yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e611979a8dd5a0e9a186c17313c405b9c91a41b7
outline/server/api/groups.js
Nan Yu 142303b3de feat: Add groups and group permissions (#1204) 
* WIP - got one API test to pass yay

* adds group update endpoint

* added group policies

* adds groups.list API

* adds groups.info

* remove comment

* WIP

* tests for delete

* adds group membership list

* adds tests for groups list

* add and remove user endpoints for group

* ask some questions

* fix up some issues around primary keys

* remove export from group permissions

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* remove random file

* only create events on actual updates, add tests to ensure

* adds uniqueness validation to group name

* throw validation errors on model and let it pass through the controller

* fix linting

* WIP

* WIP

* WIP

* WIP

* WIP basic edit and delete

* basic CRUD for groups and memberships in place

* got member counts working

* add member count and limit the number of users sent over teh wire to 6

* factor avatar with AvatarWithPresence into its own class

* wip

* WIP avatars in group lists

* WIP collection groups

* add and remove group endpoints

* wip add collection groups

* wip get group adding to collections to work

* wip get updating collection group memberships to work

* wip get new group modal working

* add tests for collection index

* include collection groups in the withmemberships scope

* tie permissions to group memberships

* remove unused import

* Update app/components/GroupListItem.js

update title copy

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update server/migrations/20191211044318-create-groups.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update server/api/groups.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update server/api/groups.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/menus/CollectionMenu.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update server/models/Group.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* minor fixes

* Update app/scenes/CollectionMembers/AddGroupsToCollection.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/menus/GroupMenu.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/menus/GroupMenu.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/menus/GroupMenu.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/Collection.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/CollectionMembers/CollectionMembers.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/GroupNew.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/GroupNew.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/Settings/Groups.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update server/api/documents.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* Update app/scenes/CollectionMembers/components/CollectionGroupMemberListItem.js

Co-Authored-By: Tom Moor <tom.moor@gmail.com>

* address comments

* WIP - getting websocket stuff up and running

* socket event for group deletion

* wrapped up cascading deletes

* lint

* flow

* fix: UI feedback

* fix: Facepile size

* fix: Lots of missing await's

* Allow clicking facepile on group list item to open members

* remove unused route push, grammar

* fix: Remove bad analytics events
feat: Add group events to audit log

* collection. -> collections.

* Add groups to entity websocket events (sync create/update/delete) between clients

* fix: Users should not be able to see groups they are not a member of

* fix: Not caching errors in UI when changing group memberships

* fix: Hide unusable UI

* test

* fix: Tweak language

* feat: Automatically open 'add member' modal after creating group

Co-authored-by: Tom Moor <tom.moor@gmail.com>
2020-03-14 20:48:32 -07:00

292 lines
6.2 KiB
JavaScript
Raw Blame History

// @flow
import Router from 'koa-router';
import auth from '../middlewares/authentication';
import pagination from './middlewares/pagination';
import { Op } from '../sequelize';
import { MAX_AVATAR_DISPLAY } from '../../shared/constants';
import {
presentGroup,
presentPolicies,
presentUser,
presentGroupMembership,
} from '../presenters';
import { User, Event, Group, GroupUser } from '../models';
import policy from '../policies';
const { authorize } = policy;
const router = new Router();
router.post('groups.list', auth(), pagination(), async ctx => {
const user = ctx.state.user;
let groups = await Group.findAll({
where: {
teamId: user.teamId,
},
order: [['updatedAt', 'DESC']],
offset: ctx.state.pagination.offset,
limit: ctx.state.pagination.limit,
});
if (!user.isAdmin) {
groups = groups.filter(
group => group.groupMemberships.filter(gm => gm.userId === user.id).length
);
}
ctx.body = {
pagination: ctx.state.pagination,
data: {
groups: groups.map(presentGroup),
groupMemberships: groups
.map(g => g.groupMemberships.slice(0, MAX_AVATAR_DISPLAY))
.flat()
.map(presentGroupMembership),
},
policies: presentPolicies(user, groups),
};
});
router.post('groups.info', auth(), async ctx => {
const { id } = ctx.body;
ctx.assertUuid(id, 'id is required');
const user = ctx.state.user;
const group = await Group.findByPk(id);
authorize(user, 'read', group);
ctx.body = {
data: presentGroup(group),
policies: presentPolicies(user, [group]),
};
});
router.post('groups.create', auth(), async ctx => {
const { name } = ctx.body;
ctx.assertPresent(name, 'name is required');
const user = ctx.state.user;
authorize(user, 'create', Group);
let group = await Group.create({
name,
teamId: user.teamId,
createdById: user.id,
});
// reload to get default scope
group = await Group.findByPk(group.id);
await Event.create({
name: 'groups.create',
actorId: user.id,
teamId: user.teamId,
modelId: group.id,
data: { name: group.name },
ip: ctx.request.ip,
});
ctx.body = {
data: presentGroup(group),
policies: presentPolicies(user, [group]),
};
});
router.post('groups.update', auth(), async ctx => {
const { id, name } = ctx.body;
ctx.assertPresent(name, 'name is required');
ctx.assertUuid(id, 'id is required');
const user = ctx.state.user;
const group = await Group.findByPk(id);
authorize(user, 'update', group);
group.name = name;
if (group.changed()) {
await group.save();
await Event.create({
name: 'groups.update',
teamId: user.teamId,
actorId: user.id,
modelId: group.id,
data: { name },
ip: ctx.request.ip,
});
}
ctx.body = {
data: presentGroup(group),
policies: presentPolicies(user, [group]),
};
});
router.post('groups.delete', auth(), async ctx => {
const { id } = ctx.body;
ctx.assertUuid(id, 'id is required');
const { user } = ctx.state;
const group = await Group.findByPk(id);
authorize(user, 'delete', group);
await group.destroy();
await Event.create({
name: 'groups.delete',
actorId: user.id,
modelId: group.id,
teamId: group.teamId,
data: { name: group.name },
ip: ctx.request.ip,
});
ctx.body = {
success: true,
};
});
router.post('groups.memberships', auth(), pagination(), async ctx => {
const { id, query, permission } = ctx.body;
ctx.assertUuid(id, 'id is required');
const user = ctx.state.user;
const group = await Group.findByPk(id);
authorize(user, 'read', group);
let where = {
groupId: id,
};
let userWhere;
if (query) {
userWhere = {
name: {
[Op.iLike]: `%${query}%`,
},
};
}
if (permission) {
where = {
...where,
permission,
};
}
const memberships = await GroupUser.findAll({
where,
order: [['createdAt', 'DESC']],
offset: ctx.state.pagination.offset,
limit: ctx.state.pagination.limit,
include: [
{
model: User,
as: 'user',
where: userWhere,
required: true,
},
],
});
ctx.body = {
pagination: ctx.state.pagination,
data: {
groupMemberships: memberships.map(presentGroupMembership),
users: memberships.map(membership => presentUser(membership.user)),
},
};
});
router.post('groups.add_user', auth(), async ctx => {
const { id, userId } = ctx.body;
ctx.assertUuid(id, 'id is required');
ctx.assertUuid(userId, 'userId is required');
const user = await User.findByPk(userId);
authorize(ctx.state.user, 'read', user);
let group = await Group.findByPk(id);
authorize(ctx.state.user, 'update', group);
let membership = await GroupUser.findOne({
where: {
groupId: id,
userId,
},
});
if (!membership) {
await group.addUser(user, {
through: { createdById: ctx.state.user.id },
});
// reload to get default scope
membership = await GroupUser.findOne({
where: {
groupId: id,
userId,
},
});
// reload to get default scope
group = await Group.findByPk(id);
await Event.create({
name: 'groups.add_user',
userId,
teamId: user.teamId,
modelId: group.id,
actorId: ctx.state.user.id,
data: { name: user.name },
ip: ctx.request.ip,
});
}
ctx.body = {
data: {
users: [presentUser(user)],
groupMemberships: [presentGroupMembership(membership)],
groups: [presentGroup(group)],
},
};
});
router.post('groups.remove_user', auth(), async ctx => {
const { id, userId } = ctx.body;
ctx.assertUuid(id, 'id is required');
ctx.assertUuid(userId, 'userId is required');
let group = await Group.findByPk(id);
authorize(ctx.state.user, 'update', group);
const user = await User.findByPk(userId);
authorize(ctx.state.user, 'read', user);
await group.removeUser(user);
await Event.create({
name: 'groups.remove_user',
userId,
modelId: group.id,
teamId: user.teamId,
actorId: ctx.state.user.id,
data: { name: user.name },
ip: ctx.request.ip,
});
// reload to get default scope
group = await Group.findByPk(id);
ctx.body = {
data: {
groups: [presentGroup(group)],
},
};
});
export default router;
Reference in New Issue View Git Blame Copy Permalink