re-working space permissions -- WIP

2025-08-04 04:55:23 +02:00 · 2017-09-13 19:22:38 +01:00 · 2017-09-13 19:22:38 +01:00 · ae05cacf3f
commit ae05cacf3f
parent c51ba65b1d
37 changed files with 735 additions and 601 deletions
--- a/domain/space/permission.go
+++ b/domain/space/permission.go
@ -17,11 +17,12 @@ import (
 	"database/sql"

 	"github.com/documize/community/domain"
+	"github.com/documize/community/model/space"
 )

 // CanViewSpace returns if the user has permission to view the given spaceID.
-func CanViewSpace(ctx domain.RequestContext, s domain.Store, spaceID string) (hasPermission bool) {
-	roles, err := s.Space.GetRoles(ctx, spaceID)
+func CanViewSpace(ctx domain.RequestContext, s domain.Store, spaceID string) bool {
+	roles, err := s.Space.GetUserPermissions(ctx, spaceID)
 	if err == sql.ErrNoRows {
 		err = nil
 	}
@ -30,27 +31,8 @@ func CanViewSpace(ctx domain.RequestContext, s domain.Store, spaceID string) (ha
 	}

 	for _, role := range roles {
-		if role.LabelID == spaceID && (role.CanView || role.CanEdit) {
-			return true
-		}
-	}
-
-	return false
-}
-
-// CanViewSpaceDocuments returns if the user has permission to view a document within the specified space.
-func CanViewSpaceDocuments(ctx domain.RequestContext, s domain.Store, spaceID string) (hasPermission bool) {
-	roles, err := s.Space.GetRoles(ctx, spaceID)
-	if err == sql.ErrNoRows {
-		err = nil
-	}
-
-	if err != nil {
-		return false
-	}
-
-	for _, role := range roles {
-		if role.LabelID == spaceID && (role.CanView || role.CanEdit) {
+		if role.RefID == spaceID && role.Location == "space" && role.Scope == "object" &&
+			space.HasPermission(role.Action, space.SpaceView, space.SpaceManage, space.SpaceOwner) {
 			return true
 		}
 	}