space categorty management

domain/category/endpoint.go

@@ -0,0 +1,285 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+// Package category handles API calls and persistence for categories.
+// Categories sub-divide spaces.
+package category
+
+import (
+	"database/sql"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/core/request"
+	"github.com/documize/community/core/response"
+	"github.com/documize/community/core/uniqueid"
+	"github.com/documize/community/domain"
+	"github.com/documize/community/domain/permission"
+	"github.com/documize/community/model/audit"
+	"github.com/documize/community/model/category"
+	pm "github.com/documize/community/model/permission"
+)
+
+// Handler contains the runtime information such as logging and database.
+type Handler struct {
+	Runtime *env.Runtime
+	Store   *domain.Store
+}
+
+// Add saves space category.
+func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
+	method := "category.add"
+	ctx := domain.GetRequestContext(r)
+
+	if !ctx.Authenticated {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "body")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	var cat category.Category
+	err = json.Unmarshal(body, &cat)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "category")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	cat.RefID = uniqueid.Generate()
+	cat.OrgID = ctx.OrgID
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	err = h.Store.Category.Add(ctx, cat)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryAdd)
+
+	ctx.Transaction.Commit()
+
+	cat, err = h.Store.Category.Get(ctx, cat.RefID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	response.WriteJSON(w, cat)
+}
+
+// Get returns categories visible to user within a space.
+func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
+	method := "category.get"
+	ctx := domain.GetRequestContext(r)
+
+	spaceID := request.Param(r, "spaceID")
+	if len(spaceID) == 0 {
+		response.WriteMissingDataError(w, method, "spaceID")
+		return
+	}
+
+	ok := permission.HasPermission(ctx, *h.Store, spaceID,
+		pm.SpaceManage, pm.SpaceOwner, pm.SpaceView)
+	if !ok {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	cat, err := h.Store.Category.GetBySpace(ctx, spaceID)
+	if err != nil && err != sql.ErrNoRows {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	if len(cat) == 0 {
+		cat = []category.Category{}
+	}
+
+	response.WriteJSON(w, cat)
+}
+
+// GetAll returns categories within a space, disregarding permissions.
+// Used in admin screens, lists, functions.
+func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
+	method := "category.getAll"
+	ctx := domain.GetRequestContext(r)
+
+	spaceID := request.Param(r, "spaceID")
+	if len(spaceID) == 0 {
+		response.WriteMissingDataError(w, method, "spaceID")
+		return
+	}
+
+	cat, err := h.Store.Category.GetAllBySpace(ctx, spaceID)
+	if err != nil && err != sql.ErrNoRows {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	if len(cat) == 0 {
+		cat = []category.Category{}
+	}
+
+	response.WriteJSON(w, cat)
+}
+
+// Update saves existing space category.
+func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
+	method := "category.update"
+	ctx := domain.GetRequestContext(r)
+
+	categoryID := request.Param(r, "categoryID")
+	if len(categoryID) == 0 {
+		response.WriteMissingDataError(w, method, "categoryID")
+		return
+	}
+
+	defer r.Body.Close()
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "body")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	var cat category.Category
+	err = json.Unmarshal(body, &cat)
+	if err != nil {
+		response.WriteBadRequestError(w, method, "category")
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	cat.OrgID = ctx.OrgID
+	cat.RefID = categoryID
+
+	ok := permission.HasPermission(ctx, *h.Store, cat.LabelID, pm.SpaceManage, pm.SpaceOwner)
+	if !ok || !ctx.Authenticated {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	err = h.Store.Category.Update(ctx, cat)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryUpdate)
+
+	ctx.Transaction.Commit()
+
+	cat, err = h.Store.Category.Get(ctx, cat.RefID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	response.WriteJSON(w, cat)
+}
+
+// Delete removes category and associated member records.
+func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
+	method := "category.delete"
+	ctx := domain.GetRequestContext(r)
+
+	catID := request.Param(r, "categoryID")
+	if len(catID) == 0 {
+		response.WriteMissingDataError(w, method, "categoryID")
+		return
+	}
+
+	cat, err := h.Store.Category.Get(ctx, catID)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	ok := permission.HasPermission(ctx, *h.Store, cat.LabelID, pm.SpaceManage, pm.SpaceOwner)
+	if !ok || !ctx.Authenticated {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	// remove category members
+	_, err = h.Store.Category.RemoveCategoryMembership(ctx, cat.RefID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	// remove category permissions
+	_, err = h.Store.Permission.DeleteCategoryPermissions(ctx, cat.RefID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	// remove category
+	_, err = h.Store.Category.Delete(ctx, cat.RefID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryDelete)
+
+	ctx.Transaction.Commit()
+
+	response.WriteEmpty(w)
+}
+
+/*
+	6. add category view permission !!!
+	7. link/unlink document to category
+	8. filter space documents by category -- URL param? nested route?
+*/

domain/category/mysql/store.go

@@ -0,0 +1,201 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+// Package mysql handles data persistence for both category definition
+// and and document/category association.
+package mysql
+
+import (
+	"database/sql"
+	"fmt"
+	"time"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/core/streamutil"
+	"github.com/documize/community/domain"
+	"github.com/documize/community/domain/store/mysql"
+	"github.com/documize/community/model/category"
+	"github.com/pkg/errors"
+)
+
+// Scope provides data access to MySQL.
+type Scope struct {
+	Runtime *env.Runtime
+}
+
+// Add inserts the given record into the category table.
+func (s Scope) Add(ctx domain.RequestContext, c category.Category) (err error) {
+	c.Created = time.Now().UTC()
+	c.Revised = time.Now().UTC()
+
+	stmt, err := ctx.Transaction.Preparex("INSERT INTO category (refid, orgid, labelid, category, created, revised) VALUES (?, ?, ?, ?, ?, ?)")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, "unable to prepare insert category")
+		return
+	}
+
+	_, err = stmt.Exec(c.RefID, c.OrgID, c.LabelID, c.Category, c.Created, c.Revised)
+	if err != nil {
+		err = errors.Wrap(err, "unable to execute insert category")
+		return
+	}
+
+	return
+}
+
+// GetBySpace returns space categories for a user.
+// Context is used to for user ID.
+func (s Scope) GetBySpace(ctx domain.RequestContext, spaceID string) (c []category.Category, err error) {
+	err = s.Runtime.Db.Select(&c, `
+		SELECT id, refid, orgid, labelid, category, created, revised FROM category
+		WHERE orgid=? AND labelid=?
+			  AND refid IN (SELECT refid FROM permission WHERE orgid=? AND location='category' AND refid IN (
+				SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='category' UNION ALL
+				SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' AND p.location='category' 
+					AND p.action='view' AND r.userid=?
+		))
+	  ORDER BY category`, ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, ctx.UserID, ctx.OrgID, ctx.UserID)
+
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to execute select categories for space %s", spaceID))
+		return
+	}
+
+	return
+}
+
+// GetAllBySpace returns all space categories.
+func (s Scope) GetAllBySpace(ctx domain.RequestContext, spaceID string) (c []category.Category, err error) {
+	err = s.Runtime.Db.Select(&c, `
+		SELECT id, refid, orgid, labelid, category, created, revised FROM category
+		WHERE orgid=? AND labelid=?
+			  AND labelid IN (SELECT refid FROM permission WHERE orgid=? AND location='space' AND refid IN (
+				SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='space' UNION ALL
+				SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' AND p.location='space' 
+					AND p.action='view' AND r.userid=?
+		))
+	  ORDER BY category`, ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, ctx.UserID, ctx.OrgID, ctx.UserID)
+
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to execute select all categories for space %s", spaceID))
+		return
+	}
+
+	return
+}
+
+// Update saves category name change.
+func (s Scope) Update(ctx domain.RequestContext, c category.Category) (err error) {
+	c.Revised = time.Now().UTC()
+
+	stmt, err := ctx.Transaction.PrepareNamed("UPDATE category SET category=:category, revised=:revised WHERE orgid=:orgid AND refid=:refid")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to prepare update for category %s", c.RefID))
+		return
+	}
+
+	_, err = stmt.Exec(&c)
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to execute update for category %s", c.RefID))
+		return
+	}
+
+	return
+}
+
+// Get returns specified category
+func (s Scope) Get(ctx domain.RequestContext, id string) (c category.Category, err error) {
+	stmt, err := s.Runtime.Db.Preparex("SELECT id, refid, orgid, labelid, category, created, revised FROM category WHERE orgid=? AND refid=?")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to prepare select for category %s", id))
+		return
+	}
+
+	err = stmt.Get(&c, ctx.OrgID, id)
+
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to get category %s", id))
+		return
+	}
+
+	return
+}
+
+// Delete removes category from the store.
+func (s Scope) Delete(ctx domain.RequestContext, id string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+	return b.DeleteConstrained(ctx.Transaction, "category", ctx.OrgID, id)
+}
+
+// AssociateDocument inserts category membership record into the category member table.
+func (s Scope) AssociateDocument(ctx domain.RequestContext, m category.Member) (err error) {
+	m.Created = time.Now().UTC()
+	m.Revised = time.Now().UTC()
+
+	stmt, err := ctx.Transaction.Preparex("INSERT INTO categorymember (refid, orgid, categoryid, labelid, documentid, created, revised) VALUES (?, ?, ?, ?, ?, ?, ?)")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, "unable to prepare insert categorymember")
+		return
+	}
+
+	_, err = stmt.Exec(m.RefID, m.OrgID, m.CategoryID, m.LabelID, m.DocumentID, m.Created, m.Revised)
+	if err != nil {
+		err = errors.Wrap(err, "unable to execute insert categorymember")
+		return
+	}
+
+	return
+}
+
+// DisassociateDocument removes document associatation from category.
+func (s Scope) DisassociateDocument(ctx domain.RequestContext, categoryID, documentID string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+
+	sql := fmt.Sprintf("DELETE FROM categorymember WHERE orgid='%s' AND categoryid='%s' AND documentid='%s'",
+		ctx.OrgID, categoryID, documentID)
+
+	return b.DeleteWhere(ctx.Transaction, sql)
+}
+
+// RemoveCategoryMembership removes all category associations from the store.
+func (s Scope) RemoveCategoryMembership(ctx domain.RequestContext, categoryID string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+
+	sql := fmt.Sprintf("DELETE FROM categorymember WHERE orgid='%s' AND categoryid='%s'",
+		ctx.OrgID, categoryID)
+
+	return b.DeleteWhere(ctx.Transaction, sql)
+}
+
+// DeleteBySpace removes all category and category associations for given space.
+func (s Scope) DeleteBySpace(ctx domain.RequestContext, spaceID string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+
+	s1 := fmt.Sprintf("DELETE FROM categorymember WHERE orgid='%s' AND labelid='%s'", ctx.OrgID, spaceID)
+	b.DeleteWhere(ctx.Transaction, s1)
+
+	s2 := fmt.Sprintf("DELETE FROM category WHERE orgid='%s' AND labelid='%s'", ctx.OrgID, spaceID)
+	return b.DeleteWhere(ctx.Transaction, s2)
+}