new permission endpoint

WIP

model/space/permissions.go

@@ -0,0 +1,116 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package space
+
+// PermissionRecord represents space permissions for a user on a space.
+// This data structure is made from database permission records for the space,
+// and it is designed to be sent to HTTP clients (web, mobile).
+type PermissionRecord struct {
+	OrgID            string `json:"orgId"`
+	SpaceID          string `json:"folderId"`
+	UserID           string `json:"userId"`
+	SpaceView        bool   `json:"spaceView"`
+	SpaceManage      bool   `json:"spaceManage"`
+	SpaceOwner       bool   `json:"spaceOwner"`
+	DocumentAdd      bool   `json:"documentAdd"`
+	DocumentEdit     bool   `json:"documentEdit"`
+	DocumentDelete   bool   `json:"documentDelete"`
+	DocumentMove     bool   `json:"documentMove"`
+	DocumentCopy     bool   `json:"documentCopy"`
+	DocumentTemplate bool   `json:"documentTemplate"`
+}
+
+// DecodeUserPermissions returns a flat, usable permission summary record
+// from multiple user permission records for a given space.
+func DecodeUserPermissions(perm []Permission) (r PermissionRecord) {
+	r = PermissionRecord{}
+
+	if len(perm) > 0 {
+		r.OrgID = perm[0].OrgID
+		r.UserID = perm[0].WhoID
+		r.SpaceID = perm[0].RefID
+	}
+
+	for _, p := range perm {
+		switch p.Action {
+		case SpaceView:
+			r.SpaceView = true
+		case SpaceManage:
+			r.SpaceManage = true
+		case SpaceOwner:
+			r.SpaceOwner = true
+
+		case DocumentAdd:
+			r.DocumentAdd = true
+		case DocumentEdit:
+			r.DocumentEdit = true
+		case DocumentDelete:
+			r.DocumentDelete = true
+		case DocumentMove:
+			r.DocumentMove = true
+		case DocumentCopy:
+			r.DocumentCopy = true
+		case DocumentTemplate:
+			r.DocumentTemplate = true
+		}
+	}
+
+	return
+}
+
+// EncodeUserPermissions returns multiple user permission records
+// for a given space, using flat permission summary record.
+func EncodeUserPermissions(r PermissionRecord) (perm []Permission) {
+	if r.SpaceView {
+		perm = append(perm, encodeRecord(r, SpaceView))
+	}
+	if r.SpaceManage {
+		perm = append(perm, encodeRecord(r, SpaceManage))
+	}
+	if r.SpaceOwner {
+		perm = append(perm, encodeRecord(r, SpaceOwner))
+	}
+
+	if r.DocumentAdd {
+		perm = append(perm, encodeRecord(r, DocumentAdd))
+	}
+	if r.DocumentEdit {
+		perm = append(perm, encodeRecord(r, DocumentEdit))
+	}
+	if r.DocumentDelete {
+		perm = append(perm, encodeRecord(r, DocumentDelete))
+	}
+	if r.DocumentMove {
+		perm = append(perm, encodeRecord(r, DocumentMove))
+	}
+	if r.DocumentCopy {
+		perm = append(perm, encodeRecord(r, DocumentCopy))
+	}
+	if r.DocumentTemplate {
+		perm = append(perm, encodeRecord(r, DocumentTemplate))
+	}
+
+	return
+}
+
+// creates standard permission record representing user permissions for a space.
+func encodeRecord(r PermissionRecord, a PermissionAction) (p Permission) {
+	p = Permission{}
+	p.OrgID = r.OrgID
+	p.Who = "user"
+	p.WhoID = r.UserID
+	p.Location = "space"
+	p.RefID = r.SpaceID
+	p.Action = a
+
+	return
+}

model/space/space.go

@@ -57,15 +57,15 @@ func (l *Space) IsRestricted() bool {
 
 // Permission represents a permission for a space and is persisted to the database.
 type Permission struct {
-	ID       uint64    `json:"id"`
-	OrgID    string    `json:"-"`
-	Who      string    `json:"who"`      // user, role
-	WhoID    string    `json:"whoId"`    // either a user or role ID
-	Action   string    `json:"action"`   // view, edit, delete
-	Scope    string    `json:"scope"`    // object, table
-	Location string    `json:"location"` // table name
-	RefID    string    `json:"refId"`    // id of row in table / blank when scope=table
-	Created  time.Time `json:"created"`
+	ID       uint64           `json:"id"`
+	OrgID    string           `json:"-"`
+	Who      string           `json:"who"`      // user, role
+	WhoID    string           `json:"whoId"`    // either a user or role ID
+	Action   PermissionAction `json:"action"`   // view, edit, delete
+	Scope    string           `json:"scope"`    // object, table
+	Location string           `json:"location"` // table name
+	RefID    string           `json:"refId"`    // id of row in table / blank when scope=table
+	Created  time.Time        `json:"created"`
 }
 
 // PermissionAction details type of action
@@ -77,7 +77,7 @@ const (
 	// SpaceManage action means you can add, remove users, set permissions, but not delete that space
 	SpaceManage PermissionAction = "manage"
 	// SpaceOwner action means you can delete a space and do all SpaceManage functions
-	SpaceOwner PermissionAction = "owner"
+	SpaceOwner PermissionAction = "own"
 
 	// DocumentAdd action means you can create/upload documents to a space
 	DocumentAdd PermissionAction = "doc-add"
@@ -93,16 +93,6 @@ const (
 	DocumentTemplate PermissionAction = "doc-template"
 )
 
-// Role determines user permissions for a folder.
-type Role struct {
-	model.BaseEntityObfuscated
-	OrgID   string `json:"-"`
-	LabelID string `json:"folderId"`
-	UserID  string `json:"userId"`
-	CanView bool   `json:"canView"`
-	CanEdit bool   `json:"canEdit"`
-}
-
 // Viewer details who can see a particular space
 type Viewer struct {
 	Name      string `json:"name"`
@@ -144,9 +134,9 @@ type NewSpaceRequest struct {
 }
 
 // HasPermission checks if action matches one of the required actions?
-func HasPermission(action string, actions ...PermissionAction) bool {
+func HasPermission(action PermissionAction, actions ...PermissionAction) bool {
 	for _, a := range actions {
-		if action == string(a) {
+		if action == a {
 			return true
 		}
 	}