anon user space/categopry handling

domain/category/endpoint.go

@@ -16,6 +16,7 @@ package category
 import (
 	"database/sql"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 
@@ -280,9 +281,12 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 
 // GetSummary returns number of documents and users for space categories.
 func (h *Handler) GetSummary(w http.ResponseWriter, r *http.Request) {
+	fmt.Println("ctx.UserID")
+
 	method := "category.GetSummary"
 	ctx := domain.GetRequestContext(r)
 
+
 	spaceID := request.Param(r, "spaceID")
 	if len(spaceID) == 0 {
 		response.WriteMissingDataError(w, method, "spaceID")

domain/category/mysql/store.go

@@ -52,8 +52,9 @@ func (s Scope) GetBySpace(ctx domain.RequestContext, spaceID string) (c []catego
 		SELECT id, refid, orgid, labelid, category, created, revised FROM category
 		WHERE orgid=? AND labelid=?
 			  AND refid IN (SELECT refid FROM permission WHERE orgid=? AND location='category' AND refid IN (
-				SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='category' UNION ALL
-				SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' AND p.location='category' AND r.userid=?
+				SELECT refid from permission WHERE orgid=? AND who='user' AND (whoid=? OR whoid='0') AND location='category' UNION ALL
+				SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid 
+					WHERE p.orgid=? AND p.who='role' AND p.location='category' AND (r.userid=? OR r.userid='0')
 		))
 	  ORDER BY category`, ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, ctx.UserID, ctx.OrgID, ctx.UserID)
 
@@ -73,9 +74,9 @@ func (s Scope) GetAllBySpace(ctx domain.RequestContext, spaceID string) (c []cat
 		SELECT id, refid, orgid, labelid, category, created, revised FROM category
 		WHERE orgid=? AND labelid=?
 			  AND labelid IN (SELECT refid FROM permission WHERE orgid=? AND location='space' AND refid IN (
-				SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='space' UNION ALL
+				SELECT refid from permission WHERE orgid=? AND who='user' AND (whoid=? OR whoid='0') AND location='space' UNION ALL
 				SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' AND p.location='space' 
-					AND p.action='view' AND r.userid=?
+					AND p.action='view' AND (r.userid=? OR r.userid='0')
 		))
 	  ORDER BY category`, ctx.OrgID, spaceID, ctx.OrgID, ctx.OrgID, ctx.UserID, ctx.OrgID, ctx.UserID)
 

domain/permission/endpoint.go

@@ -136,7 +136,8 @@ func (h *Handler) SetSpacePermissions(w http.ResponseWriter, r *http.Request) {
 		// Only persist if there is a role!
 		if permission.HasAnyPermission(perm) {
 			// identify publically shared spaces
-			if perm.UserID == "0" {
+			if perm.UserID == "0" || perm.UserID == "" {
+				perm.UserID = "0"
 				hasEveryoneRole = true
 			}
 
@@ -156,7 +157,7 @@ func (h *Handler) SetSpacePermissions(w http.ResponseWriter, r *http.Request) {
 			if _, isExisting := previousRoleUsers[perm.UserID]; !isExisting {
 
 				// we skip 'everyone' (user id != empty string)
-				if perm.UserID != "0" {
+				if perm.UserID != "0" && perm.UserID != "" {
 					existingUser, err := h.Store.User.Get(ctx, perm.UserID)
 					if err != nil {
 						response.WriteServerError(w, method, err)

domain/space/endpoint.go

@@ -300,7 +300,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
 	response.WriteJSON(w, sp)
 }
 
-// GetAll returns spaces the user can see.
+// GetAlGetViewablel returns spaces the user can see.
 func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 	method := "space.GetViewable"
 	ctx := domain.GetRequestContext(r)
@@ -312,7 +312,6 @@ func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 		h.Runtime.Log.Error(method, err)
 		return
 	}
-
 	if len(sp) == 0 {
 		sp = []space.Space{}
 	}
@@ -320,7 +319,6 @@ func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 	response.WriteJSON(w, sp)
 }
 
-
 // GetAll returns every space for documize admin users to manage
 func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
 	method := "space.getAll"
@@ -329,7 +327,7 @@ func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
 	if !ctx.Administrator {
 		response.WriteForbiddenError(w)
 		h.Runtime.Log.Info("rejected non-admin user request for all spaces")
-		return		
+		return
 	}
 
 	sp, err := h.Store.Space.GetAll(ctx)

domain/space/mysql/store.go

@@ -76,9 +76,9 @@ func (s Scope) GetViewable(ctx domain.RequestContext) (sp []space.Space, err err
 	SELECT id,refid,label as name,orgid,userid,type,created,revised FROM label
 	WHERE orgid=?
 		AND refid IN (SELECT refid FROM permission WHERE orgid=? AND location='space' AND refid IN (
-		SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='space' UNION ALL
+		SELECT refid from permission WHERE orgid=? AND who='user' AND (whoid=? OR whoid='0') AND location='space' UNION ALL
 		SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' 
-		AND p.location='space' AND p.action='view' AND r.userid=?
+		AND p.location='space' AND p.action='view' AND (r.userid=? OR r.userid='0')
 	))
 	ORDER BY name`