Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-21 22:29:41 +02:00
Code Releases Activity

restrict user lists based on account.users permission

Browse source
This commit is contained in:
Harvey Kandola 2017-09-22 10:22:52 +01:00
parent b56d3426d2
commit 508ec00c6a
9 changed files with 37 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

2
domain/category/endpoint.go
View file

@ -310,8 +310,6 @@ func (h *Handler) GetSummary(w http.ResponseWriter, r *http.Request) {
}
/*
- filter users using account.users = true/false
- link/unlink document to category
- check print/pdf
- filter space documents by category -- URL param? nested route?
*/

46
domain/user/endpoint.go
View file

@ -35,7 +35,6 @@ import (
"github.com/documize/community/domain/organization"
"github.com/documize/community/model/account"
"github.com/documize/community/model/audit"
"github.com/documize/community/model/space"
"github.com/documize/community/model/user"
)
@ -244,7 +243,6 @@ func (h *Handler) GetOrganizationUsers(w http.ResponseWriter, r *http.Request) {
h.Runtime.Log.Error(method, err)
return
}
} else {
u, err = h.Store.User.GetUsersForOrganization(ctx)
if err != nil && err != sql.ErrNoRows {
@ -273,45 +271,43 @@ func (h *Handler) GetSpaceUsers(w http.ResponseWriter, r *http.Request) {
var u []user.User
var err error
folderID := request.Param(r, "folderID")
if len(folderID) == 0 {
response.WriteMissingDataError(w, method, "folderID")
spaceID := request.Param(r, "spaceID")
if len(spaceID) == 0 {
response.WriteMissingDataError(w, method, "spaceID")
return
}
// check to see space type as it determines user selection criteria
folder, err := h.Store.Space.Get(ctx, folderID)
// Get user account as we need to know if user can see all users.
// account.users == false means we restrict viewing to just space users
account, err := h.Store.Account.GetUserAccount(ctx, ctx.UserID)
if err != nil && err != sql.ErrNoRows {
response.WriteJSON(w, u)
h.Runtime.Log.Error(method, err)
return
}
switch folder.Type {
case space.ScopePublic:
if account.Users {
// can see all users
u, err = h.Store.User.GetActiveUsersForOrganization(ctx)
break
case space.ScopePrivate:
// just me
var me user.User
me, err = h.Store.User.Get(ctx, ctx.UserID)
u = append(u, me)
break
case space.ScopeRestricted:
u, err = h.Store.User.GetSpaceUsers(ctx, folderID)
break
if err != nil && err != sql.ErrNoRows {
response.WriteJSON(w, u)
h.Runtime.Log.Error(method, err)
return
}
} else {
// send back existing space users
u, err = h.Store.User.GetSpaceUsers(ctx, spaceID)
if err != nil && err != sql.ErrNoRows {
response.WriteJSON(w, u)
h.Runtime.Log.Error(method, err)
return
}
}
if len(u) == 0 {
u = []user.User{}
}
if err != nil && err != sql.ErrNoRows {
response.WriteJSON(w, u)
h.Runtime.Log.Error(method, err)
return
}
response.WriteJSON(w, u)
}

7
domain/user/mysql/store.go
View file

@ -173,7 +173,9 @@ func (s Scope) GetActiveUsersForOrganization(ctx domain.RequestContext) (u []use
// identified in the Persister.
func (s Scope) GetUsersForOrganization(ctx domain.RequestContext) (u []user.User, err error) {
err = s.Runtime.Db.Select(&u,
"SELECT id, refid, firstname, lastname, email, initials, password, salt, reset, created, revised FROM user WHERE refid IN (SELECT userid FROM account where orgid = ?) ORDER BY firstname,lastname", ctx.OrgID)
`SELECT id, refid, firstname, lastname, email, initials, password, salt, reset, created, revised
FROM user WHERE refid IN (SELECT userid FROM account where orgid = ?)
ORDER BY firstname,lastname`, ctx.OrgID)
if err != nil {
err = errors.Wrap(err, fmt.Sprintf(" get users for org %s", ctx.OrgID))
@ -186,7 +188,8 @@ func (s Scope) GetUsersForOrganization(ctx domain.RequestContext) (u []user.User
// GetSpaceUsers returns a slice containing all user records for given folder.
func (s Scope) GetSpaceUsers(ctx domain.RequestContext, spaceID string) (u []user.User, err error) {
err = s.Runtime.Db.Select(&u, `
SELECT u.id, u.refid, u.firstname, u.lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised
SELECT u.id, u.refid, u.firstname, u.lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised, u.global
a.active, a.users AS viewusers, a.editor, a.admin
FROM user u, account a
WHERE a.orgid=? AND u.refid = a.userid AND a.active=1 AND u.refid IN (
SELECT whoid from permission WHERE orgid=? AND who='user' AND scope='object' AND location='space' AND refid=? UNION ALL

2
gui/app/components/folder/category-admin.js
View file

@ -59,7 +59,7 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, DropdownMixin
});
// get users that this space admin user can see
this.get('userService').getAll().then((users) => {
this.get('userService').getSpaceUsers(this.get('folder.id')).then((users) => {
// set up Everyone user
let u = {
orgId: this.get('folder.orgId'),

6
gui/app/components/folder/permission-admin.js
View file

@ -23,15 +23,13 @@ export default Ember.Component.extend(NotifierMixin, {
store: service(),
didReceiveAttrs() {
this.get('userService').getAll().then((users) => {
this.get('userService').getSpaceUsers(this.get('folder.id')).then((users) => {
this.set('users', users);
// set up users
let folderPermissions = [];
users.forEach((user) => {
let isActive = user.get('active');
let u = {
orgId: this.get('folder.orgId'),
folderId: this.get('folder.id'),
@ -48,10 +46,8 @@ export default Ember.Component.extend(NotifierMixin, {
documentTemplate: false
};
if (isActive) {
let data = this.get('store').normalize('space-permission', u)
folderPermissions.pushObject(this.get('store').push(data));
}
});
// set up Everyone user

4
gui/app/pods/folder/settings/template.hbs
View file

@ -9,8 +9,8 @@
{{#if isAuthProviderDocumize}}
{{#link-to 'folder.settings.invitation' activeClass='selected' class="option" tagName="li"}}Invite{{/link-to}}
{{/if}}
{{#link-to 'folder.settings.security' activeClass='selected' class="option" tagName="li"}}Secure{{/link-to}}
{{#link-to 'folder.settings.category' activeClass='selected' class="option" tagName="li"}}Categorize{{/link-to}}
{{#link-to 'folder.settings.security' activeClass='selected' class="option" tagName="li"}}Permissions{{/link-to}}
{{#link-to 'folder.settings.category' activeClass='selected' class="option" tagName="li"}}Categories{{/link-to}}
</ul>
</div>
</div>

6
gui/app/services/user.js
View file

@ -66,9 +66,9 @@ export default Ember.Service.extend({
});
},
// Returns all users that can see folder.
getFolderUsers(folderId) {
let url = `users/folder/${folderId}`;
// Returns all users that can see space.
getSpaceUsers(spaceId) {
let url = `users/space/${spaceId}`;
return this.get('ajax').request(url, {
method: "GET"

2
model/account/account.go
View file

@ -18,7 +18,7 @@ type Account struct {
model.BaseEntity
Admin bool `json:"admin"`
Editor bool `json:"editor"`
Users bool `json:"viewUsers"`
Users bool `json:"viewUsers"` // either view all users or just users in your space
UserID string `json:"userId"`
OrgID string `json:"orgId"`
Company string `json:"company"`

2
server/routing/routes.go
View file

@ -139,7 +139,7 @@ func RegisterEndpoints(rt *env.Runtime, s *domain.Store) {
Add(rt, RoutePrefixPrivate, "users/{userID}/password", []string{"POST", "OPTIONS"}, nil, user.ChangePassword)
Add(rt, RoutePrefixPrivate, "users", []string{"POST", "OPTIONS"}, nil, user.Add)
Add(rt, RoutePrefixPrivate, "users/folder/{folderID}", []string{"GET", "OPTIONS"}, nil, user.GetSpaceUsers)
Add(rt, RoutePrefixPrivate, "users/space/{spaceID}", []string{"GET", "OPTIONS"}, nil, user.GetSpaceUsers)
Add(rt, RoutePrefixPrivate, "users", []string{"GET", "OPTIONS"}, nil, user.GetOrganizationUsers)
Add(rt, RoutePrefixPrivate, "users/{userID}", []string{"GET", "OPTIONS"}, nil, user.Get)
Add(rt, RoutePrefixPrivate, "users/{userID}", []string{"PUT", "OPTIONS"}, nil, user.Update)