@dosgato/api 1.2.3 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access/access.resolver.d.ts +11 -11
- package/dist/access/access.resolver.js +33 -33
- package/dist/access/access.resolver.js.map +1 -1
- package/dist/asset/asset.database.js +26 -13
- package/dist/asset/asset.database.js.map +1 -1
- package/dist/asset/asset.model.d.ts +3 -0
- package/dist/asset/asset.model.js +1 -0
- package/dist/asset/asset.model.js.map +1 -1
- package/dist/asset/asset.resolver.d.ts +6 -6
- package/dist/asset/asset.resolver.js +18 -18
- package/dist/asset/asset.resolver.js.map +1 -1
- package/dist/asset/asset.routes.js +30 -35
- package/dist/asset/asset.routes.js.map +1 -1
- package/dist/asset/asset.service.d.ts +8 -8
- package/dist/asset/asset.service.js +52 -64
- package/dist/asset/asset.service.js.map +1 -1
- package/dist/assetfolder/assetfolder.database.js +23 -10
- package/dist/assetfolder/assetfolder.database.js.map +1 -1
- package/dist/assetfolder/assetfolder.model.d.ts +2 -0
- package/dist/assetfolder/assetfolder.model.js.map +1 -1
- package/dist/assetfolder/assetfolder.resolver.d.ts +6 -6
- package/dist/assetfolder/assetfolder.resolver.js +18 -18
- package/dist/assetfolder/assetfolder.resolver.js.map +1 -1
- package/dist/assetfolder/assetfolder.service.d.ts +9 -9
- package/dist/assetfolder/assetfolder.service.js +41 -52
- package/dist/assetfolder/assetfolder.service.js.map +1 -1
- package/dist/assetrule/assetrule.service.d.ts +2 -2
- package/dist/assetrule/assetrule.service.js +14 -16
- package/dist/assetrule/assetrule.service.js.map +1 -1
- package/dist/data/data.database.js +7 -7
- package/dist/data/data.database.js.map +1 -1
- package/dist/data/data.model.d.ts +3 -0
- package/dist/data/data.model.js +4 -1
- package/dist/data/data.model.js.map +1 -1
- package/dist/data/data.resolver.d.ts +8 -8
- package/dist/data/data.resolver.js +25 -25
- package/dist/data/data.resolver.js.map +1 -1
- package/dist/data/data.service.d.ts +11 -12
- package/dist/data/data.service.js +49 -62
- package/dist/data/data.service.js.map +1 -1
- package/dist/datafolder/datafolder.database.js +2 -1
- package/dist/datafolder/datafolder.database.js.map +1 -1
- package/dist/datafolder/datafolder.model.d.ts +2 -0
- package/dist/datafolder/datafolder.model.js +2 -0
- package/dist/datafolder/datafolder.model.js.map +1 -1
- package/dist/datafolder/datafolder.resolver.d.ts +6 -6
- package/dist/datafolder/datafolder.resolver.js +18 -18
- package/dist/datafolder/datafolder.resolver.js.map +1 -1
- package/dist/datafolder/datafolder.service.d.ts +7 -7
- package/dist/datafolder/datafolder.service.js +41 -45
- package/dist/datafolder/datafolder.service.js.map +1 -1
- package/dist/dataroot/dataroot.resolver.d.ts +1 -1
- package/dist/dataroot/dataroot.resolver.js +3 -3
- package/dist/dataroot/dataroot.resolver.js.map +1 -1
- package/dist/dataroot/dataroot.service.d.ts +3 -3
- package/dist/dataroot/dataroot.service.js +8 -8
- package/dist/dataroot/dataroot.service.js.map +1 -1
- package/dist/datarule/datarule.model.d.ts +1 -0
- package/dist/datarule/datarule.model.js +2 -1
- package/dist/datarule/datarule.model.js.map +1 -1
- package/dist/datarule/datarule.service.d.ts +4 -4
- package/dist/datarule/datarule.service.js +18 -21
- package/dist/datarule/datarule.service.js.map +1 -1
- package/dist/globalrule/globalrule.service.d.ts +3 -3
- package/dist/globalrule/globalrule.service.js +13 -21
- package/dist/globalrule/globalrule.service.js.map +1 -1
- package/dist/group/group.resolver.d.ts +2 -2
- package/dist/group/group.resolver.js +6 -6
- package/dist/group/group.resolver.js.map +1 -1
- package/dist/group/group.service.d.ts +7 -7
- package/dist/group/group.service.js +46 -49
- package/dist/group/group.service.js.map +1 -1
- package/dist/index.d.ts +1 -2
- package/dist/index.js +9 -7
- package/dist/index.js.map +1 -1
- package/dist/organization/organization.service.d.ts +2 -2
- package/dist/organization/organization.service.js +7 -7
- package/dist/organization/organization.service.js.map +1 -1
- package/dist/page/page.bootstrap.js +3 -3
- package/dist/page/page.bootstrap.js.map +1 -1
- package/dist/page/page.database.js +28 -14
- package/dist/page/page.database.js.map +1 -1
- package/dist/page/page.model.d.ts +2 -0
- package/dist/page/page.model.js.map +1 -1
- package/dist/page/page.resolver.d.ts +8 -8
- package/dist/page/page.resolver.js +24 -24
- package/dist/page/page.resolver.js.map +1 -1
- package/dist/page/page.routes.js +34 -40
- package/dist/page/page.routes.js.map +1 -1
- package/dist/page/page.service.d.ts +20 -16
- package/dist/page/page.service.js +80 -105
- package/dist/page/page.service.js.map +1 -1
- package/dist/pagerule/pagerule.service.d.ts +2 -2
- package/dist/pagerule/pagerule.service.js +15 -18
- package/dist/pagerule/pagerule.service.js.map +1 -1
- package/dist/pagetree/pagetree.resolver.d.ts +5 -5
- package/dist/pagetree/pagetree.resolver.js +18 -18
- package/dist/pagetree/pagetree.resolver.js.map +1 -1
- package/dist/pagetree/pagetree.service.d.ts +5 -7
- package/dist/pagetree/pagetree.service.js +26 -72
- package/dist/pagetree/pagetree.service.js.map +1 -1
- package/dist/role/role.resolver.d.ts +3 -3
- package/dist/role/role.resolver.js +9 -9
- package/dist/role/role.resolver.js.map +1 -1
- package/dist/role/role.service.d.ts +6 -7
- package/dist/role/role.service.js +32 -32
- package/dist/role/role.service.js.map +1 -1
- package/dist/site/site.database.js +3 -7
- package/dist/site/site.database.js.map +1 -1
- package/dist/site/site.resolver.d.ts +7 -7
- package/dist/site/site.resolver.js +30 -30
- package/dist/site/site.resolver.js.map +1 -1
- package/dist/site/site.service.d.ts +13 -11
- package/dist/site/site.service.js +50 -57
- package/dist/site/site.service.js.map +1 -1
- package/dist/sitecomment/sitecomment.routes.js +3 -4
- package/dist/sitecomment/sitecomment.routes.js.map +1 -1
- package/dist/sitecomment/sitecomment.service.d.ts +1 -1
- package/dist/sitecomment/sitecomment.service.js +5 -9
- package/dist/sitecomment/sitecomment.service.js.map +1 -1
- package/dist/siterule/siterule.service.d.ts +2 -2
- package/dist/siterule/siterule.service.js +13 -15
- package/dist/siterule/siterule.service.js.map +1 -1
- package/dist/template/template.resolver.d.ts +2 -2
- package/dist/template/template.resolver.js +6 -6
- package/dist/template/template.resolver.js.map +1 -1
- package/dist/template/template.service.d.ts +4 -4
- package/dist/template/template.service.js +21 -25
- package/dist/template/template.service.js.map +1 -1
- package/dist/templaterule/templaterule.service.d.ts +2 -2
- package/dist/templaterule/templaterule.service.js +11 -13
- package/dist/templaterule/templaterule.service.js.map +1 -1
- package/dist/user/user.service.d.ts +6 -6
- package/dist/user/user.service.js +30 -31
- package/dist/user/user.service.js.map +1 -1
- package/dist/util/authservice.d.ts +18 -28
- package/dist/util/authservice.js +29 -152
- package/dist/util/authservice.js.map +1 -1
- package/dist/util/context.d.ts +24 -0
- package/dist/util/context.js +105 -0
- package/dist/util/context.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +4 -0
- package/dist/util/index.js.map +1 -1
- package/dist/version/version.resolver.js +3 -3
- package/dist/version/version.resolver.js.map +1 -1
- package/package.json +2 -2
|
@@ -2,7 +2,7 @@ import { BaseService, ValidatedResponse, MutationMessageType } from '@txstate-mw
|
|
|
2
2
|
import { ManyJoinedLoader, OneToManyLoader, PrimaryKeyLoader } from 'dataloader-factory';
|
|
3
3
|
import db from 'mysql2-async/db';
|
|
4
4
|
import { equal, filterAsync, get, intersect, isBlank, isNotBlank, isNotNull, keyby, set, someAsync, sortby, stringify, unique } from 'txstate-utils';
|
|
5
|
-
import { VersionedService, templateRegistry, DosGatoService, PageResponse, PagesResponse, createPage, getPages, movePages, deletePages, renamePage, TemplateService, getPageIndexes, undeletePages, validatePage, copyPages, TemplateType, migratePage, PagetreeServiceInternal, collectTemplates, TemplateServiceInternal, SiteServiceInternal, PagetreeType, DeleteState, publishPageDeletions, getPagesByPath, parsePath, normalizePath, validateRecurse, DeleteStateAll, PageRuleService, SiteRuleService,
|
|
5
|
+
import { VersionedService, templateRegistry, DosGatoService, PageResponse, PagesResponse, createPage, getPages, movePages, deletePages, renamePage, TemplateService, getPageIndexes, undeletePages, validatePage, copyPages, TemplateType, migratePage, PagetreeServiceInternal, collectTemplates, TemplateServiceInternal, SiteServiceInternal, PagetreeType, DeleteState, publishPageDeletions, getPagesByPath, parsePath, normalizePath, validateRecurse, DeleteStateAll, PageRuleService, SiteRuleService, systemContext, collectComponents, makePathSafe, LaunchState } from '../internal.js';
|
|
6
6
|
const pagesByInternalIdLoader = new PrimaryKeyLoader({
|
|
7
7
|
fetch: async (internalIds) => {
|
|
8
8
|
return await getPages({ internalIds, deleteStates: DeleteStateAll });
|
|
@@ -110,9 +110,11 @@ export class PageServiceInternal extends BaseService {
|
|
|
110
110
|
return page;
|
|
111
111
|
return await this.findByInternalId(rootId);
|
|
112
112
|
}
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
113
|
+
/**
|
|
114
|
+
* @deprecated use page.resolvedPath instead
|
|
115
|
+
*/
|
|
116
|
+
getPath(page) {
|
|
117
|
+
return page.resolvedPath;
|
|
116
118
|
}
|
|
117
119
|
async getData(page, version, published, toSchemaVersion = templateRegistry.currentSchemaVersion) {
|
|
118
120
|
const [versioned, extras] = await Promise.all([
|
|
@@ -129,7 +131,7 @@ export class PageServiceInternal extends BaseService {
|
|
|
129
131
|
siteId: String(page.siteInternalId),
|
|
130
132
|
pagetreeId: page.pagetreeId,
|
|
131
133
|
parentId: String(page.parentInternalId),
|
|
132
|
-
pagePath:
|
|
134
|
+
pagePath: page.resolvedPath,
|
|
133
135
|
pageId: page.id,
|
|
134
136
|
linkId: page.linkId,
|
|
135
137
|
name: page.name
|
|
@@ -231,83 +233,71 @@ export class PageService extends DosGatoService {
|
|
|
231
233
|
super(...arguments);
|
|
232
234
|
this.raw = this.svc(PageServiceInternal);
|
|
233
235
|
}
|
|
234
|
-
|
|
235
|
-
return filter?.viewForEdit ?
|
|
236
|
+
postFilter(pages, filter) {
|
|
237
|
+
return filter?.viewForEdit ? pages.filter(p => this.mayViewForEdit(p)) : pages;
|
|
236
238
|
}
|
|
237
239
|
async find(filter) {
|
|
238
|
-
const
|
|
239
|
-
this.raw.find(filter),
|
|
240
|
-
this.currentPageRules() // pre-load and cache page rules so they're ready for removeUnauthorized
|
|
241
|
-
]);
|
|
240
|
+
const ret = await this.raw.find(filter);
|
|
242
241
|
if (filter.links?.length || filter.paths?.length || filter.ids?.length)
|
|
243
|
-
return
|
|
244
|
-
return
|
|
242
|
+
return ret.filter(p => this.mayViewIndividual(p));
|
|
243
|
+
return this.postFilter(this.removeUnauthorized(ret), filter);
|
|
245
244
|
}
|
|
246
245
|
async findById(id) {
|
|
247
|
-
return
|
|
246
|
+
return this.removeUnauthorized(await this.raw.findById(id));
|
|
248
247
|
}
|
|
249
248
|
async findByIds(ids) {
|
|
250
|
-
return
|
|
249
|
+
return this.removeUnauthorized(await this.raw.findByIds(ids));
|
|
251
250
|
}
|
|
252
251
|
async findByInternalId(internalId) {
|
|
253
|
-
return
|
|
252
|
+
return this.removeUnauthorized(await this.raw.findByInternalId(internalId));
|
|
254
253
|
}
|
|
255
254
|
async findByPagetreeId(id, filter) {
|
|
256
|
-
const
|
|
257
|
-
|
|
258
|
-
this.currentPageRules() // pre-load and cache page rules so they're ready for removeUnauthorized
|
|
259
|
-
]);
|
|
260
|
-
return await this.postFilter(await this.removeUnauthorized(ret), filter);
|
|
255
|
+
const ret = await this.raw.findByPagetreeId(id, filter);
|
|
256
|
+
return this.postFilter(this.removeUnauthorized(ret), filter);
|
|
261
257
|
}
|
|
262
258
|
async findByTemplate(key, filter) {
|
|
263
|
-
return
|
|
259
|
+
return this.postFilter(this.removeUnauthorized(await this.raw.findByTemplate(key, filter)), filter);
|
|
264
260
|
}
|
|
265
261
|
async getPageChildren(page, recursive, filter) {
|
|
266
|
-
return
|
|
262
|
+
return this.postFilter(this.removeUnauthorized(await this.raw.getPageChildren(page, recursive, filter)), filter);
|
|
267
263
|
}
|
|
268
264
|
async getPageAncestors(page) {
|
|
269
|
-
return
|
|
265
|
+
return this.removeUnauthorized(await this.raw.getPageAncestors(page));
|
|
270
266
|
}
|
|
271
267
|
async getApprovedTemplates(page, filter) {
|
|
272
268
|
const templates = await this.svc(TemplateServiceInternal).find(filter);
|
|
273
269
|
return await filterAsync(templates, async (template) => await this.svc(TemplateService).mayUseOnPage(template, page));
|
|
274
270
|
}
|
|
275
271
|
async getRootPage(page) {
|
|
276
|
-
return
|
|
272
|
+
return this.removeUnauthorized(await this.raw.getRootPage(page));
|
|
277
273
|
}
|
|
278
|
-
|
|
279
|
-
return
|
|
274
|
+
getPath(page) {
|
|
275
|
+
return this.raw.getPath(page);
|
|
280
276
|
}
|
|
281
277
|
async getTags(page, published) {
|
|
282
278
|
return await this.svc(VersionedService).getCurrentIndexValues(page.intDataId, 'dg_tag', published);
|
|
283
279
|
}
|
|
284
280
|
async getData(page, version, published, toSchemaVersion = templateRegistry.currentSchemaVersion) {
|
|
285
|
-
if (!published && !
|
|
281
|
+
if (!published && !this.mayViewLatest(page))
|
|
286
282
|
throw new Error('User is only permitted to see the published version of this page.');
|
|
287
283
|
return await this.raw.getData(page, version, published, toSchemaVersion);
|
|
288
284
|
}
|
|
289
|
-
|
|
285
|
+
hasPathBasedPageRulesForSite(siteId) {
|
|
290
286
|
var _a;
|
|
291
287
|
;
|
|
292
288
|
(_a = this.ctx).hasPathBasedPageRulesForSite ?? (_a.hasPathBasedPageRulesForSite = {});
|
|
293
289
|
if (!this.ctx.hasPathBasedPageRulesForSite[siteId]) {
|
|
294
|
-
const rules =
|
|
290
|
+
const rules = this.ctx.authInfo.pageRules;
|
|
295
291
|
this.ctx.hasPathBasedPageRulesForSite[siteId] = rules.some(r => r.path !== '/' && (!r.siteId || r.siteId === siteId));
|
|
296
292
|
}
|
|
297
293
|
return this.ctx.hasPathBasedPageRulesForSite[siteId];
|
|
298
294
|
}
|
|
299
295
|
// may view the page in a list
|
|
300
|
-
|
|
296
|
+
mayView(page) {
|
|
301
297
|
if (page.orphaned) {
|
|
302
|
-
|
|
303
|
-
return siteRules.some(r => r.grants.delete);
|
|
298
|
+
return this.ctx.authInfo.siteRules.some(r => r.grants.delete && SiteRuleService.applies(r, page.siteId));
|
|
304
299
|
}
|
|
305
|
-
const
|
|
306
|
-
this.currentPageRules(),
|
|
307
|
-
this.raw.getPath(page)
|
|
308
|
-
]);
|
|
309
|
-
const pagePathWithoutSite = shiftPath(pagePath);
|
|
310
|
-
for (const pr of pageRules) {
|
|
300
|
+
for (const pr of this.ctx.authInfo.pageRules) {
|
|
311
301
|
if (!pr.grants.view)
|
|
312
302
|
continue;
|
|
313
303
|
if (!PageRuleService.appliesToPagetree(pr, page))
|
|
@@ -316,29 +306,30 @@ export class PageService extends DosGatoService {
|
|
|
316
306
|
continue;
|
|
317
307
|
if (page.deleteState === DeleteState.MARKEDFORDELETE && !pr.grants.delete)
|
|
318
308
|
continue;
|
|
319
|
-
if (PageRuleService.appliesToPath(pr,
|
|
309
|
+
if (PageRuleService.appliesToPath(pr, page.resolvedPathWithoutSitename))
|
|
320
310
|
return true;
|
|
321
|
-
if (PageRuleService.appliesToChildOfPath(pr,
|
|
311
|
+
if (PageRuleService.appliesToChildOfPath(pr, page.resolvedPathWithoutSitename))
|
|
322
312
|
return true;
|
|
323
|
-
if (PageRuleService.appliesToParentOfPath(pr,
|
|
313
|
+
if (PageRuleService.appliesToParentOfPath(pr, page.resolvedPathWithoutSitename))
|
|
324
314
|
return true;
|
|
325
315
|
}
|
|
326
316
|
return false;
|
|
327
317
|
}
|
|
328
318
|
// may view the page if requested individually
|
|
329
|
-
|
|
330
|
-
return (page.pagetreeType === PagetreeType.PRIMARY && !page.orphaned && page.deleteState === DeleteState.NOTDELETED) ||
|
|
319
|
+
mayViewIndividual(page) {
|
|
320
|
+
return (page.pagetreeType === PagetreeType.PRIMARY && !page.orphaned && page.deleteState === DeleteState.NOTDELETED) || this.mayView(page);
|
|
331
321
|
}
|
|
332
|
-
|
|
333
|
-
return
|
|
322
|
+
mayViewForEdit(page) {
|
|
323
|
+
return this.mayView(page);
|
|
334
324
|
}
|
|
335
|
-
|
|
336
|
-
return
|
|
325
|
+
mayViewLatest(page) {
|
|
326
|
+
return this.havePagePerm(page, 'viewlatest');
|
|
337
327
|
}
|
|
338
|
-
|
|
339
|
-
return
|
|
328
|
+
mayViewManagerUI() {
|
|
329
|
+
return this.ctx.authInfo.pageRules.some(r => r.grants.viewForEdit);
|
|
340
330
|
}
|
|
341
|
-
|
|
331
|
+
/** @deprecated use page.published */
|
|
332
|
+
isPublished(page) {
|
|
342
333
|
return page.published;
|
|
343
334
|
}
|
|
344
335
|
async isLive(page) {
|
|
@@ -355,10 +346,10 @@ export class PageService extends DosGatoService {
|
|
|
355
346
|
return true;
|
|
356
347
|
return page.orphaned;
|
|
357
348
|
}
|
|
358
|
-
|
|
349
|
+
checkPerm(page, perm, acceptPendingDelete) {
|
|
359
350
|
if (this.isOrphanedOrDeleted(page, acceptPendingDelete))
|
|
360
351
|
return false;
|
|
361
|
-
return
|
|
352
|
+
return this.havePagePerm(page, perm);
|
|
362
353
|
}
|
|
363
354
|
opRestricted(page, operation) {
|
|
364
355
|
return templateRegistry.serverConfig.restrictPageOperation?.({
|
|
@@ -366,34 +357,24 @@ export class PageService extends DosGatoService {
|
|
|
366
357
|
name: page.name,
|
|
367
358
|
path: page.path,
|
|
368
359
|
templateKey: page.templateKey,
|
|
369
|
-
pagetreeType: page.pagetreeType
|
|
370
|
-
|
|
371
|
-
}, operation);
|
|
360
|
+
pagetreeType: page.pagetreeType
|
|
361
|
+
}, operation, this.ctx.authInfo.roles);
|
|
372
362
|
}
|
|
373
363
|
// authenticated user may create pages underneath given page
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
id: page.id,
|
|
377
|
-
name: page.name,
|
|
378
|
-
path: page.path,
|
|
379
|
-
templateKey: page.templateKey,
|
|
380
|
-
pagetreeType: page.pagetreeType,
|
|
381
|
-
roles: this.currentRoles
|
|
382
|
-
}, 'into');
|
|
383
|
-
return !this.opRestricted(page, 'into') && await this.checkPerm(page, 'create', false);
|
|
364
|
+
mayCreate(page) {
|
|
365
|
+
return !this.opRestricted(page, 'into') && this.checkPerm(page, 'create', false);
|
|
384
366
|
}
|
|
385
|
-
|
|
386
|
-
return
|
|
367
|
+
mayUpdate(page) {
|
|
368
|
+
return this.checkPerm(page, 'update', false);
|
|
387
369
|
}
|
|
388
370
|
async mayPublish(page, parentBeingPublished) {
|
|
389
|
-
if (!
|
|
371
|
+
if (!this.checkPerm(page, 'publish', false))
|
|
390
372
|
return false;
|
|
391
373
|
if (page.pagetreeType === PagetreeType.ARCHIVE)
|
|
392
374
|
return false;
|
|
393
375
|
if (page.parentInternalId && !parentBeingPublished) {
|
|
394
376
|
const parent = await this.raw.findByInternalId(page.parentInternalId);
|
|
395
|
-
|
|
396
|
-
return false;
|
|
377
|
+
return (!!parent.published);
|
|
397
378
|
}
|
|
398
379
|
return true;
|
|
399
380
|
}
|
|
@@ -403,30 +384,26 @@ export class PageService extends DosGatoService {
|
|
|
403
384
|
return false;
|
|
404
385
|
if (this.opRestricted(page, 'unpublish'))
|
|
405
386
|
return false;
|
|
406
|
-
|
|
407
|
-
this.checkPerm(page, 'unpublish', !!parentBeingUnpublished),
|
|
408
|
-
this.isPublished(page)
|
|
409
|
-
]);
|
|
410
|
-
return checkPerm && (isPublished || !!parentBeingUnpublished);
|
|
387
|
+
return this.checkPerm(page, 'unpublish', !!parentBeingUnpublished) && (page.published || !!parentBeingUnpublished);
|
|
411
388
|
}
|
|
412
|
-
|
|
389
|
+
mayMove(page) {
|
|
413
390
|
if (!page.parentInternalId)
|
|
414
391
|
return false; // root page of a site/pagetree cannot be moved
|
|
415
392
|
if (this.opRestricted(page, 'move'))
|
|
416
393
|
return false;
|
|
417
|
-
return
|
|
394
|
+
return this.checkPerm(page, 'move', false);
|
|
418
395
|
}
|
|
419
|
-
|
|
396
|
+
mayDelete(page) {
|
|
420
397
|
if (!page.parentInternalId)
|
|
421
398
|
return false; // root page of a site/pagetree cannot be deleted
|
|
422
399
|
if (this.opRestricted(page, 'delete'))
|
|
423
400
|
return false;
|
|
424
|
-
return
|
|
401
|
+
return this.checkPerm(page, 'delete', true);
|
|
425
402
|
}
|
|
426
|
-
|
|
403
|
+
mayUndelete(page) {
|
|
427
404
|
if (page.deleteState === DeleteState.NOTDELETED || page.orphaned)
|
|
428
405
|
return false;
|
|
429
|
-
return page.deleteState === DeleteState.MARKEDFORDELETE ?
|
|
406
|
+
return page.deleteState === DeleteState.MARKEDFORDELETE ? this.havePagePerm(page, 'delete') : this.havePagePerm(page, 'undelete');
|
|
430
407
|
}
|
|
431
408
|
/**
|
|
432
409
|
* MUTATIONS
|
|
@@ -434,7 +411,7 @@ export class PageService extends DosGatoService {
|
|
|
434
411
|
async movePages(dataIds, targetId, above) {
|
|
435
412
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull);
|
|
436
413
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
437
|
-
if (!
|
|
414
|
+
if (!this.mayCreate(parent) || pages.some(page => !this.mayMove(page))) {
|
|
438
415
|
throw new Error('You are not permitted to perform this move.');
|
|
439
416
|
}
|
|
440
417
|
if (pages.some(p => p.pagetreeId !== parent.pagetreeId))
|
|
@@ -451,7 +428,7 @@ export class PageService extends DosGatoService {
|
|
|
451
428
|
if (!pages.length)
|
|
452
429
|
throw new Error('No valid pages selected.');
|
|
453
430
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
454
|
-
if (!parent || !(
|
|
431
|
+
if (!parent || !(this.mayCreate(parent))) {
|
|
455
432
|
throw new Error('You are not permitted to copy pages to this location.');
|
|
456
433
|
}
|
|
457
434
|
// Is this page allowed to be copied here?
|
|
@@ -519,7 +496,7 @@ export class PageService extends DosGatoService {
|
|
|
519
496
|
}
|
|
520
497
|
async createPage(name, data, targetId, above, validateOnly, extra) {
|
|
521
498
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
522
|
-
if (!(
|
|
499
|
+
if (!(this.mayCreate(parent)))
|
|
523
500
|
throw new Error('Current user is not permitted to create pages in the specified parent.');
|
|
524
501
|
// at the time of writing this comment, template usage is approved for an entire pagetree, so
|
|
525
502
|
// it should be safe to simply check if the targeted parent/sibling is allowed to use this template
|
|
@@ -531,7 +508,7 @@ export class PageService extends DosGatoService {
|
|
|
531
508
|
siteId: site.id,
|
|
532
509
|
pagetreeId: pagetree.id,
|
|
533
510
|
parentId: parent.id,
|
|
534
|
-
pagePath: `${
|
|
511
|
+
pagePath: `${parent.resolvedPath}/${name}`,
|
|
535
512
|
name
|
|
536
513
|
};
|
|
537
514
|
const migrated = await migratePage(data, extras);
|
|
@@ -555,7 +532,7 @@ export class PageService extends DosGatoService {
|
|
|
555
532
|
let page = await this.raw.findById(dataId);
|
|
556
533
|
if (!page)
|
|
557
534
|
throw new Error('Cannot update a page that does not exist.');
|
|
558
|
-
if (!
|
|
535
|
+
if (!this.mayUpdate(page))
|
|
559
536
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
560
537
|
await this.validatePageTemplates(data, { page });
|
|
561
538
|
const parent = page.parentInternalId ? await this.findByInternalId(page.parentInternalId) : undefined;
|
|
@@ -566,7 +543,7 @@ export class PageService extends DosGatoService {
|
|
|
566
543
|
siteId: site.id,
|
|
567
544
|
pagetreeId: pagetree.id,
|
|
568
545
|
parentId: parent?.id,
|
|
569
|
-
pagePath: `${parent
|
|
546
|
+
pagePath: `${parent?.resolvedPath ?? ''}/${page.name}`,
|
|
570
547
|
name: page.name,
|
|
571
548
|
linkId: page.linkId,
|
|
572
549
|
pageId: page.id
|
|
@@ -590,7 +567,7 @@ export class PageService extends DosGatoService {
|
|
|
590
567
|
let page = await this.raw.findById(dataId);
|
|
591
568
|
if (!page)
|
|
592
569
|
throw new Error('Cannot restore an older version of a page that does not exist.');
|
|
593
|
-
if (!(
|
|
570
|
+
if (!(this.mayUpdate(page)))
|
|
594
571
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
595
572
|
const [dataToRestore, meta] = await Promise.all([
|
|
596
573
|
this.svc(VersionedService).get(page.intDataId, { version: restoreVersion }),
|
|
@@ -630,7 +607,7 @@ export class PageService extends DosGatoService {
|
|
|
630
607
|
let page = await this.raw.findById(dataId);
|
|
631
608
|
if (!page)
|
|
632
609
|
throw new Error('Cannot update a page that does not exist.');
|
|
633
|
-
if (!
|
|
610
|
+
if (!this.mayUpdate(page))
|
|
634
611
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
635
612
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
636
613
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -665,7 +642,7 @@ export class PageService extends DosGatoService {
|
|
|
665
642
|
let page = await this.raw.findById(dataId);
|
|
666
643
|
if (!page)
|
|
667
644
|
throw new Error('Cannot update a page that does not exist.');
|
|
668
|
-
if (!
|
|
645
|
+
if (!this.mayUpdate(page))
|
|
669
646
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
670
647
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
671
648
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -702,7 +679,7 @@ export class PageService extends DosGatoService {
|
|
|
702
679
|
let page = await this.raw.findById(dataId);
|
|
703
680
|
if (!page)
|
|
704
681
|
throw new Error('Cannot update a page that does not exist.');
|
|
705
|
-
if (!
|
|
682
|
+
if (!this.mayUpdate(page))
|
|
706
683
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
707
684
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
708
685
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -787,7 +764,7 @@ export class PageService extends DosGatoService {
|
|
|
787
764
|
let page = await this.raw.findById(dataId);
|
|
788
765
|
if (!page)
|
|
789
766
|
throw new Error('Cannot update a page that does not exist.');
|
|
790
|
-
if (!
|
|
767
|
+
if (!this.mayUpdate(page))
|
|
791
768
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
792
769
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
793
770
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -873,7 +850,7 @@ export class PageService extends DosGatoService {
|
|
|
873
850
|
let page = await this.raw.findById(dataId);
|
|
874
851
|
if (!page)
|
|
875
852
|
throw new Error('Cannot update a page that does not exist.');
|
|
876
|
-
if (!
|
|
853
|
+
if (!this.mayUpdate(page))
|
|
877
854
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
878
855
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
879
856
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -905,7 +882,7 @@ export class PageService extends DosGatoService {
|
|
|
905
882
|
let page = await this.raw.findById(dataId);
|
|
906
883
|
if (!page)
|
|
907
884
|
throw new Error('Cannot update a page that does not exist.');
|
|
908
|
-
if (this.opRestricted(page, 'changetemplate') || !
|
|
885
|
+
if (this.opRestricted(page, 'changetemplate') || !this.mayUpdate(page))
|
|
909
886
|
throw new Error("You are not permitted to change this page's template.");
|
|
910
887
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
911
888
|
const extras = await this.raw.pageExtras(page);
|
|
@@ -933,7 +910,7 @@ export class PageService extends DosGatoService {
|
|
|
933
910
|
const page = await this.raw.findById(dataId);
|
|
934
911
|
if (!page)
|
|
935
912
|
throw new Error('Cannot rename a page that does not exist.');
|
|
936
|
-
if (this.opRestricted(page, 'rename') || !
|
|
913
|
+
if (this.opRestricted(page, 'rename') || !this.mayMove(page))
|
|
937
914
|
throw new Error('You are not permitted to rename this page.');
|
|
938
915
|
const response = new PageResponse({ success: true });
|
|
939
916
|
if (isNotNull(page.parentInternalId)) {
|
|
@@ -959,12 +936,11 @@ export class PageService extends DosGatoService {
|
|
|
959
936
|
}
|
|
960
937
|
async deletePages(dataIds) {
|
|
961
938
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull);
|
|
962
|
-
if (
|
|
939
|
+
if (pages.some(page => !this.mayDelete(page))) {
|
|
963
940
|
throw new Error('Current user is not permitted to delete one or more pages');
|
|
964
941
|
}
|
|
965
|
-
const currentUser = await this.currentUser();
|
|
966
942
|
try {
|
|
967
|
-
await deletePages(this.svc(VersionedService), pages,
|
|
943
|
+
await deletePages(this.svc(VersionedService), pages, this.ctx.authInfo.user.internalId);
|
|
968
944
|
this.loaders.clear();
|
|
969
945
|
const updated = await this.raw.findByIds(dataIds);
|
|
970
946
|
return new PagesResponse({ success: true, pages: updated });
|
|
@@ -976,11 +952,10 @@ export class PageService extends DosGatoService {
|
|
|
976
952
|
}
|
|
977
953
|
async publishPageDeletions(dataIds) {
|
|
978
954
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull).filter(p => p.deleteState !== DeleteState.NOTDELETED);
|
|
979
|
-
if (
|
|
980
|
-
throw new Error('
|
|
955
|
+
if (pages.some(page => !this.mayDelete(page))) {
|
|
956
|
+
throw new Error('You are not permitted to delete one or more of the selected pages.');
|
|
981
957
|
}
|
|
982
|
-
|
|
983
|
-
await publishPageDeletions(pages, currentUser.internalId);
|
|
958
|
+
await publishPageDeletions(pages, this.ctx.authInfo.user.internalId);
|
|
984
959
|
this.loaders.clear();
|
|
985
960
|
const updated = await this.raw.findByIds(pages.map(p => p.id));
|
|
986
961
|
return new PagesResponse({ success: true, pages: updated });
|
|
@@ -991,8 +966,8 @@ export class PageService extends DosGatoService {
|
|
|
991
966
|
const children = (await Promise.all(pages.map(async (page) => await this.getPageChildren(page, true)))).flat();
|
|
992
967
|
pages = [...pages, ...children];
|
|
993
968
|
}
|
|
994
|
-
if (
|
|
995
|
-
throw new Error('
|
|
969
|
+
if (pages.some(page => !this.mayUndelete(page))) {
|
|
970
|
+
throw new Error('You are not permitted to restore one or more of the selected pages.');
|
|
996
971
|
}
|
|
997
972
|
await undeletePages(pages);
|
|
998
973
|
this.loaders.clear();
|