Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-19 13:19:43 +02:00
Code Releases Activity

new permission endpoint

Browse source 
WIP
This commit is contained in:
Harvey Kandola 2017-09-14 12:54:57 +01:00
parent ae05cacf3f
commit 5f7c6d211f
32 changed files with 334 additions and 249 deletions
Download patch file Download diff file Expand all files Collapse all files

19
domain/space/endpoint.go
View file

@ -714,7 +714,7 @@ func (h *Handler) SetPermissions(w http.ResponseWriter, r *http.Request) {
response.WriteEmpty(w)
}
// GetPermissions returns permissions for the requested space, for all users.
// GetPermissions returns permissions for alll users for given space.
func (h *Handler) GetPermissions(w http.ResponseWriter, r *http.Request) {
method := "space.GetPermissions"
ctx := domain.GetRequestContext(r)
@ -730,12 +730,21 @@ func (h *Handler) GetPermissions(w http.ResponseWriter, r *http.Request) {
response.WriteServerError(w, method, err)
return
}
if len(perms) == 0 {
perms = []space.Permission{}
}
response.WriteJSON(w, perms)
userPerms := make(map[string][]space.Permission)
for _, p := range perms {
userPerms[p.WhoID] = append(userPerms[p.WhoID], p)
}
records := []space.PermissionRecord{}
for _, up := range userPerms {
records = append(records, space.DecodeUserPermissions(up))
}
response.WriteJSON(w, records)
}
// GetUserPermissions returns permissions for the requested space, for current user.
@ -754,12 +763,12 @@ func (h *Handler) GetUserPermissions(w http.ResponseWriter, r *http.Request) {
response.WriteServerError(w, method, err)
return
}
if len(perms) == 0 {
perms = []space.Permission{}
}
response.WriteJSON(w, perms)
record := space.DecodeUserPermissions(perms)
response.WriteJSON(w, record)
}
// AcceptInvitation records the fact that a user has completed space onboard process.

8
domain/space/mysql/store.go
View file

@ -208,7 +208,7 @@ func (s Scope) AddPermission(ctx domain.RequestContext, r space.Permission) (err
// AddPermissions inserts records into permission database table, one per action.
func (s Scope) AddPermissions(ctx domain.RequestContext, r space.Permission, actions ...space.PermissionAction) (err error) {
for _, a := range actions {
r.Action = string(a)
r.Action = a
s.AddPermission(ctx, r)
}
@ -242,12 +242,12 @@ func (s Scope) GetUserPermissions(ctx domain.RequestContext, spaceID string) (r
func (s Scope) GetPermissions(ctx domain.RequestContext, spaceID string) (r []space.Permission, err error) {
err = s.Runtime.Db.Select(&r, `
SELECT id, orgid, who, whoid, action, scope, location, refid
FROM permission WHERE orgid=? AND location='space' AND refid=? AND who='user' AND (whoid=? OR whoid='')
FROM permission WHERE orgid=? AND location='space' AND refid=? AND who='user'
UNION ALL
SELECT p.id, p.orgid, p.who, p.whoid, p.action, p.scope, p.location, p.refid
FROM permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.location='space' AND p.refid=?
AND p.who='role' AND (r.userid=? OR r.userid='')`,
ctx.OrgID, spaceID, ctx.UserID, ctx.OrgID, spaceID, ctx.OrgID)
AND p.who='role'`,
ctx.OrgID, spaceID, ctx.OrgID, spaceID)
if err == sql.ErrNoRows {
err = nil

2
gui/app/components/document/sidebar-view-attachments.js
View file

@ -32,7 +32,7 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, {
didInsertElement() {
this._super(...arguments);
if (!this.get('isEditor')) {
if (!this.get('permissions.documentEdit')) {
return;
}

4
gui/app/components/document/tag-editor.js
View file

@ -33,11 +33,11 @@ export default Ember.Component.extend({
}
this.set('tagz', tagz);
this.set('canAdd', this.get('isEditor') && this.get('tagz').get('length') < 3);
this.set('canAdd', this.get('permissions.documentEdit') && this.get('tagz').get('length') < 3);
},
didUpdateAttrs() {
this.set('canAdd', this.get('isEditor') && this.get('tagz').get('length') < 3);
this.set('canAdd', this.get('permissions.documentEdit') && this.get('tagz').get('length') < 3);
},
didInsertElement() {

2
gui/app/components/folder/documents-list.js
View file

@ -21,7 +21,7 @@ export default Ember.Component.extend({
didReceiveAttrs() {
this._super(...arguments);
this.set('canCreate', this.get('folderService').get('canEditCurrentFolder'));
this.set('canCreate', this.get('permissions.documentAdd'));
this.set('deleteTargets', this.get('folders').rejectBy('id', this.get('folder.id')));
},

1
gui/app/components/folder/folder-heading.js
View file

@ -22,7 +22,6 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, {
folderName: '',
hasNameError: computed.empty('folderName'),
editMode: false,
isEditor: false,
keyUp(e) {
if (e.keyCode === 27) { // escape key

23
gui/app/components/folder/folder-toolbar.js
View file

@ -14,10 +14,6 @@ import NotifierMixin from '../../mixins/notifier';
import TooltipMixin from '../../mixins/tooltip';
import AuthMixin from '../../mixins/auth';
const {
computed
} = Ember;
export default Ember.Component.extend(NotifierMixin, TooltipMixin, AuthMixin, {
folderService: Ember.inject.service('folder'),
session: Ember.inject.service(),
@ -25,16 +21,11 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, AuthMixin, {
showToolbar: false,
folder: {},
busy: false,
isFolderOwner: computed.equal('folder.userId', 'session.user.id'),
moveFolderId: "",
drop: null,
didReceiveAttrs() {
this.set('isFolderOwner', this.get('folder.userId') === this.get("session.user.id"));
let show = this.get('session.authenticated') || this.get('isFolderOwner') || this.get('hasSelectedDocuments') || this.get('folderService').get('canEditCurrentFolder');
this.set('showToolbar', show);
console.log(this.get('permissions'));
let targets = _.reject(this.get('folders'), {
id: this.get('folder').get('id')
});
@ -44,11 +35,17 @@ export default Ember.Component.extend(NotifierMixin, TooltipMixin, AuthMixin, {
didRender() {
if (this.get('hasSelectedDocuments')) {
this.addTooltip(document.getElementById("move-documents-button"));
this.addTooltip(document.getElementById("delete-documents-button"));
if (this.get('permissions.documentMove')) {
this.addTooltip(document.getElementById("move-documents-button"));
}
if (this.get('permissions.documentDelete')) {
this.addTooltip(document.getElementById("delete-documents-button"));
}
} else {
if (this.get('isFolderOwner')) {
if (this.get('permissions.spaceOwner')) {
this.addTooltip(document.getElementById("space-delete-button"));
}
if (this.get('permissions.spaceManage')) {
this.addTooltip(document.getElementById("space-settings-button"));
}
}

135
gui/app/components/folder/permission-admin.js
View file

@ -26,75 +26,62 @@ export default Ember.Component.extend(NotifierMixin, {
this.get('userService').getAll().then((users) => {
this.set('users', users);
var folderPermissions = [];
// set up users
let folderPermissions = [];
users.forEach((user) => {
let isActive = user.get('active');
let u = {
fullname: user.get('fullname'),
orgId: this.get('folder.orgId'),
who: 'user',
whoId: user.get('id'),
location: 'space',
scope: 'object',
refId: this.get('folder.id'),
folderId: this.get('folder.id'),
userId: user.get('id'),
fullname: user.get('fullname'),
spaceView: false,
spaceManage: false,
spaceOwner: false,
docAdd: false,
docEdit: false,
docDelete: false,
docMove: false,
docCopy: false,
docTemplate: false,
documentAdd: false,
documentEdit: false,
documentDelete: false,
documentMove: false,
documentCopy: false,
documentTemplate: false
};
if (isActive) {
folderPermissions.pushObject(u);
let data = this.get('store').normalize('space-permission', u)
folderPermissions.pushObject(this.get('store').push(data));
}
});
var u = {
fullname: " Everyone",
// set up Everyone user
let u = {
orgId: this.get('folder.orgId'),
who: 'user',
whoId: '',
location: 'space',
scope: 'object',
refId: this.get('folder.id'),
folderId: this.get('folder.id'),
userId: '',
fullname: ' Everyone',
spaceView: false,
spaceManage: false,
spaceOwner: false,
docAdd: false,
docEdit: false,
docDelete: false,
docMove: false,
docCopy: false,
docTemplate: false,
documentAdd: false,
documentEdit: false,
documentDelete: false,
documentMove: false,
documentCopy: false,
documentTemplate: false
};
folderPermissions.pushObject(u);
let data = this.get('store').normalize('space-permission', u)
folderPermissions.pushObject(this.get('store').push(data));
this.get('folderService').getPermissions(this.get('folder.id')).then((permissions) => {
permissions.forEach((permission, index) => { // eslint-disable-line no-unused-vars
var folderPermission = folderPermissions.findBy('userId', permission.get('userId'));
if (is.not.undefined(folderPermission)) {
Ember.setProperties(folderPermission, {
orgId: permission.get('orgId'),
folderId: permission.get('folderId'),
canEdit: permission.get('canEdit'),
canView: permission.get('canView'),
canViewPrevious: permission.get('canView')
});
let user = folderPermissions.findBy('userId', permission.get('userId'));
if (is.not.undefined(user)) {
Ember.setProperties(user, permission);
}
});
folderPermissions.map((permission) => {
let data = this.get('store').normalize('folder-permission', permission);
return this.get('store').push(data);
});
this.set('permissions', folderPermissions.sortBy('fullname'));
});
});
@ -107,48 +94,44 @@ export default Ember.Component.extend(NotifierMixin, {
actions: {
setPermissions() {
let message = this.getDefaultInvitationMessage();
let folder = this.get('folder');
// let folder = this.get('folder');
let permissions = this.get('permissions');
this.get('permissions').forEach((permission, index) => { // eslint-disable-line no-unused-vars
Ember.set(permission, 'canView', $("#canView-" + permission.userId).prop('checked'));
Ember.set(permission, 'canEdit', $("#canEdit-" + permission.userId).prop('checked'));
permissions.forEach((permission, index) => { // eslint-disable-line no-unused-vars
Ember.set(permission, 'spaceView', $("#space-role-view-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'spaceManage', $("#space-role-manage-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'spaceOwner', $("#space-role-owner-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentAdd', $("#doc-role-add-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentEdit', $("#doc-role-edit-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentDelete', $("#doc-role-delete-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentMove', $("#doc-role-move-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentCopy', $("#doc-role-copy-" + permission.get('userId')).prop('checked'));
Ember.set(permission, 'documentTemplate', $("#doc-role-template-" + permission.get('userId')).prop('checked'));
});
var data = permissions.map((obj) => {
let permission = {
'orgId': obj.orgId,
'folderId': obj.folderId,
'userId': obj.userId,
'canEdit': obj.canEdit,
'canView': obj.canView
};
let payload = { Message: message, Permissions: permissions };
console.log(payload);
return permission;
});
// this.get('folderService').savePermissions(folder.get('id'), payload).then(() => {
// this.showNotification('Saved permissions');
// });
var payload = { Message: message, Roles: data };
// var hasEveryone = _.find(data, function (permission) {
// return permission.userId === "" && (permission.canView || permission.canEdit);
// });
this.get('folderService').savePermissions(folder.get('id'), payload).then(() => {
this.showNotification('Saved permissions');
});
// if (is.not.undefined(hasEveryone)) {
// folder.markAsPublic();
// } else {
// if (data.length > 1) {
// folder.markAsRestricted();
// } else {
// folder.markAsPrivate();
// }
// }
var hasEveryone = _.find(data, function (permission) {
return permission.userId === "" && (permission.canView || permission.canEdit);
});
if (is.not.undefined(hasEveryone)) {
folder.markAsPublic();
} else {
if (data.length > 1) {
folder.markAsRestricted();
} else {
folder.markAsPrivate();
}
}
this.get('folderService').save(folder).then(function () {
});
// this.get('folderService').save(folder).then(function () {
// });
}
}
});

5
gui/app/models/folder-permission.js
View file

@ -11,13 +11,12 @@
import Model from 'ember-data/model';
import attr from 'ember-data/attr';
// import { belongsTo, hasMany } from 'ember-data/relationships';
import { belongsTo } from 'ember-data/relationships';
export default Model.extend({
orgId: attr('string'),
folderId: attr('string'),
userId: attr('string'),
fullname: attr('string'),
canView: attr('boolean', { defaultValue: false }),
canEdit: attr('boolean', { defaultValue: false })
permissions: belongsTo('space-permission')
});

19
gui/app/models/user-permission.js → gui/app/models/space-permission.js
View file

@ -15,10 +15,17 @@ import attr from 'ember-data/attr';
export default Model.extend({
orgId: attr('string'),
who: attr('string'),
whoId: attr('string'),
action: attr('string'),
scope: attr('string'),
location: attr('string'),
refId: attr('string')
folderId: attr('string'),
userId: attr('string'),
fullname: attr('string'), // client-side usage only, not from API
spaceView: attr('boolean'),
spaceManage: attr('boolean'),
spaceOwner: attr('boolean'),
documentAdd: attr('boolean'),
documentEdit: attr('boolean'),
documentDelete: attr('boolean'),
documentMove: attr('boolean'),
documentCopy: attr('boolean'),
documentTemplate: attr('boolean')
});

2
gui/app/pods/document/index/route.js
View file

@ -30,7 +30,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
pages: this.get('documentService').getPages(this.modelFor('document').document.get('id')),
links: this.modelFor('document').links,
sections: this.modelFor('document').sections,
isEditor: this.get('folderService').get('canEditCurrentFolder')
permissions: this.get('folderService').get('permissions')
});
}
});

9
gui/app/pods/document/index/template.hbs
View file

@ -1,9 +1,10 @@
{{#layout/zone-container}}
{{#layout/zone-sidebar}}
{{document/sidebar-zone folders=model.folders folder=model.folder document=model.document
pages=model.pages sections=model.section links=model.links isEditor=model.isEditor tab=tab
pages=model.pages sections=model.section links=model.links permissions=model.permissions tab=tab
onDocumentDelete=(action 'onDocumentDelete') onSaveTemplate=(action 'onSaveTemplate')
onPageSequenceChange=(action 'onPageSequenceChange') onPageLevelChange=(action 'onPageLevelChange') onGotoPage=(action 'onGotoPage')}}
onPageSequenceChange=(action 'onPageSequenceChange') onPageLevelChange=(action 'onPageLevelChange')
onGotoPage=(action 'onGotoPage')}}
{{/layout/zone-sidebar}}
{{#layout/zone-content}}
<div id="zone-document-content" class="zone-document-content">
@ -15,9 +16,9 @@
</div>
{{/link-to}}
</div>
{{document/document-heading document=model.document isEditor=model.isEditor onSaveDocument=(action 'onSaveDocument')}}
{{document/document-heading document=model.document permissions=model.permissions onSaveDocument=(action 'onSaveDocument')}}
{{document/document-view document=model.document links=model.links pages=model.pages
folder=model.folder folders=model.folders sections=model.sections isEditor=model.isEditor pageId=pageId
folder=model.folder folders=model.folders sections=model.sections permissions=model.permissions pageId=pageId
onSavePage=(action 'onSavePage') onInsertSection=(action 'onInsertSection')
onSavePageAsBlock=(action 'onSavePageAsBlock') onDeleteBlock=(action 'onDeleteBlock') onGotoPage=(action 'onGotoPage')
onCopyPage=(action 'onCopyPage') onMovePage=(action 'onMovePage') onDeletePage=(action 'onPageDeleted')}}

4
gui/app/pods/document/route.js
View file

@ -34,7 +34,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
this.set('folder', folder);
this.get('folderService').setCurrentFolder(folder).then(() => {
this.set('isEditor', this.get('folderService').get('canEditCurrentFolder'));
this.set('permissions', this.get('folderService').get('permissions'));
resolve();
});
});
@ -49,7 +49,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
folder: this.get('folder'),
document: this.get('document'),
page: this.get('pageId'),
isEditor: this.get('isEditor'),
permissions: this.get('permissions'),
links: this.get('linkService').getDocumentLinks(this.get('documentId')),
sections: this.get('sectionService').getAll()
});

2
gui/app/pods/document/section/route.js
View file

@ -22,7 +22,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
folders: this.modelFor('document').folders,
folder: this.modelFor('document').folder,
document: this.modelFor('document').document,
isEditor: this.get('folderService').get('canEditCurrentFolder'),
permissions: this.get('folderService').get('permissions'),
links: this.modelFor('document').links,
sections: this.modelFor('document').sections,
page: this.get('documentService').getPage(this.modelFor('document').document.get('id'), params.page_id),

2
gui/app/pods/document/section/template.hbs
View file

@ -7,7 +7,7 @@
<i class="material-icons">arrow_back</i>&nbsp;{{model.document.name}}
{{/link-to}}
</div>
{{document/document-heading document=model.document isEditor=false}}
{{document/document-heading document=model.document permissions=model.permissions}}
{{document/document-editor document=model.document folder=model.folder page=model.page meta=model.meta onCancel=(action 'onCancel') onAction=(action 'onAction')}}
</div>
</div>

2
gui/app/pods/folder/index/route.js
View file

@ -19,7 +19,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
return Ember.RSVP.hash({
folder: this.modelFor('folder').folder,
isEditor: this.modelFor('folder').isEditor,
isFolderOwner: this.modelFor('folder').isFolderOwner,
permissions: this.modelFor('folder').permissions,
folders: this.modelFor('folder').folders,
documents: this.modelFor('folder').documents,
templates: this.modelFor('folder').templates

13
gui/app/pods/folder/index/template.hbs
View file

@ -1,14 +1,17 @@
{{#layout/zone-container}}
{{#layout/zone-sidebar}}
{{folder/sidebar-zone folders=model.folders folder=model.folder isFolderOwner=model.isFolderOwner isEditor=model.isEditor tab=tab
onAddSpace=(action 'onAddSpace')}}
{{folder/sidebar-zone folders=model.folders folder=model.folder
permissions=model.permissions tab=tab onAddSpace=(action 'onAddSpace')}}
{{/layout/zone-sidebar}}
{{#layout/zone-content}}
{{folder/folder-heading folder=model.folder isFolderOwner=model.isFolderOwner isEditor=model.isEditor}}
{{folder/folder-toolbar folders=model.folders isFolderOwner=model.isFolderOwner folder=model.folder hasSelectedDocuments=hasSelectedDocuments
{{folder/folder-heading folder=model.folder permissions=model.permissions}}
{{folder/folder-toolbar folders=model.folders folder=model.folder
permissions=model.permissions hasSelectedDocuments=hasSelectedDocuments
onDeleteDocument=(action 'onDeleteDocument') onMoveDocument=(action 'onMoveDocument')}}
{{folder/documents-list documents=model.documents folders=model.folders folder=model.folder templates=model.templates
isFolderOwner=model.isFolderOwner isEditor=model.isEditor selectedDocuments=(mut selectedDocuments)
permissions=model.permissions selectedDocuments=(mut selectedDocuments)
onDeleteSpace=(action 'onDeleteSpace') onImport=(action 'onImport')}}
{{/layout/zone-content}}
{{/layout/zone-container}}

9
gui/app/pods/folder/route.js
View file

@ -26,10 +26,8 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
this.get('folderService').getFolder(this.get('folderId')).then((folder) => {
this.set('folder', folder);
this.get('folderService').setCurrentFolder(folder).then(() => {
this.set('isEditor', this.get('folderService').get('canEditCurrentFolder'));
this.set('isFolderOwner', this.get('session.user.id') === folder.get('userId'));
this.get('folderService').setCurrentFolder(folder).then((data) => {
this.set('permissions', data);
resolve();
});
});
@ -39,8 +37,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
model(params) {
return Ember.RSVP.hash({
folder: this.get('folder'),
isEditor: this.get('isEditor'),
isFolderOwner: this.get('isFolderOwner'),
permissions: this.get('permissions'),
folders: this.get('folderService').getAll(),
documents: this.get('documentService').getAllByFolder(params.folder_id),
templates: this.get('templateService').getSavedTemplates(params.folder_id)

3
gui/app/pods/folder/settings/route.js
View file

@ -18,8 +18,7 @@ export default Ember.Route.extend(AuthenticatedRouteMixin, {
return Ember.RSVP.hash({
folder: this.modelFor('folder').folder,
isEditor: this.modelFor('folder').isEditor,
isFolderOwner: this.modelFor('folder').isFolderOwner,
permissions: this.modelFor('folder').permissions,
folders: this.modelFor('folder').folders
});
}

0
gui/app/serializers/user-permission.js → gui/app/serializers/space-permission.js
View file

42
gui/app/services/folder.js
View file

@ -25,7 +25,7 @@ export default BaseService.extend({
// selected folder
currentFolder: null,
canEditCurrentFolder: false,
permissions: {},
// Add a new folder.
add(payload) {
@ -114,7 +114,6 @@ export default BaseService.extend({
// reloads and caches folders.
reload() {
return this.get('ajax').request(`space`, {
method: "GET"
}).then((response) => {
@ -137,7 +136,7 @@ export default BaseService.extend({
let data = [];
data = response.map((obj) => {
let data = this.get('store').normalize('user-permission', obj);
let data = this.get('store').normalize('space-permission', obj);
return this.get('store').push(data);
});
@ -171,7 +170,6 @@ export default BaseService.extend({
let folderId = folder.get('id');
this.set('currentFolder', folder);
this.get('localStorage').storeSessionItem("folder", folderId);
this.set('canEditCurrentFolder', false);
let userId = this.get('sessionService.user.id');
if (userId === "") {
@ -180,37 +178,11 @@ export default BaseService.extend({
let url = `space/${folderId}/permissions/user`;
return this.get('ajax').request(url).then((folderPermissions) => {
// safety check
this.set('canEditCurrentFolder', false);
if (folderPermissions.length === 0) {
return;
}
let result = [];
folderPermissions.forEach((item) => {
if (item.folderId === folderId) {
result.push(item);
}
});
let canEdit = false;
result.forEach((permission) => {
if (permission.userId === userId) {
canEdit = permission.canEdit;
}
if (permission.userId === "" && !canEdit) {
canEdit = permission.canEdit;
}
});
Ember.run(() => {
this.set('canEditCurrentFolder', canEdit && this.get('sessionService.authenticated'));
});
return this.get('ajax').request(url).then((response) => {
let data = this.get('store').normalize('space-permission', response);
let data2 = this.get('store').push(data);
this.set('permissions', data2);
return data2;
});
},
});

2
gui/app/templates/components/document/document-heading.hbs
View file

@ -1,5 +1,5 @@
{{#unless editMode}}
<div class="document-heading {{if isEditor 'cursor-pointer'}}" onclick={{if isEditor (action 'toggleEdit')}}>
<div class="document-heading {{if permissions.documentEdit 'cursor-pointer'}}" onclick={{if permissions.documentEdit (action 'toggleEdit')}}>
<h1 class="doc-title">{{document.name}}</h1>
<div class="doc-excerpt">{{document.excerpt}}</div>
</div>

2
gui/app/templates/components/document/sidebar-view-attachments.hbs
View file

@ -13,7 +13,7 @@
<a href="{{ appMeta.endpoint }}/public/attachments/{{ appMeta.orgId }}/{{ a.id }}">
<span class="file">{{ a.filename }}</span>
</a>
{{#if isEditor}}
{{#if permissions.documentEdit}}
<div class="action round-button-mono">
<i class="material-icons color-gray delete-attachment-{{a.id}}" title="Delete" {{action 'onConfirmDelete' a.id a.filename}}>delete</i>
</div>

22
gui/app/templates/components/document/sidebar-zone.hbs
View file

@ -10,7 +10,7 @@
<div class="round-button-mono {{if (is-equal tab 'attachments') 'selected'}}" {{action 'onChangeTab' 'attachments'}}>
<i class="material-icons">attach_file</i>
</div>
{{#if isEditor}}
{{#if permissions.documentEdit}}
<div class="margin-top-20"></div>
<div class="round-button-mono {{if (is-equal tab 'activity') 'selected'}}" {{action 'onChangeTab' 'activity'}}>
<i class="material-icons">timeline</i>
@ -22,21 +22,21 @@
{{#if document.template}}
<div class="template-header">Template</div>
{{/if}}
{{document/tag-editor documentTags=document.tags isEditor=isEditor onChange=(action 'onTagChange')}}
{{document/tag-editor documentTags=document.tags permissions=permissions onChange=(action 'onTagChange')}}
</div>
<div class="sidebar-wrapper">
{{#if (is-equal tab 'index')}}
{{document/sidebar-view-index document=document folder=folder pages=pages page=page isEditor=isEditor
{{document/sidebar-view-index document=document folder=folder pages=pages page=page permissions=permissions
onPageSequenceChange=(action 'onPageSequenceChange') onPageLevelChange=(action 'onPageLevelChange') onGotoPage=(action 'onGotoPage')}}
{{/if}}
{{#if (is-equal tab 'attachments')}}
{{document/sidebar-view-attachments document=document isEditor=isEditor}}
{{document/sidebar-view-attachments document=document permissions=permissions}}
{{/if}}
{{#if (is-equal tab 'activity')}}
{{document/sidebar-view-activity document=document pages=pages isEditor=isEditor}}
{{document/sidebar-view-activity document=document pages=pages permissions=permissions}}
{{/if}}
</div>
@ -55,7 +55,7 @@
{{else}}
<li class="item" id="pin-document-button">Pin</li>
{{/if}}
{{#if isEditor}}
{{#if permissions.documentEdit}}
<li class="item">
{{#link-to 'document.history'}}History{{/link-to}}
</li>
@ -63,14 +63,14 @@
{{/if}}
{{/if}}
{{#if isEditor}}
{{#if permissions.documentTemplate}}
<li class="item" id="save-template-button">Template</li>
<li class="divider"></li>
{{/if}}
<li class="item" id="print-document-button" {{action 'onPrintDocument'}}>Print</li>
{{#if isEditor}}
{{#if permissions.documentDelete}}
<li class="divider"></li>
<li class="item danger" id="delete-document-button">Delete</li>
{{/if}}
@ -90,13 +90,17 @@
{{/unless}}
{{/if}}
{{#if isEditor}}
{{#if permissions.documentDelete}}
{{#if menuOpen}}
{{#dropdown-dialog target="delete-document-button" position="bottom left" button="Delete" color="flat-red" onAction=(action 'onDeleteDocument')}}
<p>Are you sure you want to delete this document?</p>
<p>There is no undo, so be careful.</p>
{{/dropdown-dialog}}
{{/if}}
{{/if}}
{{#if permissions.documentTemplate}}
{{#if menuOpen}}
{{#dropdown-dialog target="save-template-button" position="bottom left" button="Save as Template" color="flat-green" onAction=(action 'onSaveTemplate') focusOn="new-template-name" }}
<div class="input-control">
<label>Name</label>

2
gui/app/templates/components/folder/documents-list.hbs
View file

@ -33,7 +33,7 @@
{{/each}}
</div>
{{folder/start-document folder=folder templates=templates isEditor=isEditor onImport=(action 'onImport') onHideDocumentWizard=(action 'onHideDocumentWizard')}}
{{folder/start-document folder=folder templates=templates permissions=permissions onImport=(action 'onImport') onHideDocumentWizard=(action 'onHideDocumentWizard')}}
{{#if emptyState}}
{{#if canCreate}}

2
gui/app/templates/components/folder/folder-heading.hbs
View file

@ -1,5 +1,5 @@
{{#unless editMode}}
<div class="folder-heading {{if isFolderOwner 'cursor-pointer'}}" onclick={{if isFolderOwner (action 'toggleEdit')}}>
<div class="folder-heading {{if permissions.spaceOwner 'cursor-pointer'}}" onclick={{if permissions.spaceOwner (action 'toggleEdit')}}>
<h1 class="folder-title">{{folder.name}}</h1>
</div>
{{else}}

69
gui/app/templates/components/folder/folder-toolbar.hbs
View file

@ -1,19 +1,12 @@
{{#if showToolbar}}
<div class="pull-right hidden-xs hidden-sm">
{{#if hasSelectedDocuments}}
<div class="pull-right hidden-xs hidden-sm">
{{#if hasSelectedDocuments}}
{{#if permissions.documentMove}}
<div class="round-button button-blue" id="move-documents-button" data-tooltip="Move documents" data-tooltip-position="top center">
<i class="material-icons">folder</i>
<i class="material-icons">folder</i>
</div>
<div class="button-gap"></div>
<div class="round-button button-red" id="delete-documents-button" data-tooltip="Delete documents" data-tooltip-position="top center">
<i class="material-icons">delete</i>
</div>
{{#dropdown-dialog target="delete-documents-button" position="bottom right" button="Delete" color="flat-red" onAction=(action 'deleteDocuments')}}
<p>Are you sure you want to delete selected documents?</p>
<p>There is no undo!</p>
{{/dropdown-dialog}}
{{#dropdown-dialog target="move-documents-button" position="bottom right" button="Move" color="flat-blue" onAction=(action 'moveDocuments')}}
<p class="heading">Select destination space</p>
<p class="heading">Select destination space</p>
<ul class="move-document-options">
{{#each movedFolderOptions as |folder|}}
<li class="option {{if folder.selected "selected"}}" {{action 'setMoveFolder' folder.id}}>
@ -27,22 +20,38 @@
{{/each}}
</ul>
{{/dropdown-dialog}}
{{else}}
{{#if isFolderOwner}}
{{#link-to 'folder.settings' folder.id folder.slug}}{{model.document.name}}
<div class="round-button button-gray" id="space-settings-button" data-tooltip="Manage permissions" data-tooltip-position="top center">
<i class="material-icons">settings</i>
</div>
{{/link-to}}
<div class="button-gap"></div>
<div class="round-button button-gray" id="space-delete-button" data-tooltip="Delete everything" data-tooltip-position="top center">
<i class="material-icons">delete</i>
</div>
{{else}}
<div class="margin-top-35"></div>
{{/if}}
{{/if}}
</div>
{{/if}}
{{/if}}
{{#if permissions.documentDelete}}
<div class="button-gap"></div>
<div class="round-button button-red" id="delete-documents-button" data-tooltip="Delete documents" data-tooltip-position="top center">
<i class="material-icons">delete</i>
</div>
{{#dropdown-dialog target="delete-documents-button" position="bottom right" button="Delete" color="flat-red" onAction=(action 'deleteDocuments')}}
<p>Are you sure you want to delete selected documents?</p>
<p>There is no undo!</p>
{{/dropdown-dialog}}
{{/if}}
{{else}}
{{#if permissions.spaceManage}}
{{#link-to 'folder.settings' folder.id folder.slug}}{{model.document.name}}
<div class="round-button button-gray" id="space-settings-button" data-tooltip="Manage permissions" data-tooltip-position="top center">
<i class="material-icons">settings</i>
</div>
{{/link-to}}
{{/if}}
{{#if permissions.spaceOwner}}
<div class="button-gap"></div>
<div class="round-button button-gray" id="space-delete-button" data-tooltip="Delete everything" data-tooltip-position="top center">
<i class="material-icons">delete</i>
</div>
{{/if}}
{{/if}}
</div>
<div class="margin-top-35" />
<div class="margin-bottom-20 clearfix" />

18
gui/app/templates/components/folder/permission-admin.hbs
View file

@ -11,25 +11,25 @@
<div class="permission-name-cell">{{permission.fullname}}</div>
<div class="permission-roles-cell">
<span class="role-category">Space:&nbsp;</span>
<input type="checkbox" id="space-role-view-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="space-role-view-{{permission.userId}}" checked={{permission.spaceView}} />
<label for="space-role-view-{{permission.userId}}">view</label>&nbsp;&nbsp;
<input type="checkbox" id="space-role-manage-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="space-role-manage-{{permission.userId}}" checked={{permission.spaceManage}} />
<label for="space-role-manage-{{permission.userId}}">manage</label>&nbsp;&nbsp;
<input type="checkbox" id="space-role-owner-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="space-role-owner-{{permission.userId}}" checked={{permission.spaceOwner}} />
<label for="space-role-owner-{{permission.userId}}">owner</label>&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;
<span class="role-category">Document:&nbsp;</span>
<input type="checkbox" id="doc-role-add-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-add-{{permission.userId}}" checked={{permission.documentAdd}} />
<label for="doc-role-add-{{permission.userId}}">create</label>&nbsp;&nbsp;
<input type="checkbox" id="doc-role-edit-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-edit-{{permission.userId}}" checked={{permission.documentEdit}} />
<label for="doc-role-edit-{{permission.userId}}">edit</label>&nbsp;&nbsp;
<input type="checkbox" id="doc-role-delete-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-delete-{{permission.userId}}" checked={{permission.documentDelete}} />
<label for="doc-role-delete-{{permission.userId}}">delete</label>&nbsp;&nbsp;
<input type="checkbox" id="doc-role-move-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-move-{{permission.userId}}" checked={{permission.documentMove}} />
<label for="doc-role-move-{{permission.userId}}">move</label>&nbsp;&nbsp;
<input type="checkbox" id="doc-role-copy-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-copy-{{permission.userId}}" checked={{permission.documentCopy}} />
<label for="doc-role-copy-{{permission.userId}}">copy</label>&nbsp;&nbsp;
<input type="checkbox" id="doc-role-template-{{permission.userId}}" checked={{permission.canView}} />
<input type="checkbox" id="doc-role-template-{{permission.userId}}" checked={{permission.documentTemplate}} />
<label for="doc-role-template-{{permission.userId}}">templates</label>&nbsp;&nbsp;
</div>
</div>

4
gui/app/templates/components/folder/sidebar-zone.hbs
View file

@ -7,7 +7,7 @@
<div class="margin-top-20"></div>
{{#if session.authenticated}}
{{#if isFolderOwner}}
{{#if permissions.spaceManage}}
{{#if isAuthProviderDocumize}}
<div class="round-button-mono {{if (is-equal tab 'share') 'selected'}}" {{action 'onChangeTab' 'share'}}>
<i class="material-icons">person_add</i>
@ -54,7 +54,7 @@
<div class="sidebar-wrapper">
{{#if (is-equal tab 'index')}}
{{folder/sidebar-folders-list folders=folders folder=folder isFolderOwner=isFolderOwner onAddSpace=(action 'onAddSpace')}}
{{folder/sidebar-folders-list folders=folders folder=folder permissions=permissions onAddSpace=(action 'onAddSpace')}}
{{/if}}
{{#if (is-equal tab 'share')}}

2
gui/app/templates/components/folder/start-document.hbs
View file

@ -16,7 +16,7 @@
<ul class="template-list">
{{#each savedTemplates key="id" as |template|}}
<li class="item">
{{#if isEditor}}
{{#if permissions.documentTemplate}}
{{#unless template.locked}}
<div class="template-actions">
<i class="material-icons" {{action 'editTemplate' template}}>mode_edit</i>

116
model/space/permissions.go Normal file
View file

@ -0,0 +1,116 @@
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com
package space
// PermissionRecord represents space permissions for a user on a space.
// This data structure is made from database permission records for the space,
// and it is designed to be sent to HTTP clients (web, mobile).
type PermissionRecord struct {
OrgID string `json:"orgId"`
SpaceID string `json:"folderId"`
UserID string `json:"userId"`
SpaceView bool `json:"spaceView"`
SpaceManage bool `json:"spaceManage"`
SpaceOwner bool `json:"spaceOwner"`
DocumentAdd bool `json:"documentAdd"`
DocumentEdit bool `json:"documentEdit"`
DocumentDelete bool `json:"documentDelete"`
DocumentMove bool `json:"documentMove"`
DocumentCopy bool `json:"documentCopy"`
DocumentTemplate bool `json:"documentTemplate"`
}
// DecodeUserPermissions returns a flat, usable permission summary record
// from multiple user permission records for a given space.
func DecodeUserPermissions(perm []Permission) (r PermissionRecord) {
r = PermissionRecord{}
if len(perm) > 0 {
r.OrgID = perm[0].OrgID
r.UserID = perm[0].WhoID
r.SpaceID = perm[0].RefID
}
for _, p := range perm {
switch p.Action {
case SpaceView:
r.SpaceView = true
case SpaceManage:
r.SpaceManage = true
case SpaceOwner:
r.SpaceOwner = true
case DocumentAdd:
r.DocumentAdd = true
case DocumentEdit:
r.DocumentEdit = true
case DocumentDelete:
r.DocumentDelete = true
case DocumentMove:
r.DocumentMove = true
case DocumentCopy:
r.DocumentCopy = true
case DocumentTemplate:
r.DocumentTemplate = true
}
}
return
}
// EncodeUserPermissions returns multiple user permission records
// for a given space, using flat permission summary record.
func EncodeUserPermissions(r PermissionRecord) (perm []Permission) {
if r.SpaceView {
perm = append(perm, encodeRecord(r, SpaceView))
}
if r.SpaceManage {
perm = append(perm, encodeRecord(r, SpaceManage))
}
if r.SpaceOwner {
perm = append(perm, encodeRecord(r, SpaceOwner))
}
if r.DocumentAdd {
perm = append(perm, encodeRecord(r, DocumentAdd))
}
if r.DocumentEdit {
perm = append(perm, encodeRecord(r, DocumentEdit))
}
if r.DocumentDelete {
perm = append(perm, encodeRecord(r, DocumentDelete))
}
if r.DocumentMove {
perm = append(perm, encodeRecord(r, DocumentMove))
}
if r.DocumentCopy {
perm = append(perm, encodeRecord(r, DocumentCopy))
}
if r.DocumentTemplate {
perm = append(perm, encodeRecord(r, DocumentTemplate))
}
return
}
// creates standard permission record representing user permissions for a space.
func encodeRecord(r PermissionRecord, a PermissionAction) (p Permission) {
p = Permission{}
p.OrgID = r.OrgID
p.Who = "user"
p.WhoID = r.UserID
p.Location = "space"
p.RefID = r.SpaceID
p.Action = a
return
}

34
model/space/space.go
View file

@ -57,15 +57,15 @@ func (l *Space) IsRestricted() bool {
// Permission represents a permission for a space and is persisted to the database.
type Permission struct {
ID uint64 `json:"id"`
OrgID string `json:"-"`
Who string `json:"who"` // user, role
WhoID string `json:"whoId"` // either a user or role ID
Action string `json:"action"` // view, edit, delete
Scope string `json:"scope"` // object, table
Location string `json:"location"` // table name
RefID string `json:"refId"` // id of row in table / blank when scope=table
Created time.Time `json:"created"`
ID uint64 `json:"id"`
OrgID string `json:"-"`
Who string `json:"who"` // user, role
WhoID string `json:"whoId"` // either a user or role ID
Action PermissionAction `json:"action"` // view, edit, delete
Scope string `json:"scope"` // object, table
Location string `json:"location"` // table name
RefID string `json:"refId"` // id of row in table / blank when scope=table
Created time.Time `json:"created"`
}
// PermissionAction details type of action
@ -77,7 +77,7 @@ const (
// SpaceManage action means you can add, remove users, set permissions, but not delete that space
SpaceManage PermissionAction = "manage"
// SpaceOwner action means you can delete a space and do all SpaceManage functions
SpaceOwner PermissionAction = "owner"
SpaceOwner PermissionAction = "own"
// DocumentAdd action means you can create/upload documents to a space
DocumentAdd PermissionAction = "doc-add"
@ -93,16 +93,6 @@ const (
DocumentTemplate PermissionAction = "doc-template"
)
// Role determines user permissions for a folder.
type Role struct {
model.BaseEntityObfuscated
OrgID string `json:"-"`
LabelID string `json:"folderId"`
UserID string `json:"userId"`
CanView bool `json:"canView"`
CanEdit bool `json:"canEdit"`
}
// Viewer details who can see a particular space
type Viewer struct {
Name string `json:"name"`
@ -144,9 +134,9 @@ type NewSpaceRequest struct {
}
// HasPermission checks if action matches one of the required actions?
func HasPermission(action string, actions ...PermissionAction) bool {
func HasPermission(action PermissionAction, actions ...PermissionAction) bool {
for _, a := range actions {
if action == string(a) {
if action == a {
return true
}
}