mirror of
https://github.com/documize/community.git
synced 2025-08-02 20:15:26 +02:00
Set category permissions for both users and groups
This commit is contained in:
sauls8t
parent
d1fdb385e9
commit
22679920d0
17 changed files with 335 additions and 124 deletions
|
|
@ -266,7 +266,7 @@ func (h *Handler) GetSpacePermissions(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
perms, err := h.Store.Permission.GetSpacePermissions(ctx, spaceID)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
if err != nil {
|
||||
response.WriteServerError(w, method, err)
|
||||
h.Runtime.Log.Error(method, err)
|
||||
return
|
||||
|
|
@ -302,7 +302,7 @@ func (h *Handler) GetSpacePermissions(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
if records[i].Who == permission.UserPermission {
|
||||
if records[i].WhoID == user.EveryoneUserID {
|
||||
records[i].Name = "Everyone"
|
||||
records[i].Name = user.EveryoneUserName
|
||||
} else {
|
||||
u, err := h.Store.User.Get(ctx, records[i].WhoID)
|
||||
if err != nil {
|
||||
|
|
@ -371,13 +371,58 @@ func (h *Handler) GetCategoryPermissions(w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
u, err := h.Store.Permission.GetCategoryPermissions(ctx, categoryID)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
perms, err := h.Store.Permission.GetCategoryPermissions(ctx, categoryID)
|
||||
if err != nil {
|
||||
response.WriteServerError(w, method, err)
|
||||
h.Runtime.Log.Error(method, err)
|
||||
return
|
||||
}
|
||||
|
||||
response.WriteJSON(w, u)
|
||||
userPerms := make(map[string][]permission.Permission)
|
||||
for _, p := range perms {
|
||||
userPerms[p.WhoID] = append(userPerms[p.WhoID], p)
|
||||
}
|
||||
|
||||
records := []permission.CategoryRecord{}
|
||||
for _, up := range userPerms {
|
||||
records = append(records, permission.DecodeUserCategoryPermissions(up))
|
||||
}
|
||||
|
||||
// populate user/group name for thing that has permission record
|
||||
groups, err := h.Store.Group.GetAll(ctx)
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
response.WriteServerError(w, method, err)
|
||||
h.Runtime.Log.Error(method, err)
|
||||
return
|
||||
}
|
||||
|
||||
for i := range records {
|
||||
if records[i].Who == permission.GroupPermission {
|
||||
for j := range groups {
|
||||
if records[i].WhoID == groups[j].RefID {
|
||||
records[i].Name = groups[j].Name
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if records[i].Who == permission.UserPermission {
|
||||
if records[i].WhoID == user.EveryoneUserID {
|
||||
records[i].Name = user.EveryoneUserName
|
||||
} else {
|
||||
u, err := h.Store.User.Get(ctx, records[i].WhoID)
|
||||
if err != nil {
|
||||
h.Runtime.Log.Info(fmt.Sprintf("user not found %s", records[i].WhoID))
|
||||
h.Runtime.Log.Error(method, err)
|
||||
continue
|
||||
}
|
||||
|
||||
records[i].Name = u.Fullname()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
response.WriteJSON(w, records)
|
||||
}
|
||||
|
||||
// SetCategoryPermissions persists specified category permissions
|
||||
|
|
@ -405,7 +450,7 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request)
|
|||
return
|
||||
}
|
||||
|
||||
var model = []permission.CategoryViewRequestModel{}
|
||||
var model = []permission.CategoryRecord{}
|
||||
err = json.Unmarshal(body, &model)
|
||||
if err != nil {
|
||||
response.WriteServerError(w, method, err)
|
||||
|
|
@ -415,6 +460,7 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request)
|
|||
|
||||
if !HasPermission(ctx, *h.Store, spaceID, permission.SpaceManage, permission.SpaceOwner) {
|
||||
response.WriteForbiddenError(w)
|
||||
h.Runtime.Log.Info("no permission to set category permissions")
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -437,8 +483,8 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request)
|
|||
for _, m := range model {
|
||||
perm := permission.Permission{}
|
||||
perm.OrgID = ctx.OrgID
|
||||
perm.Who = permission.UserPermission
|
||||
perm.WhoID = m.UserID
|
||||
perm.Who = m.Who
|
||||
perm.WhoID = m.WhoID
|
||||
perm.Scope = permission.ScopeRow
|
||||
perm.Location = permission.LocationCategory
|
||||
perm.RefID = m.CategoryID
|
||||
|
|
|
|||
|
|
@ -112,15 +112,16 @@ func (s Scope) GetSpacePermissions(ctx domain.RequestContext, spaceID string) (r
|
|||
func (s Scope) GetCategoryPermissions(ctx domain.RequestContext, catID string) (r []permission.Permission, err error) {
|
||||
err = s.Runtime.Db.Select(&r, `
|
||||
SELECT id, orgid, who, whoid, action, scope, location, refid
|
||||
FROM permission WHERE orgid=? AND location='category' AND refid=? AND who='user'
|
||||
FROM permission
|
||||
WHERE orgid=? AND location='category' AND who='user' AND (refid=? OR refid='0')
|
||||
UNION ALL
|
||||
SELECT p.id, p.orgid, p.who, p.whoid, p.action, p.scope, p.location, p.refid
|
||||
FROM permission p
|
||||
LEFT JOIN rolemember r ON p.whoid=r.roleid
|
||||
WHERE p.orgid=? AND p.location='space' AND p.refid=? AND p.who='role'`,
|
||||
WHERE p.orgid=? AND p.location='category' AND p.who='role' AND (p.refid=? OR p.refid='0')`,
|
||||
ctx.OrgID, catID, ctx.OrgID, catID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
if err == sql.ErrNoRows || len(r) == 0 {
|
||||
err = nil
|
||||
r = []permission.Permission{}
|
||||
}
|
||||
|
|
@ -137,7 +138,8 @@ func (s Scope) GetCategoryUsers(ctx domain.RequestContext, catID string) (u []us
|
|||
SELECT u.id, IFNULL(u.refid, '') AS refid, IFNULL(u.firstname, '') AS firstname, IFNULL(u.lastname, '') as lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised
|
||||
FROM user u LEFT JOIN account a ON u.refid = a.userid
|
||||
WHERE a.orgid=? AND a.active=1 AND u.refid IN (
|
||||
SELECT whoid from permission WHERE orgid=? AND who='user' AND location='category' AND refid=?
|
||||
SELECT whoid from permission
|
||||
WHERE orgid=? AND who='user' AND location='category' AND refid=?
|
||||
UNION ALL
|
||||
SELECT r.userid from rolemember r
|
||||
LEFT JOIN permission p ON p.whoid=r.roleid
|
||||
|
|
@ -147,7 +149,7 @@ func (s Scope) GetCategoryUsers(ctx domain.RequestContext, catID string) (u []us
|
|||
ORDER BY firstname, lastname`,
|
||||
ctx.OrgID, ctx.OrgID, catID, ctx.OrgID, catID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
if err == sql.ErrNoRows || len(u) == 0 {
|
||||
err = nil
|
||||
u = []user.User{}
|
||||
}
|
||||
|
|
@ -170,7 +172,7 @@ func (s Scope) GetUserCategoryPermissions(ctx domain.RequestContext, userID stri
|
|||
WHERE p.orgid=? AND p.location='category' AND p.who='role' AND (r.userid=? OR r.userid='0')`,
|
||||
ctx.OrgID, userID, ctx.OrgID, userID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
if err == sql.ErrNoRows || len(r) == 0 {
|
||||
err = nil
|
||||
r = []permission.Permission{}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func CanViewSpaceDocument(ctx domain.RequestContext, s domain.Store, labelID str
|
|||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == labelID && role.Location == "space" && role.Scope == "object" &&
|
||||
if role.RefID == labelID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow &&
|
||||
pm.ContainsPermission(role.Action, pm.SpaceView, pm.SpaceManage, pm.SpaceOwner) {
|
||||
return true
|
||||
}
|
||||
|
|
@ -58,7 +58,7 @@ func CanViewDocument(ctx domain.RequestContext, s domain.Store, documentID strin
|
|||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == document.LabelID && role.Location == "space" && role.Scope == "object" &&
|
||||
if role.RefID == document.LabelID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow &&
|
||||
pm.ContainsPermission(role.Action, pm.SpaceView, pm.SpaceManage, pm.SpaceOwner) {
|
||||
return true
|
||||
}
|
||||
|
|
@ -88,7 +88,7 @@ func CanChangeDocument(ctx domain.RequestContext, s domain.Store, documentID str
|
|||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == document.LabelID && role.Location == "space" && role.Scope == "object" && role.Action == pm.DocumentEdit {
|
||||
if role.RefID == document.LabelID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow && role.Action == pm.DocumentEdit {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -136,7 +136,7 @@ func CanUploadDocument(ctx domain.RequestContext, s domain.Store, spaceID string
|
|||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == spaceID && role.Location == "space" && role.Scope == "object" &&
|
||||
if role.RefID == spaceID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow &&
|
||||
pm.ContainsPermission(role.Action, pm.DocumentAdd) {
|
||||
return true
|
||||
}
|
||||
|
|
@ -155,7 +155,7 @@ func CanViewSpace(ctx domain.RequestContext, s domain.Store, spaceID string) boo
|
|||
return false
|
||||
}
|
||||
for _, role := range roles {
|
||||
if role.RefID == spaceID && role.Location == "space" && role.Scope == "object" &&
|
||||
if role.RefID == spaceID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow &&
|
||||
pm.ContainsPermission(role.Action, pm.SpaceView, pm.SpaceManage, pm.SpaceOwner) {
|
||||
return true
|
||||
}
|
||||
|
|
@ -176,7 +176,7 @@ func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, ac
|
|||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == spaceID && role.Location == "space" && role.Scope == "object" {
|
||||
if role.RefID == spaceID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow {
|
||||
for _, a := range actions {
|
||||
if role.Action == a {
|
||||
return true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue