diff --git a/domain/category/endpoint.go b/domain/category/endpoint.go index 2ac80646..27090ae3 100644 --- a/domain/category/endpoint.go +++ b/domain/category/endpoint.go @@ -378,7 +378,7 @@ func (h *Handler) SetDocumentCategoryMembership(w http.ResponseWriter, r *http.R response.WriteEmpty(w) } -// GetDocumentCategoryMembership returns categories associated with given document. +// GetDocumentCategoryMembership returns user viewable categories associated with a given document. func (h *Handler) GetDocumentCategoryMembership(w http.ResponseWriter, r *http.Request) { method := "category.GetDocumentCategoryMembership" ctx := domain.GetRequestContext(r) @@ -412,7 +412,24 @@ func (h *Handler) GetDocumentCategoryMembership(w http.ResponseWriter, r *http.R cat = []category.Category{} } - response.WriteJSON(w, cat) + perm, err := h.Store.Permission.GetUserCategoryPermissions(ctx, ctx.UserID) + if err != nil { + h.Runtime.Log.Error("get user category permissions", err) + response.WriteServerError(w, method, err) + return + } + + see := []category.Category{} + for _, c := range cat { + for _, p := range perm { + if p.RefID == c.RefID { + see = append(see, c) + break + } + } + } + + response.WriteJSON(w, see) } // GetSpaceCategoryMembers returns category/document associations within space. diff --git a/domain/permission/mysql/store.go b/domain/permission/mysql/store.go index f6d1ba30..1e2d3dfc 100644 --- a/domain/permission/mysql/store.go +++ b/domain/permission/mysql/store.go @@ -191,3 +191,24 @@ func (s Scope) GetCategoryUsers(ctx domain.RequestContext, catID string) (u []us return } + +// GetUserCategoryPermissions returns category permissions for given user. +func (s Scope) GetUserCategoryPermissions(ctx domain.RequestContext, userID string) (r []permission.Permission, err error) { + err = s.Runtime.Db.Select(&r, ` + SELECT id, orgid, who, whoid, action, scope, location, refid + FROM permission WHERE orgid=? AND location='category' AND who='user' AND (whoid=? OR whoid='0') + UNION ALL + SELECT p.id, p.orgid, p.who, p.whoid, p.action, p.scope, p.location, p.refid + FROM permission p LEFT JOIN rolemember r ON p.whoid=r.roleid + WHERE p.orgid=? AND p.location='category' AND p.who='role'`, + ctx.OrgID, userID, ctx.OrgID) + + if err == sql.ErrNoRows { + err = nil + } + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("unable to execute select category permissions for user %s", userID)) + } + + return +} diff --git a/domain/storer.go b/domain/storer.go index b59d8591..d683710f 100644 --- a/domain/storer.go +++ b/domain/storer.go @@ -93,6 +93,7 @@ type PermissionStorer interface { DeleteSpaceCategoryPermissions(ctx RequestContext, spaceID string) (rows int64, err error) GetCategoryPermissions(ctx RequestContext, catID string) (r []permission.Permission, err error) GetCategoryUsers(ctx RequestContext, catID string) (u []user.User, err error) + GetUserCategoryPermissions(ctx RequestContext, userID string) (r []permission.Permission, err error) } // UserStorer defines required methods for user management