Filter private info from public shares

2018-05-23 23:59:00 -07:00
parent 7eea1a90af
commit e538df0df3
8 changed files with 42 additions and 39 deletions
--- a/app/models/Document.js
+++ b/app/models/Document.js
@ -32,7 +32,6 @@ class Document extends BaseModel {
  id: string;
  team: string;
  emoji: string;
-  private: boolean = false;
  starred: boolean = false;
  pinned: boolean = false;
  text: string = '';
--- a/app/scenes/Document/Document.js
+++ b/app/scenes/Document/Document.js
@ -234,6 +234,7 @@ class DocumentScene extends React.Component<Props> {
    const document = this.document;
    const titleFromState = location.state ? location.state.title : '';
    const titleText = document ? document.title : titleFromState;
+    const isShare = match.params.shareId;

    if (this.notFound) {
      return <Search notFound />;
@ -273,7 +274,8 @@ class DocumentScene extends React.Component<Props> {
                readOnly={!this.isEditing}
              />
            </MaxWidth>
-            {document && (
+            {document &&
+              !isShare && (
                <Actions
                  document={document}
                  isDraft={!document.publishedAt}
--- a/app/scenes/DocumentShare/DocumentShare.js
+++ b/app/scenes/DocumentShare/DocumentShare.js
@ -34,7 +34,7 @@ class DocumentShare extends React.Component<Props> {
        <HelpText>
          The link below allows anyone to access a read-only version of the
          document <strong>{document.title}</strong>. You can revoke this link
-          at any point in the future.
+          in settings at any time.
        </HelpText>
        <Input
          type="text"
--- a/app/types/index.js
+++ b/app/types/index.js
@ -39,7 +39,6 @@ export type Document = {
  createdBy: User,
  html: string,
  id: string,
-  private: boolean,
  starred: boolean,
  views: number,
  team: string,
--- a/server/api/documents.js
+++ b/server/api/documents.js
@ -161,7 +161,9 @@ router.post('documents.info', auth({ required: false }), async ctx => {
  const { id, shareId } = ctx.body;
  ctx.assertPresent(id || shareId, 'id or shareId is required');

+  const isPublic = !!shareId;
  let document;
+
  if (shareId) {
    const share = await Share.findById(shareId, {
      include: [
@ -172,8 +174,6 @@ router.post('documents.info', auth({ required: false }), async ctx => {
        },
      ],
    });
-
-    // TODO: REMOVE COLLECTION AND COLLABORATOR INFO
    document = share.document;
  } else {
    document = await Document.findById(id);
@ -181,7 +181,7 @@ router.post('documents.info', auth({ required: false }), async ctx => {
  }

  ctx.body = {
-    data: await presentDocument(ctx, document),
+    data: await presentDocument(ctx, document, { isPublic }),
  };
 });

--- a/server/api/shares.js
+++ b/server/api/shares.js
@ -52,14 +52,14 @@ router.post('shares.create', auth(), async ctx => {
  const document = await Document.findById(id);
  authorize(user, 'share', document);

-  const [share, created] = await Share.findOrCreate({
+  const [share] = await Share.findOrCreate({
    where: {
      documentId: document.id,
      userId: user.id,
      teamId: user.teamId,
    },
  });
-  console.log('created', created);
+
  share.user = user;
  share.document = document;

--- a/server/presenters/collection.js
+++ b/server/presenters/collection.js
@ -42,8 +42,7 @@ async function present(ctx: Object, collection: Collection) {
  if (collection.documents) {
    data.recentDocuments = await Promise.all(
      collection.documents.map(
-        async document =>
-          await presentDocument(ctx, document, { includeCollaborators: true })
+        async document => await presentDocument(ctx, document)
      )
    );
  }
--- a/server/presenters/document.js
+++ b/server/presenters/document.js
@ -8,12 +8,12 @@ import presentCollection from './collection';
 const Op = Sequelize.Op;

 type Options = {
-  includeCollaborators?: boolean,
+  isPublic?: boolean,
 };

 async function present(ctx: Object, document: Document, options: ?Options) {
  options = {
-    includeCollaborators: true,
+    isPublic: false,
    ...options,
  };
  ctx.cache.set(document.id, document);
@ -27,29 +27,34 @@ async function present(ctx: Object, document: Document, options: ?Options) {
    id: document.id,
    url: document.getUrl(),
    urlId: document.urlId,
-    private: document.private,
    title: document.title,
    text: document.text,
    emoji: document.emoji,
    createdAt: document.createdAt,
-    createdBy: presentUser(ctx, document.createdBy),
+    createdBy: undefined,
    updatedAt: document.updatedAt,
-    updatedBy: presentUser(ctx, document.updatedBy),
+    updatedBy: undefined,
    publishedAt: document.publishedAt,
    firstViewedAt: undefined,
    lastViewedAt: undefined,
    team: document.teamId,
    collaborators: [],
    starred: !!(document.starred && document.starred.length),
-    pinned: !!document.pinnedById,
    revision: document.revisionCount,
-    collectionId: document.atlasId,
+    pinned: undefined,
+    collectionId: undefined,
    collaboratorCount: undefined,
    collection: undefined,
    views: undefined,
  };

-  if (document.private && document.collection) {
+  if (!options.isPublic) {
+    data.pinned = !!document.pinnedById;
+    data.collectionId = document.atlasId;
+    data.createdBy = presentUser(ctx, document.createdBy);
+    data.updatedBy = presentUser(ctx, document.updatedBy);
+
+    if (document.collection) {
      data.collection = await presentCollection(ctx, document.collection);
    }

@ -59,7 +64,6 @@ async function present(ctx: Object, document: Document, options: ?Options) {
      data.lastViewedAt = document.views[0].updatedAt;
    }

-  if (options.includeCollaborators) {
    // This could be further optimized by using ctx.cache
    data.collaborators = await User.findAll({
      where: {