Improve attachment and link handling

domain/attachment/endpoint.go

@@ -100,19 +100,40 @@ func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Get the organization for this request
+	// Get the space for this attachment
+	org, err := h.Store.Organization.GetOrganization(ctx, ctx.OrgID)
+	if err == sql.ErrNoRows {
+		response.WriteNotFoundError(w, method, a.DocumentID)
+		return
+	}
+	if err != nil {
+		h.Runtime.Log.Error("get attachment org", err)
+		response.WriteServerError(w, method, err)
+		return
+	}
+
 	// At this point, all data associated data is loaded.
 	// We now begin security checks based upon the request.
 
 	// If attachment is in public space then anyone can download
-	if sp.Type == space.ScopePublic {
+	if org.AllowAnonymousAccess && sp.Type == space.ScopePublic {
+		canDownload = true
+	}
+
+	// External users can be sent secure document viewing links.
+	// Those documents may contain attachments that external viewers
+	// can download as required.
+	// Such secure document viewing links can have expiry dates.
+	if !canDownload && len(secureToken) > 0 {
 		canDownload = true
 	}
 
 	// If an user authentication token was provided we check to see
 	// if user can view document.
 	// This check only applies to attachments NOT in public spaces.
-	if sp.Type != space.ScopePublic && len(authToken) > 0 {
-		// Decode and check incoming token
+	if !canDownload && len(authToken) > 0 {
+		// Decode and check incoming token.
 		creds, _, err := auth.DecodeJWT(h.Runtime, authToken)
 		if err != nil {
 			h.Runtime.Log.Error("get attachment decode auth token", err)
@@ -140,14 +161,6 @@ func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
 		canDownload = true
 	}
 
-	// External users can be sent secure document viewing links.
-	// Those documents may contain attachments that external viewers
-	// can download as required.
-	// Such secure document viewing links can have expiry dates.
-	if len(authToken) == 0 && len(secureToken) > 0 {
-		// TODO
-	}
-
 	// Send back error if caller unable view attachment
 	if !canDownload {
 		h.Runtime.Log.Error("get attachment refused", err)

edition/community.go

@@ -42,7 +42,7 @@ func main() {
 	rt.Product.Major = "2"
 	rt.Product.Minor = "0"
 	rt.Product.Patch = "0"
-	rt.Product.Revision = 190114220236
+	rt.Product.Revision = 190115203818
 	rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch)
 	rt.Product.Edition = domain.CommunityEdition
 	rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition)

gui/app/components/document/sidebar-attachment.js

@@ -87,10 +87,10 @@ export default Component.extend(Modals, Notifier, {
 
 		// For authenticated users we send server auth token.
 		let qry = '';
-		if (this.get('session.authenticated')) {
-			qry = '?token=' + this.get('session.authToken');
-		} else {
+		if (this.get('session.hasSecureToken')) {
 			qry = '?secure=' + this.get('session.secureToken');
+		} else if (this.get('session.authenticated')) {
+			qry = '?token=' + this.get('session.authToken');
 		}
 		this.set('downloadQuery', qry);
 	},

gui/app/components/document/view-content.js

@@ -21,7 +21,7 @@ export default Component.extend(Notifier, {
 	sectionService: service('section'),
 	store: service(),
 	appMeta: service(),
-	link: service(),
+	linkSvc: service('link'),
 	hasPages: notEmpty('pages'),
 	showInsertSectionModal: false,
 	newSectionLocation: '',
@@ -40,24 +40,21 @@ export default Component.extend(Notifier, {
 		this.set('showLikes', this.get('folder.allowLikes') && this.get('document.isLive'));
 	},
 
-	didRender() {
-		this._super(...arguments);
-		this.contentLinkHandler();
-	},
-
 	didInsertElement() {
 		this._super(...arguments);
 
 		this.jumpToSection(this.get('currentPageId'));
+
+		this.contentLinkHandler();
 	},
 
 	contentLinkHandler() {
-		let links = this.get('link');
+		let linkSvc = this.get('linkSvc');
 		let doc = this.get('document');
 		let self = this;
 
 		$("a[data-documize='true']").off('click').on('click', function (e) {
-			let link = links.getLinkObject(self.get('links'), this);
+			let link = linkSvc.getLinkObject(self.get('links'), this);
 
 			// local link? exists?
 			if ((link.linkType === "section" || link.linkType === "tab") && link.documentId === doc.get('id')) {
@@ -79,7 +76,10 @@ export default Component.extend(Notifier, {
 				return false;
 			}
 
-			links.linkClick(doc, link);
+			e.preventDefault();
+			e.stopPropagation();
+
+			linkSvc.linkClick(doc, link);
 			return false;
 		});
 	},

gui/app/services/link.js

@@ -66,13 +66,7 @@ export default Service.extend(Notifier, {
 			result = `<a data-documize='true' data-link-space-id='${link.spaceId}' data-link-id='${link.id}' data-link-target-document-id='${link.documentId}' data-link-target-id='${link.targetId}' data-link-type='${link.linkType}' href='${href}'>${link.title}</a>`;
 		}
 		if (link.linkType === "file") {
-			// For authenticated users we send server auth token.
-			let qry = '';
-			if (this.get('session.authenticated')) {
-				qry = '?token=' + this.get('session.authToken');
-			}
-
-			href = `${endpoint}/public/attachment/${orgId}/${link.targetId}${qry}`;
+			href = `${endpoint}/public/attachment/${orgId}/${link.targetId}`;
 			result = `<a data-documize='true' data-link-space-id='${link.spaceId}' data-link-id='${link.id}' data-link-target-document-id='${link.documentId}' data-link-target-id='${link.targetId}' data-link-type='${link.linkType}' href='${href}'>${link.title}</a>`;
 		}
 		if (link.linkType === "network") {
@@ -136,8 +130,16 @@ export default Service.extend(Notifier, {
 
 		// handle attachment links
 		if (link.linkType === "file") {
+			// For authenticated users we send server auth token.
+			let qry = '';
+			if (this.get('session.hasSecureToken')) {
+				qry = '?secure=' + this.get('session.secureToken');
+			} else if (this.get('session.authenticated')) {
+				qry = '?token=' + this.get('session.authToken');
+			}
+
 			link.url = link.url.replace('attachments/', 'attachment/');
-			window.location.href = link.url;
+			window.location.href = link.url + qry;
 			return;
 		}
 

gui/app/services/session.js

@@ -25,7 +25,12 @@ export default SimpleAuthSession.extend({
 	currentFolder: null,
 	isMac: false,
 	isMobile: false,
+
 	secureToken: '',
+	hasSecureToken: computed('secureToken', function () {
+		let st = this.get('secureToken');
+		return is.not.null(st) && is.not.undefined(st) && st.length > 0;
+	}),
 
 	hasAccounts: computed('isAuthenticated', 'session.content.authenticated.user', function () {
 		return this.get('session.authenticator') !== 'authenticator:anonymous' && this.get('session.content.authenticated.user.accounts').length > 0;

gui/app/templates/components/document/sidebar-toc.hbs

@@ -16,6 +16,8 @@
 			</div>
 		</div>
 	</div>
+{{else}}
+	{{ui/ui-spacer size=100}}
 {{/if}}
 
 <div class="document-sidebar-toc">
@@ -27,7 +29,7 @@
 					title={{item.page.title}}>
 					<span class="numbering">{{item.page.numbering}}</span>
 					{{#if (or item.userHasChangePending userHasNewPagePending)}}
-						<span class="color-red-600" >[*]&nbsp;</span>
+						<span class="color-red-600">[*]&nbsp;</span>
 						{{#attach-tooltip showDelay=1000}}Pending changes{{/attach-tooltip}}
 					{{/if}}
 					{{#if (or permissions.documentApprove roles.documentApprove)}}