restrict user lists based on account.users permission

domain/category/endpoint.go

@@ -310,8 +310,6 @@ func (h *Handler) GetSummary(w http.ResponseWriter, r *http.Request) {
 }
 
 /*
-	- filter users using account.users = true/false
 	- link/unlink document to category
-	- check print/pdf
 	- filter space documents by category -- URL param? nested route?
 */

domain/user/endpoint.go

@@ -35,7 +35,6 @@ import (
 	"github.com/documize/community/domain/organization"
 	"github.com/documize/community/model/account"
 	"github.com/documize/community/model/audit"
-	"github.com/documize/community/model/space"
 	"github.com/documize/community/model/user"
 )
 
@@ -244,7 +243,6 @@ func (h *Handler) GetOrganizationUsers(w http.ResponseWriter, r *http.Request) {
 			h.Runtime.Log.Error(method, err)
 			return
 		}
-
 	} else {
 		u, err = h.Store.User.GetUsersForOrganization(ctx)
 		if err != nil && err != sql.ErrNoRows {
@@ -273,45 +271,43 @@ func (h *Handler) GetSpaceUsers(w http.ResponseWriter, r *http.Request) {
 	var u []user.User
 	var err error
 
-	folderID := request.Param(r, "folderID")
+	spaceID := request.Param(r, "spaceID")
-	if len(folderID) == 0 {
+	if len(spaceID) == 0 {
-		response.WriteMissingDataError(w, method, "folderID")
+		response.WriteMissingDataError(w, method, "spaceID")
 		return
 	}
 
-	// check to see space type as it determines user selection criteria
+	// Get user account as we need to know if user can see all users.
-	folder, err := h.Store.Space.Get(ctx, folderID)
+	// account.users == false means we restrict viewing to just space users
+	account, err := h.Store.Account.GetUserAccount(ctx, ctx.UserID)
 	if err != nil && err != sql.ErrNoRows {
 		response.WriteJSON(w, u)
 		h.Runtime.Log.Error(method, err)
 		return
 	}
 
-	switch folder.Type {
+	if account.Users {
-	case space.ScopePublic:
+		// can see all users
 		u, err = h.Store.User.GetActiveUsersForOrganization(ctx)
-		break
+		if err != nil && err != sql.ErrNoRows {
-	case space.ScopePrivate:
+			response.WriteJSON(w, u)
-		// just me
+			h.Runtime.Log.Error(method, err)
-		var me user.User
+			return
-		me, err = h.Store.User.Get(ctx, ctx.UserID)
+		}
-		u = append(u, me)
+	} else {
-		break
+		// send back existing space users
-	case space.ScopeRestricted:
+		u, err = h.Store.User.GetSpaceUsers(ctx, spaceID)
-		u, err = h.Store.User.GetSpaceUsers(ctx, folderID)
+		if err != nil && err != sql.ErrNoRows {
-		break
+			response.WriteJSON(w, u)
+			h.Runtime.Log.Error(method, err)
+			return
+		}
 	}
 
 	if len(u) == 0 {
 		u = []user.User{}
 	}
 
-	if err != nil && err != sql.ErrNoRows {
-		response.WriteJSON(w, u)
-		h.Runtime.Log.Error(method, err)
-		return
-	}
-
 	response.WriteJSON(w, u)
 }
 

domain/user/mysql/store.go

@@ -173,7 +173,9 @@ func (s Scope) GetActiveUsersForOrganization(ctx domain.RequestContext) (u []use
 // identified in the Persister.
 func (s Scope) GetUsersForOrganization(ctx domain.RequestContext) (u []user.User, err error) {
 	err = s.Runtime.Db.Select(&u,
-		"SELECT id, refid, firstname, lastname, email, initials, password, salt, reset, created, revised FROM user WHERE refid IN (SELECT userid FROM account where orgid = ?) ORDER BY firstname,lastname", ctx.OrgID)
+		`SELECT id, refid, firstname, lastname, email, initials, password, salt, reset, created, revised 
+		FROM user WHERE refid IN (SELECT userid FROM account where orgid = ?)
+		ORDER BY firstname,lastname`, ctx.OrgID)
 
 	if err != nil {
 		err = errors.Wrap(err, fmt.Sprintf(" get users for org %s", ctx.OrgID))
@@ -186,7 +188,8 @@ func (s Scope) GetUsersForOrganization(ctx domain.RequestContext) (u []user.User
 // GetSpaceUsers returns a slice containing all user records for given folder.
 func (s Scope) GetSpaceUsers(ctx domain.RequestContext, spaceID string) (u []user.User, err error) {
 	err = s.Runtime.Db.Select(&u, `
-		SELECT u.id, u.refid, u.firstname, u.lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised
+		SELECT u.id, u.refid, u.firstname, u.lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised, u.global
+		a.active, a.users AS viewusers, a.editor, a.admin
 		FROM user u, account a
 		WHERE a.orgid=? AND u.refid = a.userid AND a.active=1 AND u.refid IN (
 			SELECT whoid from permission WHERE orgid=? AND who='user' AND scope='object' AND location='space' AND refid=? UNION ALL

gui/app/components/folder/category-admin.js

@@ -59,7 +59,7 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, DropdownMixin
 			});
 
 			// get users that this space admin user can see
-			this.get('userService').getAll().then((users) => {
+			this.get('userService').getSpaceUsers(this.get('folder.id')).then((users) => {
 				// set up Everyone user
 				let u = {
 					orgId: this.get('folder.orgId'),

gui/app/components/folder/permission-admin.js

@@ -23,15 +23,13 @@ export default Ember.Component.extend(NotifierMixin, {
 	store: service(),
 
 	didReceiveAttrs() {
-		this.get('userService').getAll().then((users) => {
+		this.get('userService').getSpaceUsers(this.get('folder.id')).then((users) => {
 			this.set('users', users);
 
 			// set up users
 			let folderPermissions = [];
 
 			users.forEach((user) => {
-				let isActive = user.get('active');
-
 				let u = {
 					orgId: this.get('folder.orgId'),
 					folderId: this.get('folder.id'),
@@ -48,10 +46,8 @@ export default Ember.Component.extend(NotifierMixin, {
 					documentTemplate: false
 				};
 
-				if (isActive) {
+				let data = this.get('store').normalize('space-permission', u)
-					let data = this.get('store').normalize('space-permission', u)
+				folderPermissions.pushObject(this.get('store').push(data));
-					folderPermissions.pushObject(this.get('store').push(data));
-				}
 			});
 
 			// set up Everyone user

gui/app/pods/folder/settings/template.hbs

@@ -9,8 +9,8 @@
 					{{#if isAuthProviderDocumize}}
 						{{#link-to 'folder.settings.invitation' activeClass='selected' class="option" tagName="li"}}Invite{{/link-to}}
 					{{/if}}
-					{{#link-to 'folder.settings.security' activeClass='selected' class="option" tagName="li"}}Secure{{/link-to}}
+					{{#link-to 'folder.settings.security' activeClass='selected' class="option" tagName="li"}}Permissions{{/link-to}}
-					{{#link-to 'folder.settings.category' activeClass='selected' class="option" tagName="li"}}Categorize{{/link-to}}
+					{{#link-to 'folder.settings.category' activeClass='selected' class="option" tagName="li"}}Categories{{/link-to}}
 				</ul>
 			</div>
 		</div>

gui/app/services/user.js

@@ -66,9 +66,9 @@ export default Ember.Service.extend({
 		});
 	},
 
-	// Returns all users that can see folder.
+	// Returns all users that can see space.
-	getFolderUsers(folderId) {
+	getSpaceUsers(spaceId) {
-		let url = `users/folder/${folderId}`;
+		let url = `users/space/${spaceId}`;
 
 		return this.get('ajax').request(url, {
 			method: "GET"

model/account/account.go

@@ -18,7 +18,7 @@ type Account struct {
 	model.BaseEntity
 	Admin   bool   `json:"admin"`
 	Editor  bool   `json:"editor"`
-	Users   bool   `json:"viewUsers"`
+	Users   bool   `json:"viewUsers"` // either view all users or just users in your space
 	UserID  string `json:"userId"`
 	OrgID   string `json:"orgId"`
 	Company string `json:"company"`

server/routing/routes.go

@@ -139,7 +139,7 @@ func RegisterEndpoints(rt *env.Runtime, s *domain.Store) {
 
 	Add(rt, RoutePrefixPrivate, "users/{userID}/password", []string{"POST", "OPTIONS"}, nil, user.ChangePassword)
 	Add(rt, RoutePrefixPrivate, "users", []string{"POST", "OPTIONS"}, nil, user.Add)
-	Add(rt, RoutePrefixPrivate, "users/folder/{folderID}", []string{"GET", "OPTIONS"}, nil, user.GetSpaceUsers)
+	Add(rt, RoutePrefixPrivate, "users/space/{spaceID}", []string{"GET", "OPTIONS"}, nil, user.GetSpaceUsers)
 	Add(rt, RoutePrefixPrivate, "users", []string{"GET", "OPTIONS"}, nil, user.GetOrganizationUsers)
 	Add(rt, RoutePrefixPrivate, "users/{userID}", []string{"GET", "OPTIONS"}, nil, user.Get)
 	Add(rt, RoutePrefixPrivate, "users/{userID}", []string{"PUT", "OPTIONS"}, nil, user.Update)