Fix space permissions group vs. user role overriding

2025-07-19 21:29:42 +02:00 · 2018-03-27 11:33:43 +01:00 · 2018-03-27 11:33:43 +01:00 · ad4030bc17
commit ad4030bc17
parent e1d2d4c037
11 changed files with 691 additions and 680 deletions
--- a/domain/permission/mysql/store.go
+++ b/domain/permission/mysql/store.go
@ -73,7 +73,7 @@ func (s Scope) GetUserSpacePermissions(ctx domain.RequestContext, spaceID string
 			WHERE p.orgid=? AND p.location='space' AND refid=? AND p.who='role' AND (r.userid=? OR r.userid='0')`,
 		ctx.OrgID, spaceID, ctx.UserID, ctx.OrgID, spaceID, ctx.UserID)
-	if err == sql.ErrNoRows {
+	if err == sql.ErrNoRows || len(r) == 0 {
 		err = nil
 		r = []permission.Permission{}
 	}
@ -136,9 +136,9 @@ func (s Scope) GetCategoryPermissions(ctx domain.RequestContext, catID string) (
 func (s Scope) GetCategoryUsers(ctx domain.RequestContext, catID string) (u []user.User, err error) {
 	err = s.Runtime.Db.Select(&u, `
 		SELECT u.id, IFNULL(u.refid, '') AS refid, IFNULL(u.firstname, '') AS firstname, IFNULL(u.lastname, '') as lastname, u.email, u.initials, u.password, u.salt, u.reset, u.created, u.revised
-		FROM user u LEFT JOIN account a ON u.refid = a.userid 
+		FROM user u LEFT JOIN account a ON u.refid = a.userid
 		WHERE a.orgid=? AND a.active=1 AND u.refid IN (
-			SELECT whoid from permission 
+			SELECT whoid from permission
 			WHERE orgid=? AND who='user' AND location='category' AND refid=?
 			UNION ALL
 			SELECT r.userid from rolemember r
@ -283,7 +283,7 @@ func (s Scope) DeleteSpaceCategoryPermissions(ctx domain.RequestContext, spaceID
 	b := mysql.BaseQuery{}
 	sql := fmt.Sprintf(`
-		DELETE FROM permission WHERE orgid='%s' AND location='category' 
+		DELETE FROM permission WHERE orgid='%s' AND location='category'
 			AND refid IN (SELECT refid FROM category WHERE orgid='%s' AND labelid='%s')`,
 		ctx.OrgID, ctx.OrgID, spaceID)
--- a/edition/community.go
+++ b/edition/community.go
@ -42,7 +42,7 @@ func main() {
 	rt.Product = env.ProdInfo{}
 	rt.Product.Major = "1"
 	rt.Product.Minor = "59"
-	rt.Product.Patch = "0"
+	rt.Product.Patch = "1"
 	rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch)
 	rt.Product.Edition = "Community"
 	rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition)
--- a/embed/bindata_assetfs.go
+++ b/embed/bindata_assetfs.go
--- a/gui/app/components/folder/permission-admin.js
+++ b/gui/app/components/folder/permission-admin.js
@ -19,6 +19,7 @@ export default Component.extend(ModalMixin, {
 	groupSvc: service('group'),
 	spaceSvc: service('folder'),
 	userSvc: service('user'),
 	router: service(),
 	appMeta: service(),
 	store: service(),
 	spacePermissions: null,
@ -26,6 +27,8 @@ export default Component.extend(ModalMixin, {
 	searchText: '',
 	didReceiveAttrs() {
 		this._super(...arguments);
 		let spacePermissions = A([]);
 		let constants = this.get('constants');
@ -77,7 +80,6 @@ export default Component.extend(ModalMixin, {
 	permissionRecord(who, whoId, name) {
 		let raw = {
 			id: whoId,
 			orgId: this.get('folder.orgId'),
 			folderId: this.get('folder.id'),
 			whoId: whoId,
@ -161,6 +163,7 @@ export default Component.extend(ModalMixin, {
 			this.get('spaceSvc').savePermissions(folder.get('id'), payload).then(() => {
 				this.modalClose('#space-permission-modal');
 				this.get('onRefresh')();
 			});
 		},
--- a/gui/app/components/toolbar/for-space.js
+++ b/gui/app/components/toolbar/for-space.js
@ -92,7 +92,7 @@ export default Component.extend(ModalMixin, TooltipMixin, AuthMixin, {
 		if (is.not.null(this.get('dropzone'))) {
 			this.get('dropzone').destroy();
 			this.set('dropzone', null);
-		}		
+		}
 	},
 	getDefaultInvitationMessage() {
@ -354,7 +354,7 @@ export default Component.extend(ModalMixin, TooltipMixin, AuthMixin, {
 			let template = this.get('templates').findBy('id', id)
 			this.modalClose("#space-template-modal");
-			
+
 			let slug = stringUtil.makeSlug(template.get('title'));
 			this.get('router').transitionTo('document', this.get('space.id'), this.get('space.slug'), id, slug);
 		}
--- a/gui/app/serializers/space-permission.js
+++ b/gui/app/serializers/space-permission.js
@ -2,9 +2,13 @@ import ApplicationSerializer from './application';
 export default ApplicationSerializer.extend({
 	normalize(modelClass, resourceHash) {
 		let id = '0';
 		if (resourceHash.whoId) id = resourceHash.whoId;
 		if (resourceHash.id) id = resourceHash.id;
 		return {
 			data: {
-				id: resourceHash.whoId ? resourceHash.whoId : 0,
+				id: id,
 				type: modelClass.modelName,
 				attributes: resourceHash
 			}
--- a/gui/app/services/folder.js
+++ b/gui/app/services/folder.js
@ -122,6 +122,7 @@ export default BaseService.extend({
 			if (is.not.array(response)) response = [];
 			data = response.map((obj) => {
 				obj.id = 'sp-' + obj.id;
 				let data = this.get('store').normalize('space-permission', obj);
 				return this.get('store').push(data);
 			});
@ -165,6 +166,7 @@ export default BaseService.extend({
 		let url = `space/${folderId}/permissions/user`;
 		return this.get('ajax').request(url).then((response) => {
 			response.id = 'u-' + response.id;
 			let data = this.get('store').normalize('space-permission', response);
 			let data2 = this.get('store').push(data);
 			this.set('permissions', data2);
--- a/gui/app/styles/print.scss
+++ b/gui/app/styles/print.scss
@ -15,20 +15,20 @@
 		@top-right {
 			font-size: 12px;
 			content: string(doctitle);
 			color: $color-off-black;
 			// content: string(doctitle);
 		}
 		@bottom-left {
 			font-size: 12px;
 			content: 'Exported from Documize';
 			color: $color-off-black;
 			// content: 'Exported from Documize';
 		}
 		@bottom-right {
 			content: counter(page);
 			font-size: 12px;
 			color: $color-off-black;
 			// content: counter(page);
 		}
 	}
--- a/gui/app/templates/components/folder/space-view.hbs
+++ b/gui/app/templates/components/folder/space-view.hbs
@ -39,7 +39,7 @@
 					{{/unless}}
 				</div>
 			</div>
-		</div>		
+		</div>
 	</div>
 	<div class="row">
 		<div class="col-12">
--- a/gui/app/templates/components/toolbar/for-space.hbs
+++ b/gui/app/templates/components/toolbar/for-space.hbs
@ -1,5 +1,5 @@
 {{#toolbar/t-toolbar}}
-	
+
 	{{#toolbar/t-links}}
 		{{#link-to "folders" class="link" tagName="li"}}Spaces{{/link-to}}
 	{{/toolbar/t-links}}
@ -189,7 +189,7 @@
 							<div class="import-zone">
 								<button id="import-document-button" type="button" class="btn btn-outline-secondary btn-lg btn-block">
 									<br/>
-									Click to select files or drag-drop files 
+									Click to select files or drag-drop files
 									<br/><br/>
 									.doc, .docx, .md, .markdown
 									<br/><br/>
@ -206,10 +206,10 @@
 						</div>
 					</div>
 				</div>
-			</div>			
+			</div>
 		{{/if}}
 	{{/toolbar/t-actions}}
 {{/toolbar/t-toolbar}}
-{{folder/permission-admin folders=spaces folder=space}}
+{{folder/permission-admin folders=spaces folder=space onRefresh=onRefresh}}
--- a/model/permission/space.go
+++ b/model/permission/space.go
@ -15,6 +15,7 @@ package permission
 // This data structure is made from database permission records for the space,
 // and it is designed to be sent to HTTP clients (web, mobile).
 type Record struct {
 	ID                uint64  `json:"id"`
 	OrgID             string  `json:"orgId"`
 	SpaceID           string  `json:"folderId"`
 	WhoID             string  `json:"whoId"`
@ -40,6 +41,7 @@ func DecodeUserPermissions(perm []Permission) (r Record) {
 	r = Record{}
 	if len(perm) > 0 {
 		r.ID = perm[0].ID
 		r.OrgID = perm[0].OrgID
 		r.WhoID = perm[0].WhoID
 		r.Who = perm[0].Who