delete space, mov doc edge cases

2025-08-05 13:35:25 +02:00 · 2017-09-26 20:13:44 +01:00 · 2017-09-26 20:13:44 +01:00 · 8d761da939
commit 8d761da939
parent 5481de4e1c
11 changed files with 117 additions and 125 deletions
--- a/domain/space/endpoint.go
+++ b/domain/space/endpoint.go
@ -301,11 +301,11 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
 }

 // GetAll returns spaces the user can see.
-func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
-	method := "space.getAll"
+func (h *Handler) GetViewable(w http.ResponseWriter, r *http.Request) {
+	method := "space.GetViewable"
 	ctx := domain.GetRequestContext(r)

-	sp, err := h.Store.Space.GetAll(ctx)
+	sp, err := h.Store.Space.GetViewable(ctx)

 	if err != nil && err != sql.ErrNoRows {
 		response.WriteServerError(w, method, err)
@ -320,23 +320,31 @@ func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
 	response.WriteJSON(w, sp)
 }

-// GetSpaceViewers returns the users that can see the shared spaces.
-func (h *Handler) GetSpaceViewers(w http.ResponseWriter, r *http.Request) {
-	method := "space.viewers"
+
+// GetAll returns every space for documize admin users to manage
+func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request) {
+	method := "space.getAll"
 	ctx := domain.GetRequestContext(r)

-	v, err := h.Store.Space.Viewers(ctx)
+	if !ctx.Administrator {
+		response.WriteForbiddenError(w)
+		h.Runtime.Log.Info("rejected non-admin user request for all spaces")
+		return		
+	}
+
+	sp, err := h.Store.Space.GetAll(ctx)
+
 	if err != nil && err != sql.ErrNoRows {
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
 	}

-	if len(v) == 0 {
-		v = []space.Viewer{}
+	if len(sp) == 0 {
+		sp = []space.Space{}
 	}

-	response.WriteJSON(w, v)
+	response.WriteJSON(w, sp)
 }

 // Update processes request to save space object to the database
@ -444,6 +452,14 @@ func (h *Handler) Remove(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	_, err = h.Store.Category.RemoveSpaceCategoryMemberships(ctx, id)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
+		return
+	}
+
 	_, err = h.Store.Space.Delete(ctx, id)
 	if err != nil {
 		ctx.Transaction.Rollback()
@ -811,4 +827,4 @@ func (h *Handler) Invite(w http.ResponseWriter, r *http.Request) {
 	ctx.Transaction.Commit()

 	response.WriteEmpty(w)
-}
+}
--- a/domain/space/mysql/store.go
+++ b/domain/space/mysql/store.go
@ -69,9 +69,9 @@ func (s Scope) PublicSpaces(ctx domain.RequestContext, orgID string) (sp []space
 	return
 }

-// GetAll returns spaces that the user can see.
+// GetViewable returns spaces that the user can see.
 // Also handles which spaces can be seen by anonymous users.
-func (s Scope) GetAll(ctx domain.RequestContext) (sp []space.Space, err error) {
+func (s Scope) GetViewable(ctx domain.RequestContext) (sp []space.Space, err error) {
 	sql := `
 	SELECT id,refid,label as name,orgid,userid,type,created,revised FROM label
 	WHERE orgid=?
@ -90,6 +90,22 @@ func (s Scope) GetAll(ctx domain.RequestContext) (sp []space.Space, err error) {
 		ctx.OrgID,
 		ctx.UserID)

+	if err != nil {
+		err = errors.Wrap(err, fmt.Sprintf("failed space.GetViewable org %s", ctx.OrgID))
+	}
+
+	return
+}
+
+// GetAll for admin users!
+func (s Scope) GetAll(ctx domain.RequestContext) (sp []space.Space, err error) {
+	sql := `
+	SELECT id,refid,label as name,orgid,userid,type,created,revised FROM label
+	WHERE orgid=?
+	ORDER BY name`
+
+	err = s.Runtime.Db.Select(&sp, sql, ctx.OrgID)
+
 	if err != nil {
 		err = errors.Wrap(err, fmt.Sprintf("failed space.GetAll org %s", ctx.OrgID))
 	}
@ -110,28 +126,6 @@ func (s Scope) Update(ctx domain.RequestContext, sp space.Space) (err error) {
 	return
 }

-// Viewers returns the list of people who can see shared spaces.
-func (s Scope) Viewers(ctx domain.RequestContext) (v []space.Viewer, err error) {
-	sql := `
-	SELECT a.userid,
-		COALESCE(u.firstname, '') as firstname,
-		COALESCE(u.lastname, '') as lastname,
-		COALESCE(u.email, '') as email,
-		a.labelid,
-		b.label as name,
-		b.type
-	FROM labelrole a
-	LEFT JOIN label b ON b.refid=a.labelid
-	LEFT JOIN user u ON u.refid=a.userid
-	WHERE a.orgid=? AND b.type != 2
-	GROUP BY a.labelid,a.userid
-	ORDER BY u.firstname,u.lastname`
-
-	err = s.Runtime.Db.Select(&v, sql, ctx.OrgID)
-
-	return
-}
-
 // Delete removes space from the store.
 func (s Scope) Delete(ctx domain.RequestContext, id string) (rows int64, err error) {
 	b := mysql.BaseQuery{}
--- a/domain/space/space_test.go
+++ b/domain/space/space_test.go
@ -163,14 +163,6 @@ func TestSpace(t *testing.T) {
 		}
 	})

-	t.Run("Viewers", func(t *testing.T) {
-		viewers, err := s.Space.Viewers(ctx)
-		if err != nil || viewers == nil {
-			t.Error("failed to get viewers")
-			return
-		}
-	})
-
 	t.Run("Add Role", func(t *testing.T) {
 		ctx.Transaction, err = rt.Db.Beginx()