2017-07-31 18:17:30 +01:00
|
|
|
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// This software (Documize Community Edition) is licensed under
|
|
|
|
|
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
|
|
|
|
|
//
|
|
|
|
|
// You can operate outside the AGPL restrictions by purchasing
|
|
|
|
|
// Documize Enterprise Edition and obtaining a commercial license
|
|
|
|
|
// by contacting <sales@documize.com>.
|
|
|
|
|
//
|
|
|
|
|
// https://documize.com
|
|
|
|
|
|
|
|
|
|
package document
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"database/sql"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"net/http"
|
2018-01-10 16:07:17 +00:00
|
|
|
"sort"
|
2018-03-30 20:00:24 +01:00
|
|
|
"strings"
|
2017-07-31 18:17:30 +01:00
|
|
|
|
|
|
|
|
"github.com/documize/community/core/env"
|
|
|
|
|
"github.com/documize/community/core/request"
|
|
|
|
|
"github.com/documize/community/core/response"
|
|
|
|
|
"github.com/documize/community/core/streamutil"
|
|
|
|
|
"github.com/documize/community/core/stringutil"
|
2018-04-13 11:01:36 +01:00
|
|
|
"github.com/documize/community/core/uniqueid"
|
2017-07-31 18:17:30 +01:00
|
|
|
"github.com/documize/community/domain"
|
2018-04-13 11:01:36 +01:00
|
|
|
"github.com/documize/community/domain/organization"
|
2017-09-18 17:53:42 +01:00
|
|
|
"github.com/documize/community/domain/permission"
|
2017-08-01 10:39:07 +01:00
|
|
|
indexer "github.com/documize/community/domain/search"
|
2017-07-31 18:17:30 +01:00
|
|
|
"github.com/documize/community/model/activity"
|
|
|
|
|
"github.com/documize/community/model/audit"
|
|
|
|
|
"github.com/documize/community/model/doc"
|
|
|
|
|
"github.com/documize/community/model/link"
|
2017-10-08 20:53:25 -04:00
|
|
|
pm "github.com/documize/community/model/permission"
|
2017-07-31 18:17:30 +01:00
|
|
|
"github.com/documize/community/model/search"
|
2017-10-08 20:53:25 -04:00
|
|
|
"github.com/documize/community/model/space"
|
2018-01-26 15:34:20 +00:00
|
|
|
"github.com/documize/community/model/user"
|
2018-01-23 12:34:43 +00:00
|
|
|
"github.com/documize/community/model/workflow"
|
2017-07-31 18:17:30 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Handler contains the runtime information such as logging and database.
|
|
|
|
|
type Handler struct {
|
|
|
|
|
Runtime *env.Runtime
|
|
|
|
|
Store *domain.Store
|
2017-08-01 10:39:07 +01:00
|
|
|
Indexer indexer.Indexer
|
2017-07-31 18:17:30 +01:00
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Get is an endpoint that returns the document-level information for a
|
|
|
|
|
// given documentID.
|
2017-07-31 18:17:30 +01:00
|
|
|
func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
|
2018-03-19 12:24:58 +00:00
|
|
|
method := "document.Get"
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
id := request.Param(r, "documentID")
|
|
|
|
|
if len(id) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
document, err := h.Store.Document.Get(ctx, id)
|
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
|
response.WriteNotFoundError(w, method, id)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 16:03:29 +01:00
|
|
|
if !permission.CanViewSpaceDocument(ctx, *h.Store, document.SpaceID) {
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
// draft mode does not record document views
|
|
|
|
|
if document.Lifecycle == workflow.LifecycleLive {
|
2018-03-30 12:54:15 +01:00
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
err = h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: document.SpaceID,
|
2018-03-15 17:11:53 +00:00
|
|
|
DocumentID: document.RefID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypeRead})
|
2017-07-31 18:17:30 +01:00
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
}
|
2017-08-02 15:58:39 +01:00
|
|
|
|
2018-03-30 12:54:15 +01:00
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
}
|
2017-07-31 18:17:30 +01:00
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
|
|
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteJSON(w, document)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DocumentLinks is an endpoint returning the links for a document.
|
|
|
|
|
func (h *Handler) DocumentLinks(w http.ResponseWriter, r *http.Request) {
|
2018-03-19 12:24:58 +00:00
|
|
|
method := "document.DocumentLinks"
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
id := request.Param(r, "documentID")
|
|
|
|
|
if len(id) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
l, err := h.Store.Link.GetDocumentOutboundLinks(ctx, id)
|
|
|
|
|
if len(l) == 0 {
|
|
|
|
|
l = []link.Link{}
|
|
|
|
|
}
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
response.WriteJSON(w, l)
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 13:02:15 +01:00
|
|
|
// BySpace is an endpoint that returns the documents for given space.
|
2017-07-31 18:17:30 +01:00
|
|
|
func (h *Handler) BySpace(w http.ResponseWriter, r *http.Request) {
|
2017-09-26 16:30:16 +01:00
|
|
|
method := "document.BySpace"
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
2017-09-18 13:02:15 +01:00
|
|
|
spaceID := request.Query(r, "space")
|
|
|
|
|
if len(spaceID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "space")
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 17:53:42 +01:00
|
|
|
if !permission.CanViewSpace(ctx, *h.Store, spaceID) {
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-14 11:52:51 +01:00
|
|
|
// Get the space as we need to check settings.
|
|
|
|
|
space, err := h.Store.Space.Get(ctx, spaceID)
|
|
|
|
|
|
|
|
|
|
// Can user view drafts?
|
2018-03-15 17:11:53 +00:00
|
|
|
viewDrafts := permission.CanViewDrafts(ctx, *h.Store, spaceID)
|
|
|
|
|
|
2018-05-14 11:52:51 +01:00
|
|
|
// If space defaults to drfat documents, then this means
|
|
|
|
|
// user can view drafts as long as they have edit rights.
|
|
|
|
|
canEdit := permission.HasPermission(ctx, *h.Store, spaceID, pm.DocumentEdit)
|
|
|
|
|
if space.Lifecycle == workflow.LifecycleDraft && canEdit {
|
|
|
|
|
viewDrafts = true
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Get complete list of documents regardless of category permission
|
|
|
|
|
// and versioning.
|
2017-09-18 13:02:15 +01:00
|
|
|
documents, err := h.Store.Document.GetBySpace(ctx, spaceID)
|
2018-01-10 16:07:17 +00:00
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Sort by title.
|
2018-09-19 16:03:29 +01:00
|
|
|
sort.Sort(doc.ByName(documents))
|
2018-01-10 16:07:17 +00:00
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Remove documents that cannot be seen due to lack of
|
|
|
|
|
// category view/access permission.
|
2017-09-26 16:30:16 +01:00
|
|
|
cats, err := h.Store.Category.GetBySpace(ctx, spaceID)
|
|
|
|
|
members, err := h.Store.Category.GetSpaceCategoryMembership(ctx, spaceID)
|
2018-03-16 18:27:33 +00:00
|
|
|
filtered := FilterCategoryProtected(documents, cats, members, viewDrafts)
|
2017-08-03 10:00:24 +01:00
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Keep the latest version when faced with multiple versions.
|
|
|
|
|
filtered = FilterLastVersion(filtered)
|
|
|
|
|
|
2017-09-26 16:30:16 +01:00
|
|
|
response.WriteJSON(w, filtered)
|
2017-07-31 18:17:30 +01:00
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Update updates an existing document using the format described
|
|
|
|
|
// in NewDocumentModel() encoded as JSON in the request.
|
2017-07-31 18:17:30 +01:00
|
|
|
func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
2018-03-19 12:24:58 +00:00
|
|
|
method := "document.Update"
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 17:53:42 +01:00
|
|
|
if !permission.CanChangeDocument(ctx, *h.Store, documentID) {
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
defer streamutil.Close(r.Body)
|
|
|
|
|
body, err := ioutil.ReadAll(r.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d := doc.Document{}
|
|
|
|
|
err = json.Unmarshal(body, &d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d.RefID = documentID
|
|
|
|
|
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// If space changed for document, remove document categories.
|
2017-09-26 20:13:44 +01:00
|
|
|
oldDoc, err := h.Store.Document.Get(ctx, documentID)
|
|
|
|
|
if err != nil {
|
2018-02-04 15:43:57 +00:00
|
|
|
ctx.Transaction.Rollback()
|
2017-09-26 20:13:44 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 16:03:29 +01:00
|
|
|
if oldDoc.SpaceID != d.SpaceID {
|
2017-09-26 20:13:44 +01:00
|
|
|
h.Store.Category.RemoveDocumentCategories(ctx, d.RefID)
|
2018-09-19 16:03:29 +01:00
|
|
|
err = h.Store.Document.MoveActivity(ctx, documentID, oldDoc.SpaceID, d.SpaceID)
|
2018-04-05 20:00:42 +01:00
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-09-26 20:13:44 +01:00
|
|
|
}
|
|
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
err = h.Store.Document.Update(ctx, d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// If document part of versioned document group
|
|
|
|
|
// then document name must be applied to all documents
|
|
|
|
|
// in the group.
|
|
|
|
|
if len(d.GroupID) > 0 {
|
|
|
|
|
err = h.Store.Document.UpdateGroup(ctx, d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-20 14:38:35 +01:00
|
|
|
// Detect change in document status/lifecycle.
|
|
|
|
|
if d.Lifecycle != oldDoc.Lifecycle {
|
|
|
|
|
// Record document being marked as archived.
|
|
|
|
|
if d.Lifecycle == workflow.LifecycleArchived {
|
|
|
|
|
h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: d.SpaceID,
|
2018-04-20 14:38:35 +01:00
|
|
|
DocumentID: documentID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypeArchived})
|
|
|
|
|
}
|
2018-03-16 18:27:33 +00:00
|
|
|
|
2018-04-20 14:38:35 +01:00
|
|
|
// Record document being marked as draft.
|
|
|
|
|
if d.Lifecycle == workflow.LifecycleDraft {
|
|
|
|
|
h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: d.SpaceID,
|
2018-04-20 14:38:35 +01:00
|
|
|
DocumentID: documentID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypeDraft})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Record document being marked as live.
|
|
|
|
|
if d.Lifecycle == workflow.LifecycleLive {
|
|
|
|
|
h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: d.SpaceID,
|
2018-04-20 14:38:35 +01:00
|
|
|
DocumentID: documentID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypePublished})
|
|
|
|
|
}
|
2018-03-16 18:27:33 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeDocumentUpdate)
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Live document indexed for search.
|
2018-03-14 13:38:37 +00:00
|
|
|
if d.Lifecycle == workflow.LifecycleLive {
|
2018-03-15 17:11:53 +00:00
|
|
|
a, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
|
2018-03-14 13:38:37 +00:00
|
|
|
go h.Indexer.IndexDocument(ctx, d, a)
|
2018-03-19 15:04:02 +00:00
|
|
|
|
|
|
|
|
pages, _ := h.Store.Page.GetPages(ctx, d.RefID)
|
|
|
|
|
for i := range pages {
|
|
|
|
|
go h.Indexer.IndexContent(ctx, pages[i])
|
|
|
|
|
}
|
2018-03-14 13:38:37 +00:00
|
|
|
} else {
|
|
|
|
|
go h.Indexer.DeleteDocument(ctx, d.RefID)
|
|
|
|
|
}
|
2017-08-01 10:39:07 +01:00
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteEmpty(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete is an endpoint that deletes a document specified by documentID.
|
|
|
|
|
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
2018-03-19 12:24:58 +00:00
|
|
|
method := "document.Delete"
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
doc, err := h.Store.Document.Get(ctx, documentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-23 12:34:43 +00:00
|
|
|
// If locked document then no can do
|
|
|
|
|
if doc.Protection == workflow.ProtectionLock {
|
|
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
h.Runtime.Log.Info("attempted action on locked document")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If approval workflow then only approvers can delete page
|
|
|
|
|
if doc.Protection == workflow.ProtectionReview {
|
2018-09-19 16:03:29 +01:00
|
|
|
approvers, err := permission.GetUsersWithDocumentPermission(ctx, *h.Store, doc.SpaceID, doc.RefID, pm.DocumentApprove)
|
2018-01-23 12:34:43 +00:00
|
|
|
if err != nil {
|
|
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !user.Exists(approvers, ctx.UserID) {
|
|
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
h.Runtime.Log.Info("attempted action on document when not approver")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// permission check
|
|
|
|
|
if !permission.CanDeleteDocument(ctx, *h.Store, documentID) {
|
|
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = h.Store.Document.Delete(ctx, documentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = h.Store.Pin.DeletePinnedDocument(ctx, documentID)
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-07-31 18:17:30 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h.Store.Link.MarkOrphanDocumentLink(ctx, documentID)
|
|
|
|
|
h.Store.Link.DeleteSourceDocumentLinks(ctx, documentID)
|
|
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
// Draft actions are not logged
|
|
|
|
|
if doc.Lifecycle == workflow.LifecycleLive {
|
|
|
|
|
h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: doc.SpaceID,
|
2018-03-15 17:11:53 +00:00
|
|
|
DocumentID: documentID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypeDeleted})
|
|
|
|
|
}
|
2017-07-31 18:17:30 +01:00
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeDocumentDelete)
|
|
|
|
|
|
2017-08-15 19:41:44 +01:00
|
|
|
go h.Indexer.DeleteDocument(ctx, documentID)
|
2017-08-01 10:39:07 +01:00
|
|
|
|
2017-07-31 18:17:30 +01:00
|
|
|
response.WriteEmpty(w)
|
|
|
|
|
}
|
2017-08-01 10:39:07 +01:00
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// SearchDocuments endpoint takes a list of keywords and returns a list of
|
|
|
|
|
// document references matching those keywords.
|
2017-08-01 10:39:07 +01:00
|
|
|
func (h *Handler) SearchDocuments(w http.ResponseWriter, r *http.Request) {
|
2018-03-19 12:24:58 +00:00
|
|
|
method := "document.SearchDocuments"
|
2017-08-01 10:39:07 +01:00
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
2017-08-15 14:15:31 +01:00
|
|
|
defer streamutil.Close(r.Body)
|
|
|
|
|
body, err := ioutil.ReadAll(r.Body)
|
2017-08-01 10:39:07 +01:00
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
2017-08-15 14:15:31 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-22 17:01:26 +01:00
|
|
|
// Get search criteria.
|
2017-08-15 14:15:31 +01:00
|
|
|
options := search.QueryOptions{}
|
|
|
|
|
err = json.Unmarshal(body, &options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-08-01 10:39:07 +01:00
|
|
|
return
|
|
|
|
|
}
|
2018-03-30 20:00:24 +01:00
|
|
|
options.Keywords = strings.TrimSpace(options.Keywords)
|
|
|
|
|
|
2018-06-22 17:01:26 +01:00
|
|
|
// Get documents for search criteria.
|
2017-08-15 14:15:31 +01:00
|
|
|
results, err := h.Store.Search.Documents(ctx, options)
|
2017-08-01 10:39:07 +01:00
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-08-01 10:39:07 +01:00
|
|
|
}
|
|
|
|
|
|
2018-06-22 17:01:26 +01:00
|
|
|
// Generate slugs for search URL.
|
2017-08-01 10:39:07 +01:00
|
|
|
for key, result := range results {
|
2018-03-30 17:03:18 +01:00
|
|
|
results[key].DocumentSlug = stringutil.MakeSlug(result.Document)
|
|
|
|
|
results[key].SpaceSlug = stringutil.MakeSlug(result.Space)
|
2017-08-01 10:39:07 +01:00
|
|
|
}
|
|
|
|
|
|
2018-06-22 17:01:26 +01:00
|
|
|
// Remove documents that cannot be seen due to lack of
|
|
|
|
|
// category view/access permission.
|
|
|
|
|
cats, err := h.Store.Category.GetByOrg(ctx, ctx.UserID)
|
|
|
|
|
members, err := h.Store.Category.GetOrgCategoryMembership(ctx, ctx.UserID)
|
|
|
|
|
filtered := indexer.FilterCategoryProtected(results, cats, members)
|
|
|
|
|
|
|
|
|
|
// Record user search history.
|
2018-04-07 14:30:31 +01:00
|
|
|
if !options.SkipLog {
|
2018-06-22 17:01:26 +01:00
|
|
|
if len(filtered) > 0 {
|
|
|
|
|
go h.recordSearchActivity(ctx, filtered, options.Keywords)
|
2018-04-07 14:30:31 +01:00
|
|
|
} else {
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: "",
|
2018-04-07 14:30:31 +01:00
|
|
|
DocumentID: "",
|
|
|
|
|
Metadata: options.Keywords,
|
|
|
|
|
SourceType: activity.SourceTypeSearch,
|
|
|
|
|
ActivityType: activity.TypeSearched})
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
2018-03-30 20:00:24 +01:00
|
|
|
}
|
|
|
|
|
}
|
2017-08-01 10:39:07 +01:00
|
|
|
|
|
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeSearch)
|
|
|
|
|
|
2018-06-22 17:01:26 +01:00
|
|
|
response.WriteJSON(w, filtered)
|
2017-08-01 10:39:07 +01:00
|
|
|
}
|
2017-10-08 20:53:25 -04:00
|
|
|
|
2018-03-30 20:00:24 +01:00
|
|
|
// Record search request once per document.
|
2018-04-05 14:21:55 +01:00
|
|
|
// But only if document is partof shared space at the time of the search.
|
2018-03-30 20:00:24 +01:00
|
|
|
func (h *Handler) recordSearchActivity(ctx domain.RequestContext, q []search.QueryResult, keywords string) {
|
2018-03-30 17:03:18 +01:00
|
|
|
method := "recordSearchActivity"
|
|
|
|
|
var err error
|
2018-03-30 20:00:24 +01:00
|
|
|
prev := make(map[string]bool)
|
2018-03-30 17:03:18 +01:00
|
|
|
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for i := range q {
|
2018-04-05 14:21:55 +01:00
|
|
|
// Empty space ID usually signals private document
|
|
|
|
|
// hence search activity should not be visible to others.
|
|
|
|
|
if len(q[i].SpaceID) == 0 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
sp, err := h.Store.Space.Get(ctx, q[i].SpaceID)
|
|
|
|
|
if err != nil || len(sp.RefID) == 0 || sp.Type == space.ScopePrivate {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-30 20:00:24 +01:00
|
|
|
if _, isExisting := prev[q[i].DocumentID]; !isExisting {
|
|
|
|
|
err = h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: q[i].SpaceID,
|
2018-03-30 20:00:24 +01:00
|
|
|
DocumentID: q[i].DocumentID,
|
|
|
|
|
Metadata: keywords,
|
|
|
|
|
SourceType: activity.SourceTypeSearch,
|
|
|
|
|
ActivityType: activity.TypeSearched})
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
prev[q[i].DocumentID] = true
|
2018-03-30 17:03:18 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-08 20:53:25 -04:00
|
|
|
// FetchDocumentData returns all document data in single API call.
|
|
|
|
|
func (h *Handler) FetchDocumentData(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "document.FetchDocumentData"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
id := request.Param(r, "documentID")
|
|
|
|
|
if len(id) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// document
|
|
|
|
|
document, err := h.Store.Document.Get(ctx, id)
|
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
|
response.WriteNotFoundError(w, method, id)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 16:03:29 +01:00
|
|
|
if !permission.CanViewSpaceDocument(ctx, *h.Store, document.SpaceID) {
|
2017-10-08 20:53:25 -04:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
// Don't serve archived document
|
|
|
|
|
if document.Lifecycle == workflow.LifecycleArchived {
|
|
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-08 20:53:25 -04:00
|
|
|
// permissions
|
2018-09-19 16:03:29 +01:00
|
|
|
perms, err := h.Store.Permission.GetUserSpacePermissions(ctx, document.SpaceID)
|
2017-10-08 20:53:25 -04:00
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2018-09-19 16:03:29 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-10-08 20:53:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(perms) == 0 {
|
|
|
|
|
perms = []pm.Permission{}
|
|
|
|
|
}
|
|
|
|
|
record := pm.DecodeUserPermissions(perms)
|
|
|
|
|
|
2017-12-26 13:25:10 +00:00
|
|
|
roles, err := h.Store.Permission.GetUserDocumentPermissions(ctx, document.RefID)
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2018-09-19 16:03:29 +01:00
|
|
|
h.Runtime.Log.Error(method, err)
|
2017-12-26 13:25:10 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(roles) == 0 {
|
|
|
|
|
roles = []pm.Permission{}
|
|
|
|
|
}
|
|
|
|
|
rolesRecord := pm.DecodeUserDocumentPermissions(roles)
|
|
|
|
|
|
2017-10-08 20:53:25 -04:00
|
|
|
// links
|
|
|
|
|
l, err := h.Store.Link.GetDocumentOutboundLinks(ctx, id)
|
|
|
|
|
if len(l) == 0 {
|
|
|
|
|
l = []link.Link{}
|
|
|
|
|
}
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// spaces
|
|
|
|
|
sp, err := h.Store.Space.GetViewable(ctx)
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(sp) == 0 {
|
|
|
|
|
sp = []space.Space{}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-19 12:24:58 +00:00
|
|
|
// Get version information for this document.
|
2018-03-20 10:41:11 +00:00
|
|
|
v := []doc.Version{}
|
|
|
|
|
|
|
|
|
|
if len(document.GroupID) > 0 {
|
|
|
|
|
v, err = h.Store.Document.GetVersions(ctx, document.GroupID)
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-03-19 12:24:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prepare response.
|
2018-01-23 12:34:43 +00:00
|
|
|
data := BulkDocumentData{}
|
2017-10-08 20:53:25 -04:00
|
|
|
data.Document = document
|
|
|
|
|
data.Permissions = record
|
2017-12-26 13:25:10 +00:00
|
|
|
data.Roles = rolesRecord
|
2017-10-08 20:53:25 -04:00
|
|
|
data.Links = l
|
|
|
|
|
data.Spaces = sp
|
2018-03-19 12:24:58 +00:00
|
|
|
data.Versions = v
|
2017-10-08 20:53:25 -04:00
|
|
|
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
if document.Lifecycle == workflow.LifecycleLive {
|
|
|
|
|
err = h.Store.Activity.RecordUserActivity(ctx, activity.UserActivity{
|
2018-09-19 16:03:29 +01:00
|
|
|
SpaceID: document.SpaceID,
|
2018-03-15 17:11:53 +00:00
|
|
|
DocumentID: document.RefID,
|
|
|
|
|
SourceType: activity.SourceTypeDocument,
|
|
|
|
|
ActivityType: activity.TypeRead})
|
2017-10-08 20:53:25 -04:00
|
|
|
|
2018-03-15 17:11:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
}
|
2017-10-08 20:53:25 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
|
|
|
|
|
|
2017-10-08 20:53:25 -04:00
|
|
|
response.WriteJSON(w, data)
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-23 12:34:43 +00:00
|
|
|
// BulkDocumentData represents all data associated for a single document.
|
2017-10-08 20:53:25 -04:00
|
|
|
// Used by FetchDocumentData() bulk data load call.
|
2018-01-23 12:34:43 +00:00
|
|
|
type BulkDocumentData struct {
|
2017-12-26 13:25:10 +00:00
|
|
|
Document doc.Document `json:"document"`
|
|
|
|
|
Permissions pm.Record `json:"permissions"`
|
|
|
|
|
Roles pm.DocumentRecord `json:"roles"`
|
|
|
|
|
Spaces []space.Space `json:"folders"`
|
2018-01-25 13:20:22 +00:00
|
|
|
Links []link.Link `json:"links"`
|
2018-03-19 12:24:58 +00:00
|
|
|
Versions []doc.Version `json:"versions"`
|
2017-10-08 20:53:25 -04:00
|
|
|
}
|
2018-04-13 11:01:36 +01:00
|
|
|
|
|
|
|
|
// Vote records document content vote, Yes, No.
|
|
|
|
|
// Anonymous users should be assigned a temporary ID
|
|
|
|
|
func (h *Handler) Vote(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "document.Vote"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
// Deduce ORG because public API call.
|
|
|
|
|
ctx.Subdomain = organization.GetSubdomainFromHost(r)
|
|
|
|
|
org, err := h.Store.Organization.GetOrganizationByDomain(ctx.Subdomain)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ctx.OrgID = org.RefID
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
defer streamutil.Close(r.Body)
|
|
|
|
|
body, err := ioutil.ReadAll(r.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var payload struct {
|
|
|
|
|
UserID string `json:"userId"`
|
|
|
|
|
Vote int `json:"vote"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = json.Unmarshal(body, &payload)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
doc, err := h.Store.Document.Get(ctx, documentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.Store.Document.Vote(ctx, uniqueid.Generate(), doc.OrgID, documentID, payload.UserID, payload.Vote)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
|
|
|
|
response.WriteEmpty(w)
|
|
|
|
|
}
|
2018-07-28 11:43:45 -04:00
|
|
|
|
|
|
|
|
// Export returns content as self-enclosed HTML file.
|
|
|
|
|
func (h *Handler) Export(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "document.Export"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
2018-07-28 15:30:33 -04:00
|
|
|
// Deduce ORG if anon user.
|
|
|
|
|
if len(ctx.OrgID) == 0 {
|
|
|
|
|
ctx.Subdomain = organization.GetSubdomainFromHost(r)
|
|
|
|
|
org, err := h.Store.Organization.GetOrganizationByDomain(ctx.Subdomain)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
ctx.OrgID = org.RefID
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-28 11:43:45 -04:00
|
|
|
defer streamutil.Close(r.Body)
|
|
|
|
|
body, err := ioutil.ReadAll(r.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
spec := exportSpec{}
|
|
|
|
|
err = json.Unmarshal(body, &spec)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteBadRequestError(w, method, err.Error())
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export, err := BuildExport(ctx, *h.Store, spec)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
h.Runtime.Log.Error(method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
2018-07-28 15:30:33 -04:00
|
|
|
w.Write([]byte(export))
|
2018-07-28 11:43:45 -04:00
|
|
|
}
|
