Ryan/docmost-ryan
1
0
Fork 0
mirror of https://github.com/Shadowfita/docmost.git synced 2025-11-18 10:41:04 +10:00
Code Issues Packages Projects Releases Wiki Activity

space updates

Browse Source 
* space UI
* space management
* space permissions
* other fixes
This commit is contained in:
Philipinho
2024-04-12 19:38:58 +01:00
parent b02cfd02f0
commit 90ae750d48
54 changed files with 1966 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/server/src/core/auth/services/token.service.ts
View File

@ -22,7 +22,10 @@ export class TokenService {
return this.jwtService.sign(payload);
}
async generateRefreshToken(userId: string, workspaceId): Promise<string> {
async generateRefreshToken(
userId: string,
workspaceId: string,
): Promise<string> {
const payload: JwtRefreshPayload = {
sub: userId,
workspaceId,
@ -32,7 +35,7 @@ export class TokenService {
return this.jwtService.sign(payload, { expiresIn });
}
async generateTokens(user): Promise<TokensDto> {
async generateTokens(user: User): Promise<TokensDto> {
return {
accessToken: await this.generateAccessToken(user),
refreshToken: await this.generateRefreshToken(user.id, user.workspaceId),

2
apps/server/src/core/casl/abilities/casl-ability.factory.ts
View File

@ -47,7 +47,7 @@ export default class CaslAbilityFactory {
}
if (userRole === UserRole.MEMBER) {
// can<any>([Action.Read], WorkspaceUser);
can([Action.Read], 'WorkspaceUser');
// Groups
can([Action.Read], 'Group');

68
apps/server/src/core/casl/abilities/space-ability.factory.ts Normal file
View File

@ -0,0 +1,68 @@
import { ForbiddenException, Injectable } from '@nestjs/common';
import {
AbilityBuilder,
createMongoAbility,
MongoAbility,
} from '@casl/ability';
import { SpaceRole } from '../../../helpers/types/permission';
import { User } from '@docmost/db/types/entity.types';
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
import {
SpaceCaslAction,
SpaceAbility,
SpaceCaslSubject,
} from '../interfaces/space-ability.type';
import { findHighestUserSpaceRole } from '@docmost/db/repos/space/utils';
@Injectable()
export default class SpaceAbilityFactory {
constructor(private readonly spaceMemberRepo: SpaceMemberRepo) {}
async createForUser(user: User, spaceId: string) {
const userSpaceRoles = await this.spaceMemberRepo.getUserSpaceRoles(
user.id,
spaceId,
);
const userSpaceRole = findHighestUserSpaceRole(userSpaceRoles);
switch (userSpaceRole) {
case SpaceRole.ADMIN:
return buildSpaceAdminAbility();
case SpaceRole.WRITER:
return buildSpaceWriterAbility();
case SpaceRole.READER:
return buildSpaceReaderAbility();
default:
throw new ForbiddenException(
'You do not have permission to access this space',
);
}
}
}
function buildSpaceAdminAbility() {
const { can, build } = new AbilityBuilder<MongoAbility<SpaceAbility>>(
createMongoAbility,
);
can(SpaceCaslAction.Manage, SpaceCaslSubject.Settings);
can(SpaceCaslAction.Manage, SpaceCaslSubject.Member);
return build();
}
function buildSpaceWriterAbility() {
const { can, build } = new AbilityBuilder<MongoAbility<SpaceAbility>>(
createMongoAbility,
);
can(SpaceCaslAction.Read, SpaceCaslSubject.Settings);
can(SpaceCaslAction.Read, SpaceCaslSubject.Member);
return build();
}
function buildSpaceReaderAbility() {
const { can, build } = new AbilityBuilder<MongoAbility<SpaceAbility>>(
createMongoAbility,
);
can(SpaceCaslAction.Read, SpaceCaslSubject.Settings);
can(SpaceCaslAction.Read, SpaceCaslSubject.Member);
return build();
}

5
apps/server/src/core/casl/casl.module.ts
View File

@ -1,9 +1,10 @@
import { Global, Module } from '@nestjs/common';
import CaslAbilityFactory from './abilities/casl-ability.factory';
import SpaceAbilityFactory from './abilities/space-ability.factory';
@Global()
@Module({
providers: [CaslAbilityFactory],
exports: [CaslAbilityFactory],
providers: [CaslAbilityFactory, SpaceAbilityFactory],
exports: [CaslAbilityFactory, SpaceAbilityFactory],
})
export class CaslModule {}

15
apps/server/src/core/casl/interfaces/space-ability.type.ts Normal file
View File

@ -0,0 +1,15 @@
export enum SpaceCaslAction {
Manage = 'manage',
Create = 'create',
Read = 'read',
Edit = 'edit',
Delete = 'delete',
}
export enum SpaceCaslSubject {
Settings = 'settings',
Member = 'member',
}
export type SpaceAbility =
| [SpaceCaslAction, SpaceCaslSubject.Settings]
| [SpaceCaslAction, SpaceCaslSubject.Member];

3
apps/server/src/core/group/group.controller.ts
View File

@ -31,6 +31,8 @@ export class GroupController {
private readonly groupUserService: GroupUserService,
) {}
@UseGuards(PoliciesGuard)
@CheckPolicies((ability: AppAbility) => ability.can(Action.Read, 'Group'))
@HttpCode(HttpStatus.OK)
@Post('/')
getWorkspaceGroups(
@ -62,7 +64,6 @@ export class GroupController {
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
console.log(createGroupDto);
return this.groupService.createGroup(user, workspace.id, createGroupDto);
}

15
apps/server/src/core/search/dto/search.dto.ts
View File

@ -1,4 +1,4 @@
import { IsNumber, IsOptional, IsString } from 'class-validator';
import { IsBoolean, IsNumber, IsOptional, IsString } from 'class-validator';
export class SearchDTO {
@IsString()
@ -16,3 +16,16 @@ export class SearchDTO {
@IsNumber()
offset?: number;
}
export class SearchSuggestionDTO {
@IsString()
query: string;
@IsOptional()
@IsBoolean()
includeUsers?: string;
@IsOptional()
@IsBoolean()
includeGroups?: number;
}

24
apps/server/src/core/search/search.controller.ts
View File

@ -8,7 +8,7 @@ import {
UseGuards,
} from '@nestjs/common';
import { SearchService } from './search.service';
import { SearchDTO } from './dto/search.dto';
import { SearchDTO, SearchSuggestionDTO } from './dto/search.dto';
import { AuthWorkspace } from '../../decorators/auth-workspace.decorator';
import { JwtAuthGuard } from '../../guards/jwt-auth.guard';
import { Workspace } from '@docmost/db/types/entity.types';
@ -21,17 +21,21 @@ export class SearchController {
@HttpCode(HttpStatus.OK)
@Post()
async pageSearch(
@Query('type') type: string,
@Body() searchDto: SearchDTO,
@AuthWorkspace() workspace: Workspace,
) {
if (!type || type === 'page') {
return this.searchService.searchPage(
searchDto.query,
searchDto,
workspace.id,
);
}
return;
return this.searchService.searchPage(
searchDto.query,
searchDto,
workspace.id,
);
}
@Post('suggest')
async searchSuggestions(
@Body() dto: SearchSuggestionDTO,
@AuthWorkspace() workspace: Workspace,
) {
return this.searchService.searchSuggestions(dto, workspace.id);
}
}

36
apps/server/src/core/search/search.service.ts
View File

@ -1,5 +1,5 @@
import { Injectable } from '@nestjs/common';
import { SearchDTO } from './dto/search.dto';
import { SearchDTO, SearchSuggestionDTO } from './dto/search.dto';
import { SearchResponseDto } from './dto/search-response.dto';
import { InjectKysely } from 'nestjs-kysely';
import { KyselyDB } from '@docmost/db/types/kysely.types';
@ -57,4 +57,38 @@ export class SearchService {
return searchResults;
}
async searchSuggestions(
suggestion: SearchSuggestionDTO,
workspaceId: string,
) {
const limit = 25;
const userSearch = this.db
.selectFrom('users')
.select(['id', 'name', 'avatarUrl'])
.where((eb) => eb('users.name', 'ilike', `%${suggestion.query}%`))
.where('workspaceId', '=', workspaceId)
.limit(limit);
const groupSearch = this.db
.selectFrom('groups')
.select(['id', 'name', 'description'])
.where((eb) => eb('groups.name', 'ilike', `%${suggestion.query}%`))
.where('workspaceId', '=', workspaceId)
.limit(limit);
let users = [];
let groups = [];
if (suggestion.includeUsers) {
users = await userSearch.execute();
}
if (suggestion.includeGroups) {
groups = await groupSearch.execute();
}
return { users, groups };
}
}

31
apps/server/src/core/space/dto/add-space-members.dto.ts Normal file
View File

@ -0,0 +1,31 @@
import {
ArrayMaxSize,
IsArray,
IsEnum,
IsUUID,
} from 'class-validator';
import { SpaceIdDto } from './space-id.dto';
import { SpaceRole } from '../../../helpers/types/permission';
export class AddSpaceMembersDto extends SpaceIdDto {
// @IsOptional()
// @IsUUID()
// userId: string;
@IsEnum(SpaceRole)
role: string;
@IsArray()
@ArrayMaxSize(25, {
message: 'userIds must an array with no more than 25 elements',
})
@IsUUID(4, { each: true })
userIds: string[];
@IsArray()
@ArrayMaxSize(25, {
message: 'userIds must an array with no more than 25 elements',
})
@IsUUID(4, { each: true })
groupIds: string[];
}

14
apps/server/src/core/space/dto/remove-space-member.dto.ts Normal file
View File

@ -0,0 +1,14 @@
import { IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
import { SpaceIdDto } from './space-id.dto';
export class RemoveSpaceMemberDto extends SpaceIdDto {
@IsOptional()
@IsNotEmpty()
@IsUUID()
userId: string;
@IsOptional()
@IsNotEmpty()
@IsUUID()
groupId: string;
}

18
apps/server/src/core/space/dto/update-space-member-role.dto.ts Normal file
View File

@ -0,0 +1,18 @@
import { IsEnum, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
import { SpaceIdDto } from './space-id.dto';
import { SpaceRole } from '../../../helpers/types/permission';
export class UpdateSpaceMemberRoleDto extends SpaceIdDto {
@IsOptional()
@IsNotEmpty()
@IsUUID()
userId: string;
@IsOptional()
@IsNotEmpty()
@IsUUID()
groupId: string;
@IsEnum(SpaceRole)
role: string;
}

8
apps/server/src/core/space/dto/update-space.dto.ts
View File

@ -1,4 +1,10 @@
import { PartialType } from '@nestjs/mapped-types';
import { CreateSpaceDto } from './create-space.dto';
import { IsNotEmpty, IsString, IsUUID } from 'class-validator';
export class UpdateSpaceDto extends PartialType(CreateSpaceDto) {}
export class UpdateSpaceDto extends PartialType(CreateSpaceDto) {
@IsString()
@IsNotEmpty()
@IsUUID()
spaceId: string;
}

254
apps/server/src/core/space/services/space-member.service.ts
View File

@ -1,12 +1,26 @@
import { Injectable } from '@nestjs/common';
import { PaginationOptions } from '../../../kysely/pagination/pagination-options';
import { KyselyTransaction } from '@docmost/db/types/kysely.types';
import {
BadRequestException,
Injectable,
NotFoundException,
} from '@nestjs/common';
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
import { KyselyDB, KyselyTransaction } from '@docmost/db/types/kysely.types';
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
import { SpaceMember } from '@docmost/db/types/entity.types';
import { AddSpaceMembersDto } from '../dto/add-space-members.dto';
import { InjectKysely } from 'nestjs-kysely';
import { SpaceMember, User } from '@docmost/db/types/entity.types';
import { SpaceRepo } from '@docmost/db/repos/space/space.repo';
import { RemoveSpaceMemberDto } from '../dto/remove-space-member.dto';
import { UpdateSpaceMemberRoleDto } from '../dto/update-space-member-role.dto';
import { SpaceRole } from '../../../helpers/types/permission';
@Injectable()
export class SpaceMemberService {
constructor(private spaceMemberRepo: SpaceMemberRepo) {}
constructor(
private spaceMemberRepo: SpaceMemberRepo,
private spaceRepo: SpaceRepo,
@InjectKysely() private readonly db: KyselyDB,
) {}
async addUserToSpace(
userId: string,
@ -14,11 +28,11 @@ export class SpaceMemberService {
role: string,
workspaceId: string,
trx?: KyselyTransaction,
): Promise<SpaceMember> {
): Promise<void> {
//if (existingSpaceUser) {
// throw new BadRequestException('User already added to this space');
// }
return await this.spaceMemberRepo.insertSpaceMember(
await this.spaceMemberRepo.insertSpaceMember(
{
userId: userId,
spaceId: spaceId,
@ -34,13 +48,13 @@ export class SpaceMemberService {
role: string,
workspaceId: string,
trx?: KyselyTransaction,
): Promise<SpaceMember> {
): Promise<void> {
//const existingSpaceUser = await manager.findOneBy(SpaceMember, {
// userId: userId,
// spaceId: spaceId,
// });
// validations?
return await this.spaceMemberRepo.insertSpaceMember(
await this.spaceMemberRepo.insertSpaceMember(
{
groupId: groupId,
spaceId: spaceId,
@ -59,7 +73,11 @@ export class SpaceMemberService {
workspaceId: string,
pagination: PaginationOptions,
) {
//todo: validate the space is inside the workspace
const space = await this.spaceRepo.findById(spaceId, workspaceId);
if (!space) {
throw new NotFoundException('Space not found');
}
const members = await this.spaceMemberRepo.getSpaceMembersPaginated(
spaceId,
pagination,
@ -67,35 +85,197 @@ export class SpaceMemberService {
return members;
}
}
/*
* get spaces a user is a member of
* either by direct membership or via groups
*/
/*
async getUserSpaces(
userId: string,
async addMembersToSpaceBatch(
dto: AddSpaceMembersDto,
authUser: User,
workspaceId: string,
paginationOptions: PaginationOptions,
) {
const [userSpaces, count] = await this.spaceMemberRepository
.createQueryBuilder('spaceMember')
.leftJoinAndSelect('spaceMember.space', 'space')
.where('spaceMember.userId = :userId', { userId })
.andWhere('space.workspaceId = :workspaceId', { workspaceId })
.loadRelationCountAndMap(
'space.memberCount',
'space.spaceMembers',
'spaceMembers',
)
.take(paginationOptions.limit)
.skip(paginationOptions.skip)
.getManyAndCount();
): Promise<void> {
// await this.spaceService.findAndValidateSpace(spaceId, workspaceId);
const spaces = userSpaces.map((userSpace) => userSpace.space);
const space = await this.spaceRepo.findById(dto.spaceId, workspaceId);
if (!space) {
throw new NotFoundException('Space not found');
}
const paginationMeta = new PaginationMetaDto({ count, paginationOptions });
return new PaginatedResult(spaces, paginationMeta);
// make sure we have valid workspace users
const validUsersQuery = this.db
.selectFrom('users')
.select(['id', 'name'])
.where('users.id', 'in', dto.userIds)
.where('users.workspaceId', '=', workspaceId)
// using this because we can not use easily use onConflict with two unique indexes.
.where(({ not, exists, selectFrom }) =>
not(
exists(
selectFrom('spaceMembers')
.select('id')
.whereRef('spaceMembers.userId', '=', 'users.id')
.where('spaceMembers.spaceId', '=', dto.spaceId),
),
),
);
const validGroupsQuery = this.db
.selectFrom('groups')
.select(['id', 'name'])
.where('groups.id', 'in', dto.groupIds)
.where('groups.workspaceId', '=', workspaceId)
.where(({ not, exists, selectFrom }) =>
not(
exists(
selectFrom('spaceMembers')
.select('id')
.whereRef('spaceMembers.groupId', '=', 'groups.id')
.where('spaceMembers.spaceId', '=', dto.spaceId),
),
),
);
let validUsers = [],
validGroups = [];
if (dto.userIds && dto.userIds.length > 0) {
validUsers = await validUsersQuery.execute();
}
if (dto.groupIds && dto.groupIds.length > 0) {
validGroups = await validGroupsQuery.execute();
}
const usersToAdd = [];
for (const user of validUsers) {
usersToAdd.push({
spaceId: dto.spaceId,
userId: user.id,
role: dto.role,
creatorId: authUser.id,
});
}
const groupsToAdd = [];
for (const group of validGroups) {
groupsToAdd.push({
spaceId: dto.spaceId,
groupId: group.id,
role: dto.role,
creatorId: authUser.id,
});
}
const membersToAdd = [...usersToAdd, ...groupsToAdd];
if (membersToAdd.length > 0) {
await this.spaceMemberRepo.insertSpaceMember(membersToAdd);
} else {
// either they are already members or do not exist on the workspace
}
}
*/
async removeMemberFromSpace(
dto: RemoveSpaceMemberDto,
authUser: User, // Todo: permissions check
workspaceId: string,
): Promise<void> {
const space = await this.spaceRepo.findById(dto.spaceId, workspaceId);
if (!space) {
throw new NotFoundException('Space not found');
}
let spaceMember: SpaceMember = null;
if (dto.userId) {
spaceMember = await this.spaceMemberRepo.getSpaceMemberByTypeId(
dto.spaceId,
{
userId: dto.userId,
},
);
} else if (dto.groupId) {
spaceMember = await this.spaceMemberRepo.getSpaceMemberByTypeId(
dto.spaceId,
{
groupId: dto.groupId,
},
);
} else {
throw new BadRequestException(
'Please provide a valid userId or groupId to remove',
);
}
if (!spaceMember) {
throw new NotFoundException('Space membership not found');
}
if (spaceMember.role === SpaceRole.ADMIN) {
await this.validateLastAdmin(dto.spaceId);
}
await this.spaceMemberRepo.removeSpaceMemberById(
spaceMember.id,
dto.spaceId,
);
}
async updateSpaceMemberRole(
dto: UpdateSpaceMemberRoleDto,
authUser: User,
workspaceId: string,
): Promise<void> {
const space = await this.spaceRepo.findById(dto.spaceId, workspaceId);
if (!space) {
throw new NotFoundException('Space not found');
}
let spaceMember: SpaceMember = null;
if (dto.userId) {
spaceMember = await this.spaceMemberRepo.getSpaceMemberByTypeId(
dto.spaceId,
{
userId: dto.userId,
},
);
} else if (dto.groupId) {
spaceMember = await this.spaceMemberRepo.getSpaceMemberByTypeId(
dto.spaceId,
{
groupId: dto.groupId,
},
);
} else {
throw new BadRequestException(
'Please provide a valid userId or groupId to remove',
);
}
if (!spaceMember) {
throw new NotFoundException('Space membership not found');
}
if (spaceMember.role === dto.role) {
return;
}
if (spaceMember.role === SpaceRole.ADMIN) {
await this.validateLastAdmin(dto.spaceId);
}
await this.spaceMemberRepo.updateSpaceMember(
{ role: dto.role },
spaceMember.id,
dto.spaceId,
);
}
async validateLastAdmin(spaceId: string): Promise<void> {
const spaceOwnerCount = await this.spaceMemberRepo.roleCountBySpaceId(
SpaceRole.ADMIN,
spaceId,
);
if (spaceOwnerCount === 1) {
throw new BadRequestException(
'There must be at least one space admin with full access',
);
}
}
}

25
apps/server/src/core/space/services/space.service.ts
View File

@ -4,12 +4,13 @@ import {
NotFoundException,
} from '@nestjs/common';
import { CreateSpaceDto } from '../dto/create-space.dto';
import { PaginationOptions } from '../../../kysely/pagination/pagination-options';
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
import slugify from 'slugify';
import { SpaceRepo } from '@docmost/db/repos/space/space.repo';
import { KyselyTransaction } from '@docmost/db/types/kysely.types';
import { Space } from '@docmost/db/types/entity.types';
import { PaginationResult } from '@docmost/db/pagination/pagination';
import { UpdateSpaceDto } from '../dto/update-space.dto';
@Injectable()
export class SpaceService {
@ -44,8 +45,28 @@ export class SpaceService {
);
}
async updateSpace(
updateSpaceDto: UpdateSpaceDto,
workspaceId: string,
): Promise<Space> {
if (!updateSpaceDto.name && !updateSpaceDto.description) {
throw new BadRequestException('Please provide fields to update');
}
return await this.spaceRepo.updateSpace(
{
name: updateSpaceDto.name,
description: updateSpaceDto.description,
},
updateSpaceDto.spaceId,
workspaceId,
);
}
async getSpaceInfo(spaceId: string, workspaceId: string): Promise<Space> {
const space = await this.spaceRepo.findById(spaceId, workspaceId);
const space = await this.spaceRepo.findById(spaceId, workspaceId, {
includeMemberCount: true,
});
if (!space) {
throw new NotFoundException('Space not found');
}

145
apps/server/src/core/space/space.controller.ts
View File

@ -1,6 +1,8 @@
import {
BadRequestException,
Body,
Controller,
ForbiddenException,
HttpCode,
HttpStatus,
Post,
@ -11,9 +13,18 @@ import { AuthUser } from '../../decorators/auth-user.decorator';
import { AuthWorkspace } from '../../decorators/auth-workspace.decorator';
import { JwtAuthGuard } from '../../guards/jwt-auth.guard';
import { SpaceIdDto } from './dto/space-id.dto';
import { PaginationOptions } from '../../kysely/pagination/pagination-options';
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
import { SpaceMemberService } from './services/space-member.service';
import { User, Workspace } from '@docmost/db/types/entity.types';
import { AddSpaceMembersDto } from './dto/add-space-members.dto';
import { RemoveSpaceMemberDto } from './dto/remove-space-member.dto';
import { UpdateSpaceMemberRoleDto } from './dto/update-space-member-role.dto';
import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
import {
SpaceCaslAction,
SpaceCaslSubject,
} from '../casl/interfaces/space-ability.type';
import { UpdateSpaceDto } from './dto/update-space.dto';
@UseGuards(JwtAuthGuard)
@Controller('spaces')
@ -21,6 +32,7 @@ export class SpaceController {
constructor(
private readonly spaceService: SpaceService,
private readonly spaceMemberService: SpaceMemberService,
private readonly spaceAbility: SpaceAbilityFactory,
) {}
@HttpCode(HttpStatus.OK)
@ -35,23 +47,6 @@ export class SpaceController {
return this.spaceService.getWorkspaceSpaces(workspace.id, pagination);
}
// get all spaces user is a member of
/*
@HttpCode(HttpStatus.OK)
@Post('user')
async getUserSpaces(
@Body()
pagination: PaginationOptions,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
return this.spaceMemberService.getUserSpaces(
user.id,
workspace.id,
pagination,
);
}*/
@HttpCode(HttpStatus.OK)
@Post('info')
async getSpaceInfo(
@ -59,23 +54,135 @@ export class SpaceController {
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const ability = await this.spaceAbility.createForUser(
user,
spaceIdDto.spaceId,
);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Settings)) {
throw new ForbiddenException();
}
return this.spaceService.getSpaceInfo(spaceIdDto.spaceId, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('update')
async updateGroup(
@Body() updateSpaceDto: UpdateSpaceDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const ability = await this.spaceAbility.createForUser(
user,
updateSpaceDto.spaceId,
);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
throw new ForbiddenException();
}
return this.spaceService.updateSpace(updateSpaceDto, workspace.id);
}
@HttpCode(HttpStatus.OK)
@Post('members')
async getSpaceMembers(
// todo: accept type? users | groups
@Body() spaceIdDto: SpaceIdDto,
@Body()
pagination: PaginationOptions,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
const ability = await this.spaceAbility.createForUser(
user,
spaceIdDto.spaceId,
);
if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Member)) {
throw new ForbiddenException();
}
return this.spaceMemberService.getSpaceMembers(
spaceIdDto.spaceId,
workspace.id,
pagination,
);
}
@HttpCode(HttpStatus.OK)
@Post('members/add')
async addSpaceMember(
@Body() dto: AddSpaceMembersDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
if (
(!dto.userIds || dto.userIds.length === 0) &&
(!dto.groupIds || dto.groupIds.length === 0)
) {
throw new BadRequestException('userIds or groupIds is required');
}
const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
throw new ForbiddenException();
}
return this.spaceMemberService.addMembersToSpaceBatch(
dto,
user,
workspace.id,
);
}
@HttpCode(HttpStatus.OK)
@Post('members/remove')
async removeSpaceMember(
@Body() dto: RemoveSpaceMemberDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
this.validateIds(dto);
const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
throw new ForbiddenException();
}
return this.spaceMemberService.removeMemberFromSpace(
dto,
user,
workspace.id,
);
}
@HttpCode(HttpStatus.OK)
@Post('members/role')
async updateSpaceMemberRole(
@Body() dto: UpdateSpaceMemberRoleDto,
@AuthUser() user: User,
@AuthWorkspace() workspace: Workspace,
) {
this.validateIds(dto);
const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
throw new ForbiddenException();
}
return this.spaceMemberService.updateSpaceMemberRole(
dto,
user,
workspace.id,
);
}
validateIds(dto: RemoveSpaceMemberDto | UpdateSpaceMemberRoleDto) {
if (!dto.userId && !dto.groupId) {
throw new BadRequestException('userId or groupId is required');
}
if (dto.userId && dto.groupId) {
throw new BadRequestException(
'please provide either a userId or groupId and both',
);
}
}
}

6
apps/server/src/core/user/dto/update-user.dto.ts
View File

@ -1,8 +1,10 @@
import { PartialType } from '@nestjs/mapped-types';
import { OmitType, PartialType } from '@nestjs/mapped-types';
import { CreateUserDto } from '../../auth/dto/create-user.dto';
import { IsOptional, IsString } from 'class-validator';
export class UpdateUserDto extends PartialType(CreateUserDto) {
export class UpdateUserDto extends PartialType(
OmitType(CreateUserDto, ['password'] as const),
) {
@IsOptional()
@IsString()
avatarUrl: string;

6
apps/server/src/core/user/user.service.ts
View File

@ -5,7 +5,6 @@ import {
} from '@nestjs/common';
import { UpdateUserDto } from './dto/update-user.dto';
import { UserRepo } from '@docmost/db/repos/user/user.repo';
import { hashPassword } from '../../helpers/utils';
@Injectable()
export class UserService {
@ -29,7 +28,6 @@ export class UserService {
user.name = updateUserDto.name;
}
// todo need workspace scoping
if (updateUserDto.email && user.email != updateUserDto.email) {
if (await this.userRepo.findByEmail(updateUserDto.email, workspaceId)) {
throw new BadRequestException('A user with this email already exists');
@ -41,10 +39,6 @@ export class UserService {
user.avatarUrl = updateUserDto.avatarUrl;
}
if (updateUserDto.password) {
updateUserDto.password = await hashPassword(updateUserDto.password);
}
await this.userRepo.updateUser(updateUserDto, userId, workspaceId);
return user;
}

2
apps/server/src/core/workspace/services/workspace.service.ts
View File

@ -100,7 +100,7 @@ export class WorkspaceService {
await this.spaceMemberService.addUserToSpace(
user.id,
createdSpace.id,
SpaceRole.OWNER,
SpaceRole.ADMIN,
workspace.id,
trx,
);