anon user space/categopry handling

domain/space/endpoint.go

@@ -300,7 +300,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
 	response.WriteJSON(w, sp)
 }
 
-// GetAll returns spaces the user can see.
+// GetAlGetViewablel returns spaces the user can see.
 func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 	method := "space.GetViewable"
 	ctx := domain.GetRequestContext(r)
@@ -312,7 +312,6 @@ func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 		h.Runtime.Log.Error(method, err)
 		return
 	}
-
 	if len(sp) == 0 {
 		sp = []space.Space{}
 	}
@@ -320,7 +319,6 @@ func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
 	response.WriteJSON(w, sp)
 }
 
-
 // GetAll returns every space for documize admin users to manage
 func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
 	method := "space.getAll"
@@ -329,7 +327,7 @@ func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
 	if !ctx.Administrator {
 		response.WriteForbiddenError(w)
 		h.Runtime.Log.Info("rejected non-admin user request for all spaces")
-		return		
+		return
 	}
 
 	sp, err := h.Store.Space.GetAll(ctx)

domain/space/mysql/store.go

@@ -76,9 +76,9 @@ func (s Scope) GetViewable(ctx domain.RequestContext) (sp []space.Space, err err
 	SELECT id,refid,label as name,orgid,userid,type,created,revised FROM label
 	WHERE orgid=?
 		AND refid IN (SELECT refid FROM permission WHERE orgid=? AND location='space' AND refid IN (
-		SELECT refid from permission WHERE orgid=? AND who='user' AND whoid=? AND location='space' UNION ALL
+		SELECT refid from permission WHERE orgid=? AND who='user' AND (whoid=? OR whoid='0') AND location='space' UNION ALL
 		SELECT p.refid from permission p LEFT JOIN rolemember r ON p.whoid=r.roleid WHERE p.orgid=? AND p.who='role' 
-		AND p.location='space' AND p.action='view' AND r.userid=?
+		AND p.location='space' AND p.action='view' AND (r.userid=? OR r.userid='0')
 	))
 	ORDER BY name`