mirror of
https://github.com/documize/community.git
synced 2025-08-02 20:15:26 +02:00
refined category permission checks
This commit is contained in:
Harvey Kandola
parent
4d989e2497
commit
3a9675eb14
11 changed files with 149 additions and 22 deletions
|
|
@ -278,6 +278,37 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
|||
response.WriteEmpty(w)
|
||||
}
|
||||
|
||||
// GetSummary returns number of documents and users for space categories.
|
||||
func (h *Handler) GetSummary(w http.ResponseWriter, r *http.Request) {
|
||||
method := "category.GetSummary"
|
||||
ctx := domain.GetRequestContext(r)
|
||||
|
||||
spaceID := request.Param(r, "spaceID")
|
||||
if len(spaceID) == 0 {
|
||||
response.WriteMissingDataError(w, method, "spaceID")
|
||||
return
|
||||
}
|
||||
|
||||
ok := permission.HasPermission(ctx, *h.Store, spaceID, pm.SpaceManage, pm.SpaceOwner)
|
||||
if !ok || !ctx.Authenticated {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
||||
s, err := h.Store.Category.GetSpaceCategorySummary(ctx, spaceID)
|
||||
if err != nil {
|
||||
h.Runtime.Log.Error("get space category summary failed", err)
|
||||
response.WriteServerError(w, method, err)
|
||||
return
|
||||
}
|
||||
|
||||
if len(s) == 0 {
|
||||
s = []category.SummaryModel{}
|
||||
}
|
||||
|
||||
response.WriteJSON(w, s)
|
||||
}
|
||||
|
||||
/*
|
||||
- category view permission handling
|
||||
- filter users using new permission
|
||||
|
|
|
|||
|
|
@ -199,3 +199,29 @@ func (s Scope) DeleteBySpace(ctx domain.RequestContext, spaceID string) (rows in
|
|||
s2 := fmt.Sprintf("DELETE FROM category WHERE orgid='%s' AND labelid='%s'", ctx.OrgID, spaceID)
|
||||
return b.DeleteWhere(ctx.Transaction, s2)
|
||||
}
|
||||
|
||||
// GetSpaceCategorySummary returns number of documents and users for space categories.
|
||||
func (s Scope) GetSpaceCategorySummary(ctx domain.RequestContext, spaceID string) (c []category.SummaryModel, err error) {
|
||||
err = s.Runtime.Db.Select(&c, `
|
||||
SELECT 'documents' as type, categoryid, COUNT(*) as count FROM categorymember WHERE orgid=? AND labelid=? GROUP BY categoryid, type
|
||||
UNION ALL
|
||||
SELECT 'users' as type, refid AS categoryid, count(*) AS count FROM permission WHERE orgid=? AND who='user' AND location='category'
|
||||
AND refid IN (SELECT refid FROM category WHERE orgid=? AND labelid=?)
|
||||
GROUP BY refid, type
|
||||
UNION ALL
|
||||
SELECT 'users' as type, p.refid AS categoryid, count(*) AS count FROM rolemember r LEFT JOIN permission p ON p.whoid=r.roleid
|
||||
WHERE p.orgid=? AND p.who='role' AND p.location='category'
|
||||
AND p.refid IN (SELECT refid FROM category WHERE orgid=? AND labelid=?)
|
||||
GROUP BY p.refid, type`,
|
||||
ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, spaceID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
err = errors.Wrap(err, fmt.Sprintf("unable to execute select category summary for space %s", spaceID))
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue