const res = await server.post("/api/documents.update", {
body: {
token: admin.getJwtToken(),
token: user.getJwtToken(),
id: document.id,
text: "Changed text",
},
@@ -2653,19 +2689,25 @@ describe("#documents.update", () => {
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.text).toBe("Changed text");
expect(body.data.updatedBy.id).toBe(admin.id);
expect(body.data.updatedBy.id).toBe(user.id);
});
it("does not allow editing by read-only collection user", async () => {
const { user, document, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
collectionId: collection.id,
userId: user.id,
createdById: user.id,
permission: CollectionPermission.Read,
});
await CollectionUser.update(
{
createdById: user.id,
permission: CollectionPermission.Read,
},
{
where: {
collectionId: collection.id,
userId: user.id,
},
}
);
const res = await server.post("/api/documents.update", {
body: {
token: user.getJwtToken(),
@@ -2680,6 +2722,12 @@ describe("#documents.update", () => {
const { user, document, collection } = await seed();
collection.permission = CollectionPermission.Read;
await collection.save();
await CollectionUser.destroy({
where: {
userId: user.id,
collectionId: collection.id,
},
});
const res = await server.post("/api/documents.update", {
body: {
token: user.getJwtToken(),
@@ -2831,10 +2879,6 @@ describe("#documents.update", () => {
expect(body.data.document.collectionId).toBe(collection.id);
expect(body.data.document.title).toBe("Updated title");
expect(body.data.document.text).toBe("Updated text");
expect(body.data.collection.icon).toBe(collection.icon);
expect(body.data.collection.documents.length).toBe(
collection.documentStructure!.length + 1
);
});
});
});

18
server/routes/api/documents/documents.ts
View File

@@ -98,7 +98,7 @@ router.post(
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
authorize(user, "read", collection);
authorize(user, "readDocument", collection);
// index sort is special because it uses the order of the documents in the
// collection.documentStructure rather than a database column
@@ -342,7 +342,7 @@ router.post(
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
authorize(user, "read", collection);
authorize(user, "readDocument", collection);
}
const collectionIds = collectionId
@@ -599,7 +599,7 @@ router.post(
}
if (document.collection) {
authorize(user, "update", collection);
authorize(user, "updateDocument", collection);
}
if (document.deletedAt) {
@@ -686,7 +686,7 @@ router.post(
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
authorize(user, "read", collection);
authorize(user, "readDocument", collection);
}
if (userId) {
@@ -780,7 +780,7 @@ router.post(
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
authorize(user, "read", collection);
authorize(user, "readDocument", collection);
}
let collaboratorIds = undefined;
@@ -921,7 +921,7 @@ router.post(
method: ["withMembership", user.id],
}).findByPk(collectionId!);
}
authorize(user, "publish", collection);
authorize(user, "createDocument", collection);
}
collection = await sequelize.transaction(async (transaction) => {
@@ -982,7 +982,7 @@ router.post(
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
authorize(user, "update", collection);
authorize(user, "updateDocument", collection);
if (parentDocumentId) {
const parent = await Document.findByPk(parentDocumentId, {
@@ -1205,7 +1205,7 @@ router.post(
teamId: user.teamId,
},
});
authorize(user, "publish", collection);
authorize(user, "createDocument", collection);
let parentDocument;
if (parentDocumentId) {
@@ -1282,7 +1282,7 @@ router.post(
teamId: user.teamId,
},
});
authorize(user, "publish", collection);
authorize(user, "createDocument", collection);
}
let parentDocument;

4
server/routes/api/documents/schema.ts
View File

@@ -8,7 +8,9 @@ const DocumentsSortParamsSchema = z.object({
/** Specifies the attributes by which documents will be sorted in the list */
sort: z
.string()
.refine((val) => ["createdAt", "updatedAt", "index", "title"].includes(val))
.refine((val) =>
["createdAt", "updatedAt", "publishedAt", "index", "title"].includes(val)
)
.default("updatedAt"),
/** Specifies the sort order with respect to sort field */

8
server/routes/api/revisions.test.ts
View File

@@ -1,4 +1,4 @@
import { Revision } from "@server/models";
import { CollectionUser, Revision } from "@server/models";
import { buildDocument, buildUser } from "@server/test/factories";
import { seed, getTestServer } from "@server/test/support";
@@ -141,6 +141,12 @@ describe("#revisions.list", () => {
await Revision.createFromDocument(document);
collection.permission = null;
await collection.save();
await CollectionUser.destroy({
where: {
userId: user.id,
collectionId: collection.id,
},
});
const res = await server.post("/api/revisions.list", {
body: {
token: user.getJwtToken(),

18
server/routes/api/shares.test.ts
View File

@@ -156,12 +156,18 @@ describe("#shares.create", () => {
const { user, document, collection } = await seed();
collection.permission = null;
await collection.save();
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: CollectionPermission.Read,
});
await CollectionUser.update(
{
userId: user.id,
permission: CollectionPermission.Read,
},
{
where: {
createdById: user.id,
collectionId: collection.id,
},
}
);
const res = await server.post("/api/shares.create", {
body: {
token: user.getJwtToken(),

1
shared/types.ts
View File

@@ -86,6 +86,7 @@ export enum IntegrationService {
export enum CollectionPermission {
Read = "read",
ReadWrite = "read_write",
Admin = "admin",
}
export type IntegrationSettings<T> = T extends IntegrationType.Embed