mirror of
https://github.com/documize/community.git
synced 2025-07-19 21:29:42 +02:00
permission screen UI overflow fix
1. handle long username overflow on space permissions screen 2. only show document history to editors 3. removed redundant document editing permission check 4. Ensure subdomain is detected when accepting space invitation
This commit is contained in:
Harvey Kandola
parent
e505bb36e2
commit
a982af6e79
13 changed files with 683 additions and 654 deletions
|
|
@ -8,7 +8,7 @@ The mission is to bring software dev inspired features (refactoring, testing, li
|
|||
|
||||
## Latest version
|
||||
|
||||
v1.53.3
|
||||
v1.53.4
|
||||
|
||||
## OS Support
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import (
|
|||
"github.com/documize/community/core/uniqueid"
|
||||
"github.com/documize/community/domain"
|
||||
"github.com/documize/community/domain/document"
|
||||
"github.com/documize/community/domain/organization"
|
||||
indexer "github.com/documize/community/domain/search"
|
||||
"github.com/documize/community/model/attachment"
|
||||
"github.com/documize/community/model/audit"
|
||||
|
|
@ -44,6 +45,7 @@ type Handler struct {
|
|||
func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
|
||||
method := "attachment.Download"
|
||||
ctx := domain.GetRequestContext(r)
|
||||
ctx.Subdomain = organization.GetSubdomainFromHost(r)
|
||||
|
||||
a, err := h.Store.Attachment.GetAttachment(ctx, request.Param(r, "orgID"), request.Param(r, "attachmentID"))
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
|
|||
response.WriteUnauthorizedError(w)
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
if err != nil && err != sql.ErrNoRows {
|
||||
response.WriteServerError(w, method, err)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -205,10 +205,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !ctx.Editor {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
// if !ctx.Editor {
|
||||
// response.WriteForbiddenError(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
if !CanChangeDocument(ctx, *h.Store, documentID) {
|
||||
response.WriteForbiddenError(w)
|
||||
|
|
|
|||
|
|
@ -454,10 +454,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !ctx.Editor {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
// if !ctx.Editor {
|
||||
// response.WriteForbiddenError(w)
|
||||
// return
|
||||
// }
|
||||
|
||||
documentID := request.Param(r, "documentID")
|
||||
if len(documentID) == 0 {
|
||||
|
|
@ -471,6 +471,11 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !document.CanChangeDocument(ctx, *h.Store, documentID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
||||
defer streamutil.Close(r.Body)
|
||||
body, err := ioutil.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ import (
|
|||
"github.com/documize/community/core/uniqueid"
|
||||
"github.com/documize/community/domain"
|
||||
"github.com/documize/community/domain/mail"
|
||||
"github.com/documize/community/domain/organization"
|
||||
"github.com/documize/community/model/account"
|
||||
"github.com/documize/community/model/audit"
|
||||
"github.com/documize/community/model/doc"
|
||||
|
|
@ -745,6 +746,7 @@ func (h *Handler) GetPermissions(w http.ResponseWriter, r *http.Request) {
|
|||
func (h *Handler) AcceptInvitation(w http.ResponseWriter, r *http.Request) {
|
||||
method := "space.AcceptInvitation"
|
||||
ctx := domain.GetRequestContext(r)
|
||||
ctx.Subdomain = organization.GetSubdomainFromHost(r)
|
||||
|
||||
folderID := request.Param(r, "folderID")
|
||||
if len(folderID) == 0 {
|
||||
|
|
|
|||
|
|
@ -504,7 +504,7 @@ func (h *Handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
|
|||
newPassword := string(body)
|
||||
|
||||
// can only update your own account unless you are an admin
|
||||
if userID != ctx.UserID || !ctx.Administrator {
|
||||
if !ctx.Administrator || (!ctx.Administrator && userID != ctx.UserID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
|
@ -526,12 +526,13 @@ func (h *Handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
err = h.Store.User.UpdateUserPassword(ctx, userID, u.Salt, secrets.GeneratePassword(newPassword, u.Salt))
|
||||
if err != nil {
|
||||
ctx.Transaction.Rollback()
|
||||
response.WriteServerError(w, method, err)
|
||||
h.Runtime.Log.Error(method, err)
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Transaction.Rollback()
|
||||
ctx.Transaction.Commit()
|
||||
|
||||
response.WriteEmpty(w)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ func main() {
|
|||
rt.Product = env.ProdInfo{}
|
||||
rt.Product.Major = "1"
|
||||
rt.Product.Minor = "53"
|
||||
rt.Product.Patch = "3"
|
||||
rt.Product.Patch = "4"
|
||||
rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch)
|
||||
rt.Product.Edition = "Community"
|
||||
rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition)
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -13,7 +13,9 @@
|
|||
border: none;
|
||||
padding: 0;
|
||||
margin: 0 0 30px 0;
|
||||
table-layout: fixed;
|
||||
width: 100%;
|
||||
white-space: nowrap;
|
||||
|
||||
> thead {
|
||||
> tr {
|
||||
|
|
@ -21,13 +23,28 @@
|
|||
font-weight: bold;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
> th:nth-child(1) {
|
||||
width: 70%;
|
||||
}
|
||||
|
||||
> th:nth-child(2), td:nth-child(3) {
|
||||
width: 20%;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
> tbody {
|
||||
width: 300px;
|
||||
|
||||
> tr {
|
||||
> td {
|
||||
padding: 8px 0;
|
||||
@extend .truncate;
|
||||
}
|
||||
|
||||
> td:nth-child(1) {
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
> td:nth-child(2), td:nth-child(3) {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
<div class="round-button-mono {{if (is-equal tab 'attachments') 'selected'}}" {{action 'onChangeTab' 'attachments'}}>
|
||||
<i class="material-icons">attach_file</i>
|
||||
</div>
|
||||
{{#if session.authenticated}}
|
||||
{{#if isEditor}}
|
||||
<div class="margin-top-20"></div>
|
||||
<div class="round-button-mono {{if (is-equal tab 'activity') 'selected'}}" {{action 'onChangeTab' 'activity'}}>
|
||||
<i class="material-icons">timeline</i>
|
||||
|
|
@ -55,11 +55,13 @@
|
|||
{{else}}
|
||||
<li class="item" id="pin-document-button">Pin</li>
|
||||
{{/if}}
|
||||
<li class="item" id="pin-document-button">
|
||||
{{#if isEditor}}
|
||||
<li class="item">
|
||||
{{#link-to 'document.history'}}History{{/link-to}}
|
||||
</li>
|
||||
<li class="divider"></li>
|
||||
{{/if}}
|
||||
{{/if}}
|
||||
|
||||
{{#if isEditor}}
|
||||
<li class="item" id="save-template-button">Template</li>
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "documize",
|
||||
"version": "1.53.3",
|
||||
"version": "1.53.4",
|
||||
"description": "The Document IDE",
|
||||
"private": true,
|
||||
"repository": "",
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
{
|
||||
"community":
|
||||
{
|
||||
"version": "1.53.3",
|
||||
"version": "1.53.4",
|
||||
"major": 1,
|
||||
"minor": 53,
|
||||
"patch": 3
|
||||
"patch": 4
|
||||
},
|
||||
"enterprise":
|
||||
{
|
||||
"version": "1.55.3",
|
||||
"version": "1.55.4",
|
||||
"major": 1,
|
||||
"minor": 55,
|
||||
"patch": 3
|
||||
"patch": 4
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue