document level permissions

model/permission/common.go

@@ -0,0 +1,76 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package permission
+
+import "time"
+
+// Permission represents a permission for a space and is persisted to the database.
+type Permission struct {
+	ID       uint64    `json:"id"`
+	OrgID    string    `json:"orgId"`
+	Who      string    `json:"who"`      // user, role
+	WhoID    string    `json:"whoId"`    // either a user or role ID
+	Action   Action    `json:"action"`   // view, edit, delete
+	Scope    string    `json:"scope"`    // object, table
+	Location string    `json:"location"` // table name
+	RefID    string    `json:"refId"`    // id of row in table / blank when scope=table
+	Created  time.Time `json:"created"`
+}
+
+// Action details type of action
+type Action string
+
+const (
+	// SpaceView action means you can view a space and documents therein
+	SpaceView Action = "view"
+
+	// SpaceManage action means you can add, remove users, set permissions, but not delete that space
+	SpaceManage Action = "manage"
+
+	// SpaceOwner action means you can delete a space and do all SpaceManage functions
+	SpaceOwner Action = "own"
+
+	// DocumentAdd action means you can create/upload documents to a space
+	DocumentAdd Action = "doc-add"
+
+	// DocumentEdit action means you can edit documents in a space
+	DocumentEdit Action = "doc-edit"
+
+	// DocumentDelete means you can delete documents in a space
+	DocumentDelete Action = "doc-delete"
+
+	// DocumentMove means you can move documents between spaces
+	DocumentMove Action = "doc-move"
+
+	// DocumentCopy means you can copy documents within and between spaces
+	DocumentCopy Action = "doc-copy"
+
+	// DocumentTemplate means you can create, edit and delete document templates and content blocks
+	DocumentTemplate Action = "doc-template"
+
+	// DocumentApprove means you can approve a change to a document
+	DocumentApprove Action = "doc-approve"
+
+	// CategoryView action means you can view a category and documents therein
+	CategoryView Action = "view"
+)
+
+// ContainsPermission checks if action matches one of the required actions?
+func ContainsPermission(action Action, actions ...Action) bool {
+	for _, a := range actions {
+		if action == a {
+			return true
+		}
+	}
+
+	return false
+}

model/permission/document.go

@@ -0,0 +1,78 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package permission
+
+// DocumentRecord represents space permissions for a user on a document.
+// This data structure is made from database permission records for the document,
+// and it is designed to be sent to HTTP clients (web, mobile).
+type DocumentRecord struct {
+	OrgID               string `json:"orgId"`
+	DocumentID          string `json:"documentId"`
+	UserID              string `json:"userId"`
+	DocumentRoleEdit    bool   `json:"documentRoleEdit"`
+	DocumentRoleApprove bool   `json:"documentRoleApprove"`
+}
+
+// DecodeUserDocumentPermissions returns a flat, usable permission summary record
+// from multiple user permission records for a given document.
+func DecodeUserDocumentPermissions(perm []Permission) (r DocumentRecord) {
+	r = DocumentRecord{}
+
+	if len(perm) > 0 {
+		r.OrgID = perm[0].OrgID
+		r.UserID = perm[0].WhoID
+		r.DocumentID = perm[0].RefID
+	}
+
+	for _, p := range perm {
+		switch p.Action {
+		case DocumentEdit:
+			r.DocumentRoleEdit = true
+		case DocumentApprove:
+			r.DocumentRoleApprove = true
+		}
+	}
+
+	return
+}
+
+// EncodeUserDocumentPermissions returns multiple user permission records
+// for a given document, using flat permission summary record.
+func EncodeUserDocumentPermissions(r DocumentRecord) (perm []Permission) {
+	if r.DocumentRoleEdit {
+		perm = append(perm, EncodeDocumentRecord(r, DocumentEdit))
+	}
+	if r.DocumentRoleApprove {
+		perm = append(perm, EncodeDocumentRecord(r, DocumentApprove))
+	}
+
+	return
+}
+
+// HasAnyDocumentPermission returns true if user has at least one permission.
+func HasAnyDocumentPermission(p DocumentRecord) bool {
+	return p.DocumentRoleEdit || p.DocumentRoleApprove
+}
+
+// EncodeDocumentRecord creates standard permission record representing user permissions for a document.
+func EncodeDocumentRecord(r DocumentRecord, a Action) (p Permission) {
+	p = Permission{}
+	p.OrgID = r.OrgID
+	p.Who = "user"
+	p.WhoID = r.UserID
+	p.Location = "document"
+	p.RefID = r.DocumentID
+	p.Action = a
+	p.Scope = "object" // default to row level permission
+
+	return
+}

model/permission/space.go

@@ -11,59 +11,6 @@
 
 package permission
 
-import "time"
-
-// Permission represents a permission for a space and is persisted to the database.
-type Permission struct {
-	ID       uint64    `json:"id"`
-	OrgID    string    `json:"orgId"`
-	Who      string    `json:"who"`      // user, role
-	WhoID    string    `json:"whoId"`    // either a user or role ID
-	Action   Action    `json:"action"`   // view, edit, delete
-	Scope    string    `json:"scope"`    // object, table
-	Location string    `json:"location"` // table name
-	RefID    string    `json:"refId"`    // id of row in table / blank when scope=table
-	Created  time.Time `json:"created"`
-}
-
-// Action details type of action
-type Action string
-
-const (
-	// SpaceView action means you can view a space and documents therein
-	SpaceView Action = "view"
-
-	// SpaceManage action means you can add, remove users, set permissions, but not delete that space
-	SpaceManage Action = "manage"
-
-	// SpaceOwner action means you can delete a space and do all SpaceManage functions
-	SpaceOwner Action = "own"
-
-	// DocumentAdd action means you can create/upload documents to a space
-	DocumentAdd Action = "doc-add"
-
-	// DocumentEdit action means you can edit documents in a space
-	DocumentEdit Action = "doc-edit"
-
-	// DocumentDelete means you can delete documents in a space
-	DocumentDelete Action = "doc-delete"
-
-	// DocumentMove means you can move documents between spaces
-	DocumentMove Action = "doc-move"
-
-	// DocumentCopy means you can copy documents within and between spaces
-	DocumentCopy Action = "doc-copy"
-
-	// DocumentTemplate means you can create, edit and delete document templates and content blocks
-	DocumentTemplate Action = "doc-template"
-
-	// DocumentApprove means you can approve a change to a document
-	DocumentApprove Action = "doc-approve"
-
-	// CategoryView action means you can view a category and documents therein
-	CategoryView Action = "view"
-)
-
 // Record represents space permissions for a user on a space.
 // This data structure is made from database permission records for the space,
 // and it is designed to be sent to HTTP clients (web, mobile).
@@ -123,23 +70,6 @@ func DecodeUserPermissions(perm []Permission) (r Record) {
 	return
 }
 
-// PermissionsModel details which users have what permissions on a given space.
-type PermissionsModel struct {
-	Message     string
-	Permissions []Record
-}
-
-// ContainsPermission checks if action matches one of the required actions?
-func ContainsPermission(action Action, actions ...Action) bool {
-	for _, a := range actions {
-		if action == a {
-			return true
-		}
-	}
-
-	return false
-}
-
 // EncodeUserPermissions returns multiple user permission records
 // for a given space, using flat permission summary record.
 func EncodeUserPermissions(r Record) (perm []Permission) {
@@ -205,3 +135,9 @@ type CategoryViewRequestModel struct {
 	CategoryID string `json:"categoryID"`
 	UserID     string `json:"userId"`
 }
+
+// SpaceRequestModel details which users have what permissions on a given space.
+type SpaceRequestModel struct {
+	Message     string
+	Permissions []Record
+}