feat: Nested document sharing (#2075)

* migration * frontend routing, api permissioning * feat: apiVersion=2 * feat: re-writing document links to point to share * poc nested documents on share links * fix: nested shareId permissions * ui and language tweaks, comments * breadcrumbs * Add icons to reference list items * refactor: Breadcrumb component * tweaks * Add shared parent note
2021-05-22 19:34:05 -07:00
parent dc4b5588b7
commit 44920a25f4
31 changed files with 1134 additions and 282 deletions
--- a/server/api/shares.js
+++ b/server/api/shares.js
@ -13,11 +13,12 @@ const { authorize } = policy;
 const router = new Router();

 router.post("shares.info", auth(), async (ctx) => {
-  const { id, documentId } = ctx.body;
+  const { id, documentId, apiVersion } = ctx.body;
  ctx.assertUuid(id || documentId, "id or documentId is required");

  const user = ctx.state.user;
-  const share = await Share.findOne({
+  let shares = [];
+  let share = await Share.findOne({
    where: id
      ? {
          id,
@ -29,15 +30,62 @@ router.post("shares.info", auth(), async (ctx) => {
          revokedAt: { [Op.eq]: null },
        },
  });
-  if (!share || !share.document) {
+
+  // Deprecated API response returns just the share for the current documentId
+  if (apiVersion !== 2) {
+    if (!share || !share.document) {
+      return (ctx.response.status = 204);
+    }
+
+    authorize(user, "read", share);
+
+    ctx.body = {
+      data: presentShare(share, user.isAdmin),
+      policies: presentPolicies(user, [share]),
+    };
+    return;
+  }
+
+  // API version 2 returns the response for the current documentId and any
+  // parent documents that are publicly shared and accessible to the user
+  if (share && share.document) {
+    authorize(user, "read", share);
+    shares.push(share);
+  }
+
+  if (documentId) {
+    const document = await Document.scope("withCollection").findByPk(
+      documentId
+    );
+    const parentIds = document?.collection?.getDocumentParents(documentId);
+
+    const parentShare = parentIds
+      ? await Share.findOne({
+          where: {
+            documentId: parentIds,
+            teamId: user.teamId,
+            revokedAt: { [Op.eq]: null },
+            includeChildDocuments: true,
+            published: true,
+          },
+        })
+      : undefined;
+
+    if (parentShare && parentShare.document) {
+      authorize(user, "read", parentShare);
+      shares.push(parentShare);
+    }
+  }
+
+  if (!shares.length) {
    return (ctx.response.status = 204);
  }

-  authorize(user, "read", share);
-
  ctx.body = {
-    data: presentShare(share, user.isAdmin),
-    policies: presentPolicies(user, [share]),
+    data: {
+      shares: shares.map((share) => presentShare(share, user.isAdmin)),
+    },
+    policies: presentPolicies(user, shares),
  };
 });

@ -95,15 +143,28 @@ router.post("shares.list", auth(), pagination(), async (ctx) => {
 });

 router.post("shares.update", auth(), async (ctx) => {
-  const { id, published } = ctx.body;
+  const { id, includeChildDocuments, published } = ctx.body;
  ctx.assertUuid(id, "id is required");
-  ctx.assertPresent(published, "published is required");

-  const user = ctx.state.user;
+  const { user } = ctx.state;
  const share = await Share.findByPk(id);
  authorize(user, "update", share);

-  share.published = published;
+  if (published !== undefined) {
+    share.published = published;
+
+    // Reset nested document sharing when unpublishing a share link. So that
+    // If it's ever re-published this doesn't immediately share nested docs
+    // without forewarning the user
+    if (!published) {
+      share.includeChildDocuments = false;
+    }
+  }
+
+  if (includeChildDocuments !== undefined) {
+    share.includeChildDocuments = includeChildDocuments;
+  }
+
  await share.save();

  await Event.create({