Add new check permissions helper

domain/permission/mysql/store.go

@@ -85,6 +85,31 @@ func (s Scope) GetUserSpacePermissions(ctx domain.RequestContext, spaceID string
 	return
 }
 
+// GetSpacePermissionsForUser returns space permissions for specified user.
+func (s Scope) GetSpacePermissionsForUser(ctx domain.RequestContext, spaceID, userID string) (r []permission.Permission, err error) {
+	r = []permission.Permission{}
+
+	err = s.Runtime.Db.Select(&r, `
+		SELECT id, orgid, who, whoid, action, scope, location, refid
+			FROM permission
+			WHERE orgid=? AND location='space' AND refid=? AND who='user' AND (whoid=? OR whoid='0')
+		UNION ALL
+		SELECT p.id, p.orgid, p.who, p.whoid, p.action, p.scope, p.location, p.refid
+			FROM permission p
+			LEFT JOIN rolemember r ON p.whoid=r.roleid
+			WHERE p.orgid=? AND p.location='space' AND refid=? AND p.who='role' AND (r.userid=? OR r.userid='0')`,
+		ctx.OrgID, spaceID, userID, ctx.OrgID, spaceID, userID)
+
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("unable to execute select user permissions %s", userID))
+	}
+
+	return
+}
+
 // GetSpacePermissions returns space permissions for all users.
 // We do not filter by userID because we return permissions for all users.
 func (s Scope) GetSpacePermissions(ctx domain.RequestContext, spaceID string) (r []permission.Permission, err error) {

domain/permission/permission.go

@@ -203,7 +203,7 @@ func CanManageVersion(ctx domain.RequestContext, s domain.Store, spaceID string)
 	return false
 }
 
-// HasPermission returns if user can perform specified actions.
+// HasPermission returns if current user can perform specified actions.
 func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, actions ...pm.Action) bool {
 	roles, err := s.Permission.GetUserSpacePermissions(ctx, spaceID)
 
@@ -227,6 +227,30 @@ func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, ac
 	return false
 }
 
+// CheckPermission returns if specified user can perform specified actions.
+func CheckPermission(ctx domain.RequestContext, s domain.Store, spaceID string, userID string, actions ...pm.Action) bool {
+	roles, err := s.Permission.GetSpacePermissionsForUser(ctx, spaceID, userID)
+
+	if err == sql.ErrNoRows {
+		err = nil
+	}
+	if err != nil {
+		return false
+	}
+
+	for _, role := range roles {
+		if role.RefID == spaceID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow {
+			for _, a := range actions {
+				if role.Action == a {
+					return true
+				}
+			}
+		}
+	}
+
+	return false
+}
+
 // GetUsersWithDocumentPermission returns list of users who have specified document permission in given space
 func GetUsersWithDocumentPermission(ctx domain.RequestContext, s domain.Store, spaceID, documentID string, permissionRequired pm.Action) (users []u.User, err error) {
 	users = []u.User{}

domain/storer.go

@@ -90,6 +90,7 @@ type PermissionStorer interface {
 	AddPermission(ctx RequestContext, r permission.Permission) (err error)
 	AddPermissions(ctx RequestContext, r permission.Permission, actions ...permission.Action) (err error)
 	GetUserSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error)
+	GetSpacePermissionsForUser(ctx RequestContext, spaceID, userID string) (r []permission.Permission, err error)
 	GetSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error)
 	GetCategoryPermissions(ctx RequestContext, catID string) (r []permission.Permission, err error)
 	GetCategoryUsers(ctx RequestContext, catID string) (u []user.User, err error)