space updates

* space UI
* space management
* space permissions
* other fixes

apps/server/src/core/space/space.controller.ts

@@ -1,6 +1,8 @@
 import {
+  BadRequestException,
   Body,
   Controller,
+  ForbiddenException,
   HttpCode,
   HttpStatus,
   Post,
@@ -11,9 +13,18 @@ import { AuthUser } from '../../decorators/auth-user.decorator';
 import { AuthWorkspace } from '../../decorators/auth-workspace.decorator';
 import { JwtAuthGuard } from '../../guards/jwt-auth.guard';
 import { SpaceIdDto } from './dto/space-id.dto';
-import { PaginationOptions } from '../../kysely/pagination/pagination-options';
+import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
 import { SpaceMemberService } from './services/space-member.service';
 import { User, Workspace } from '@docmost/db/types/entity.types';
+import { AddSpaceMembersDto } from './dto/add-space-members.dto';
+import { RemoveSpaceMemberDto } from './dto/remove-space-member.dto';
+import { UpdateSpaceMemberRoleDto } from './dto/update-space-member-role.dto';
+import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
+import {
+  SpaceCaslAction,
+  SpaceCaslSubject,
+} from '../casl/interfaces/space-ability.type';
+import { UpdateSpaceDto } from './dto/update-space.dto';
 
 @UseGuards(JwtAuthGuard)
 @Controller('spaces')
@@ -21,6 +32,7 @@ export class SpaceController {
   constructor(
     private readonly spaceService: SpaceService,
     private readonly spaceMemberService: SpaceMemberService,
+    private readonly spaceAbility: SpaceAbilityFactory,
   ) {}
 
   @HttpCode(HttpStatus.OK)
@@ -35,23 +47,6 @@ export class SpaceController {
     return this.spaceService.getWorkspaceSpaces(workspace.id, pagination);
   }
 
-  // get all spaces user is a member of
-  /*
-  @HttpCode(HttpStatus.OK)
-  @Post('user')
-  async getUserSpaces(
-    @Body()
-    pagination: PaginationOptions,
-    @AuthUser() user: User,
-    @AuthWorkspace() workspace: Workspace,
-  ) {
-    return this.spaceMemberService.getUserSpaces(
-      user.id,
-      workspace.id,
-      pagination,
-    );
-  }*/
-
   @HttpCode(HttpStatus.OK)
   @Post('info')
   async getSpaceInfo(
@@ -59,23 +54,135 @@ export class SpaceController {
     @AuthUser() user: User,
     @AuthWorkspace() workspace: Workspace,
   ) {
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      spaceIdDto.spaceId,
+    );
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Settings)) {
+      throw new ForbiddenException();
+    }
+
     return this.spaceService.getSpaceInfo(spaceIdDto.spaceId, workspace.id);
   }
 
+  @HttpCode(HttpStatus.OK)
+  @Post('update')
+  async updateGroup(
+    @Body() updateSpaceDto: UpdateSpaceDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      updateSpaceDto.spaceId,
+    );
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Settings)) {
+      throw new ForbiddenException();
+    }
+    return this.spaceService.updateSpace(updateSpaceDto, workspace.id);
+  }
+
   @HttpCode(HttpStatus.OK)
   @Post('members')
   async getSpaceMembers(
-    // todo: accept type? users | groups
     @Body() spaceIdDto: SpaceIdDto,
     @Body()
     pagination: PaginationOptions,
     @AuthUser() user: User,
     @AuthWorkspace() workspace: Workspace,
   ) {
+    const ability = await this.spaceAbility.createForUser(
+      user,
+      spaceIdDto.spaceId,
+    );
+
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Member)) {
+      throw new ForbiddenException();
+    }
+
     return this.spaceMemberService.getSpaceMembers(
       spaceIdDto.spaceId,
       workspace.id,
       pagination,
     );
   }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('members/add')
+  async addSpaceMember(
+    @Body() dto: AddSpaceMembersDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    if (
+      (!dto.userIds || dto.userIds.length === 0) &&
+      (!dto.groupIds || dto.groupIds.length === 0)
+    ) {
+      throw new BadRequestException('userIds or groupIds is required');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
+      throw new ForbiddenException();
+    }
+
+    return this.spaceMemberService.addMembersToSpaceBatch(
+      dto,
+      user,
+      workspace.id,
+    );
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('members/remove')
+  async removeSpaceMember(
+    @Body() dto: RemoveSpaceMemberDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    this.validateIds(dto);
+
+    const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
+      throw new ForbiddenException();
+    }
+
+    return this.spaceMemberService.removeMemberFromSpace(
+      dto,
+      user,
+      workspace.id,
+    );
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('members/role')
+  async updateSpaceMemberRole(
+    @Body() dto: UpdateSpaceMemberRoleDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    this.validateIds(dto);
+
+    const ability = await this.spaceAbility.createForUser(user, dto.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Member)) {
+      throw new ForbiddenException();
+    }
+
+    return this.spaceMemberService.updateSpaceMemberRole(
+      dto,
+      user,
+      workspace.id,
+    );
+  }
+
+  validateIds(dto: RemoveSpaceMemberDto | UpdateSpaceMemberRoleDto) {
+    if (!dto.userId && !dto.groupId) {
+      throw new BadRequestException('userId or groupId is required');
+    }
+    if (dto.userId && dto.groupId) {
+      throw new BadRequestException(
+        'please provide either a userId or groupId and both',
+      );
+    }
+  }
 }