@dosgato/api 1.2.4 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access/access.resolver.d.ts +11 -11
- package/dist/access/access.resolver.js +33 -33
- package/dist/access/access.resolver.js.map +1 -1
- package/dist/asset/asset.database.js +26 -13
- package/dist/asset/asset.database.js.map +1 -1
- package/dist/asset/asset.model.d.ts +3 -0
- package/dist/asset/asset.model.js +1 -0
- package/dist/asset/asset.model.js.map +1 -1
- package/dist/asset/asset.resolver.d.ts +6 -6
- package/dist/asset/asset.resolver.js +18 -18
- package/dist/asset/asset.resolver.js.map +1 -1
- package/dist/asset/asset.routes.js +30 -35
- package/dist/asset/asset.routes.js.map +1 -1
- package/dist/asset/asset.service.d.ts +8 -8
- package/dist/asset/asset.service.js +52 -64
- package/dist/asset/asset.service.js.map +1 -1
- package/dist/assetfolder/assetfolder.database.js +23 -10
- package/dist/assetfolder/assetfolder.database.js.map +1 -1
- package/dist/assetfolder/assetfolder.model.d.ts +2 -0
- package/dist/assetfolder/assetfolder.model.js.map +1 -1
- package/dist/assetfolder/assetfolder.resolver.d.ts +6 -6
- package/dist/assetfolder/assetfolder.resolver.js +18 -18
- package/dist/assetfolder/assetfolder.resolver.js.map +1 -1
- package/dist/assetfolder/assetfolder.service.d.ts +9 -9
- package/dist/assetfolder/assetfolder.service.js +41 -52
- package/dist/assetfolder/assetfolder.service.js.map +1 -1
- package/dist/assetrule/assetrule.service.d.ts +2 -2
- package/dist/assetrule/assetrule.service.js +14 -16
- package/dist/assetrule/assetrule.service.js.map +1 -1
- package/dist/data/data.database.js +7 -7
- package/dist/data/data.database.js.map +1 -1
- package/dist/data/data.model.d.ts +3 -0
- package/dist/data/data.model.js +4 -1
- package/dist/data/data.model.js.map +1 -1
- package/dist/data/data.resolver.d.ts +8 -8
- package/dist/data/data.resolver.js +25 -25
- package/dist/data/data.resolver.js.map +1 -1
- package/dist/data/data.service.d.ts +11 -12
- package/dist/data/data.service.js +49 -62
- package/dist/data/data.service.js.map +1 -1
- package/dist/datafolder/datafolder.database.js +2 -1
- package/dist/datafolder/datafolder.database.js.map +1 -1
- package/dist/datafolder/datafolder.model.d.ts +2 -0
- package/dist/datafolder/datafolder.model.js +2 -0
- package/dist/datafolder/datafolder.model.js.map +1 -1
- package/dist/datafolder/datafolder.resolver.d.ts +6 -6
- package/dist/datafolder/datafolder.resolver.js +18 -18
- package/dist/datafolder/datafolder.resolver.js.map +1 -1
- package/dist/datafolder/datafolder.service.d.ts +7 -7
- package/dist/datafolder/datafolder.service.js +41 -45
- package/dist/datafolder/datafolder.service.js.map +1 -1
- package/dist/dataroot/dataroot.resolver.d.ts +1 -1
- package/dist/dataroot/dataroot.resolver.js +3 -3
- package/dist/dataroot/dataroot.resolver.js.map +1 -1
- package/dist/dataroot/dataroot.service.d.ts +3 -3
- package/dist/dataroot/dataroot.service.js +8 -8
- package/dist/dataroot/dataroot.service.js.map +1 -1
- package/dist/datarule/datarule.model.d.ts +1 -0
- package/dist/datarule/datarule.model.js +2 -1
- package/dist/datarule/datarule.model.js.map +1 -1
- package/dist/datarule/datarule.service.d.ts +4 -4
- package/dist/datarule/datarule.service.js +18 -21
- package/dist/datarule/datarule.service.js.map +1 -1
- package/dist/globalrule/globalrule.service.d.ts +3 -3
- package/dist/globalrule/globalrule.service.js +13 -21
- package/dist/globalrule/globalrule.service.js.map +1 -1
- package/dist/group/group.resolver.d.ts +2 -2
- package/dist/group/group.resolver.js +6 -6
- package/dist/group/group.resolver.js.map +1 -1
- package/dist/group/group.service.d.ts +7 -7
- package/dist/group/group.service.js +46 -49
- package/dist/group/group.service.js.map +1 -1
- package/dist/index.js +8 -8
- package/dist/index.js.map +1 -1
- package/dist/organization/organization.service.d.ts +2 -2
- package/dist/organization/organization.service.js +7 -7
- package/dist/organization/organization.service.js.map +1 -1
- package/dist/page/page.bootstrap.js +3 -3
- package/dist/page/page.bootstrap.js.map +1 -1
- package/dist/page/page.database.js +28 -14
- package/dist/page/page.database.js.map +1 -1
- package/dist/page/page.model.d.ts +2 -0
- package/dist/page/page.model.js.map +1 -1
- package/dist/page/page.resolver.d.ts +8 -8
- package/dist/page/page.resolver.js +24 -24
- package/dist/page/page.resolver.js.map +1 -1
- package/dist/page/page.routes.js +33 -39
- package/dist/page/page.routes.js.map +1 -1
- package/dist/page/page.service.d.ts +20 -16
- package/dist/page/page.service.js +79 -95
- package/dist/page/page.service.js.map +1 -1
- package/dist/pagerule/pagerule.service.d.ts +2 -2
- package/dist/pagerule/pagerule.service.js +15 -18
- package/dist/pagerule/pagerule.service.js.map +1 -1
- package/dist/pagetree/pagetree.resolver.d.ts +5 -5
- package/dist/pagetree/pagetree.resolver.js +18 -18
- package/dist/pagetree/pagetree.resolver.js.map +1 -1
- package/dist/pagetree/pagetree.service.d.ts +5 -7
- package/dist/pagetree/pagetree.service.js +26 -72
- package/dist/pagetree/pagetree.service.js.map +1 -1
- package/dist/role/role.resolver.d.ts +3 -3
- package/dist/role/role.resolver.js +9 -9
- package/dist/role/role.resolver.js.map +1 -1
- package/dist/role/role.service.d.ts +6 -7
- package/dist/role/role.service.js +32 -32
- package/dist/role/role.service.js.map +1 -1
- package/dist/site/site.database.js +3 -7
- package/dist/site/site.database.js.map +1 -1
- package/dist/site/site.resolver.d.ts +7 -7
- package/dist/site/site.resolver.js +30 -30
- package/dist/site/site.resolver.js.map +1 -1
- package/dist/site/site.service.d.ts +13 -11
- package/dist/site/site.service.js +50 -57
- package/dist/site/site.service.js.map +1 -1
- package/dist/sitecomment/sitecomment.routes.js +3 -4
- package/dist/sitecomment/sitecomment.routes.js.map +1 -1
- package/dist/sitecomment/sitecomment.service.d.ts +1 -1
- package/dist/sitecomment/sitecomment.service.js +5 -9
- package/dist/sitecomment/sitecomment.service.js.map +1 -1
- package/dist/siterule/siterule.service.d.ts +2 -2
- package/dist/siterule/siterule.service.js +13 -15
- package/dist/siterule/siterule.service.js.map +1 -1
- package/dist/template/template.resolver.d.ts +2 -2
- package/dist/template/template.resolver.js +6 -6
- package/dist/template/template.resolver.js.map +1 -1
- package/dist/template/template.service.d.ts +4 -4
- package/dist/template/template.service.js +21 -25
- package/dist/template/template.service.js.map +1 -1
- package/dist/templaterule/templaterule.service.d.ts +2 -2
- package/dist/templaterule/templaterule.service.js +11 -13
- package/dist/templaterule/templaterule.service.js.map +1 -1
- package/dist/user/user.service.d.ts +6 -6
- package/dist/user/user.service.js +30 -31
- package/dist/user/user.service.js.map +1 -1
- package/dist/util/authservice.d.ts +17 -27
- package/dist/util/authservice.js +29 -155
- package/dist/util/authservice.js.map +1 -1
- package/dist/util/context.d.ts +24 -0
- package/dist/util/context.js +99 -0
- package/dist/util/context.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +4 -0
- package/dist/util/index.js.map +1 -1
- package/dist/util/registry.d.ts +6 -2
- package/dist/util/registry.js +3 -0
- package/dist/util/registry.js.map +1 -1
- package/dist/version/version.resolver.js +3 -3
- package/dist/version/version.resolver.js.map +1 -1
- package/package.json +2 -2
|
@@ -2,7 +2,7 @@ import { BaseService, ValidatedResponse, MutationMessageType } from '@txstate-mw
|
|
|
2
2
|
import { ManyJoinedLoader, OneToManyLoader, PrimaryKeyLoader } from 'dataloader-factory';
|
|
3
3
|
import db from 'mysql2-async/db';
|
|
4
4
|
import { equal, filterAsync, get, intersect, isBlank, isNotBlank, isNotNull, keyby, set, someAsync, sortby, stringify, unique } from 'txstate-utils';
|
|
5
|
-
import { VersionedService, templateRegistry, DosGatoService, PageResponse, PagesResponse, createPage, getPages, movePages, deletePages, renamePage, TemplateService, getPageIndexes, undeletePages, validatePage, copyPages, TemplateType, migratePage, PagetreeServiceInternal, collectTemplates, TemplateServiceInternal, SiteServiceInternal, PagetreeType, DeleteState, publishPageDeletions, getPagesByPath, parsePath, normalizePath, validateRecurse, DeleteStateAll, PageRuleService, SiteRuleService,
|
|
5
|
+
import { VersionedService, templateRegistry, DosGatoService, PageResponse, PagesResponse, createPage, getPages, movePages, deletePages, renamePage, TemplateService, getPageIndexes, undeletePages, validatePage, copyPages, TemplateType, migratePage, PagetreeServiceInternal, collectTemplates, TemplateServiceInternal, SiteServiceInternal, PagetreeType, DeleteState, publishPageDeletions, getPagesByPath, parsePath, normalizePath, validateRecurse, DeleteStateAll, PageRuleService, SiteRuleService, systemContext, collectComponents, makePathSafe, LaunchState } from '../internal.js';
|
|
6
6
|
const pagesByInternalIdLoader = new PrimaryKeyLoader({
|
|
7
7
|
fetch: async (internalIds) => {
|
|
8
8
|
return await getPages({ internalIds, deleteStates: DeleteStateAll });
|
|
@@ -110,9 +110,11 @@ export class PageServiceInternal extends BaseService {
|
|
|
110
110
|
return page;
|
|
111
111
|
return await this.findByInternalId(rootId);
|
|
112
112
|
}
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
113
|
+
/**
|
|
114
|
+
* @deprecated use page.resolvedPath instead
|
|
115
|
+
*/
|
|
116
|
+
getPath(page) {
|
|
117
|
+
return page.resolvedPath;
|
|
116
118
|
}
|
|
117
119
|
async getData(page, version, published, toSchemaVersion = templateRegistry.currentSchemaVersion) {
|
|
118
120
|
const [versioned, extras] = await Promise.all([
|
|
@@ -129,7 +131,7 @@ export class PageServiceInternal extends BaseService {
|
|
|
129
131
|
siteId: String(page.siteInternalId),
|
|
130
132
|
pagetreeId: page.pagetreeId,
|
|
131
133
|
parentId: String(page.parentInternalId),
|
|
132
|
-
pagePath:
|
|
134
|
+
pagePath: page.resolvedPath,
|
|
133
135
|
pageId: page.id,
|
|
134
136
|
linkId: page.linkId,
|
|
135
137
|
name: page.name
|
|
@@ -231,83 +233,71 @@ export class PageService extends DosGatoService {
|
|
|
231
233
|
super(...arguments);
|
|
232
234
|
this.raw = this.svc(PageServiceInternal);
|
|
233
235
|
}
|
|
234
|
-
|
|
235
|
-
return filter?.viewForEdit ?
|
|
236
|
+
postFilter(pages, filter) {
|
|
237
|
+
return filter?.viewForEdit ? pages.filter(p => this.mayViewForEdit(p)) : pages;
|
|
236
238
|
}
|
|
237
239
|
async find(filter) {
|
|
238
|
-
const
|
|
239
|
-
this.raw.find(filter),
|
|
240
|
-
this.currentPageRules() // pre-load and cache page rules so they're ready for removeUnauthorized
|
|
241
|
-
]);
|
|
240
|
+
const ret = await this.raw.find(filter);
|
|
242
241
|
if (filter.links?.length || filter.paths?.length || filter.ids?.length)
|
|
243
|
-
return
|
|
244
|
-
return
|
|
242
|
+
return ret.filter(p => this.mayViewIndividual(p));
|
|
243
|
+
return this.postFilter(this.removeUnauthorized(ret), filter);
|
|
245
244
|
}
|
|
246
245
|
async findById(id) {
|
|
247
|
-
return
|
|
246
|
+
return this.removeUnauthorized(await this.raw.findById(id));
|
|
248
247
|
}
|
|
249
248
|
async findByIds(ids) {
|
|
250
|
-
return
|
|
249
|
+
return this.removeUnauthorized(await this.raw.findByIds(ids));
|
|
251
250
|
}
|
|
252
251
|
async findByInternalId(internalId) {
|
|
253
|
-
return
|
|
252
|
+
return this.removeUnauthorized(await this.raw.findByInternalId(internalId));
|
|
254
253
|
}
|
|
255
254
|
async findByPagetreeId(id, filter) {
|
|
256
|
-
const
|
|
257
|
-
|
|
258
|
-
this.currentPageRules() // pre-load and cache page rules so they're ready for removeUnauthorized
|
|
259
|
-
]);
|
|
260
|
-
return await this.postFilter(await this.removeUnauthorized(ret), filter);
|
|
255
|
+
const ret = await this.raw.findByPagetreeId(id, filter);
|
|
256
|
+
return this.postFilter(this.removeUnauthorized(ret), filter);
|
|
261
257
|
}
|
|
262
258
|
async findByTemplate(key, filter) {
|
|
263
|
-
return
|
|
259
|
+
return this.postFilter(this.removeUnauthorized(await this.raw.findByTemplate(key, filter)), filter);
|
|
264
260
|
}
|
|
265
261
|
async getPageChildren(page, recursive, filter) {
|
|
266
|
-
return
|
|
262
|
+
return this.postFilter(this.removeUnauthorized(await this.raw.getPageChildren(page, recursive, filter)), filter);
|
|
267
263
|
}
|
|
268
264
|
async getPageAncestors(page) {
|
|
269
|
-
return
|
|
265
|
+
return this.removeUnauthorized(await this.raw.getPageAncestors(page));
|
|
270
266
|
}
|
|
271
267
|
async getApprovedTemplates(page, filter) {
|
|
272
268
|
const templates = await this.svc(TemplateServiceInternal).find(filter);
|
|
273
269
|
return await filterAsync(templates, async (template) => await this.svc(TemplateService).mayUseOnPage(template, page));
|
|
274
270
|
}
|
|
275
271
|
async getRootPage(page) {
|
|
276
|
-
return
|
|
272
|
+
return this.removeUnauthorized(await this.raw.getRootPage(page));
|
|
277
273
|
}
|
|
278
|
-
|
|
279
|
-
return
|
|
274
|
+
getPath(page) {
|
|
275
|
+
return this.raw.getPath(page);
|
|
280
276
|
}
|
|
281
277
|
async getTags(page, published) {
|
|
282
278
|
return await this.svc(VersionedService).getCurrentIndexValues(page.intDataId, 'dg_tag', published);
|
|
283
279
|
}
|
|
284
280
|
async getData(page, version, published, toSchemaVersion = templateRegistry.currentSchemaVersion) {
|
|
285
|
-
if (!published && !
|
|
281
|
+
if (!published && !this.mayViewLatest(page))
|
|
286
282
|
throw new Error('User is only permitted to see the published version of this page.');
|
|
287
283
|
return await this.raw.getData(page, version, published, toSchemaVersion);
|
|
288
284
|
}
|
|
289
|
-
|
|
285
|
+
hasPathBasedPageRulesForSite(siteId) {
|
|
290
286
|
var _a;
|
|
291
287
|
;
|
|
292
288
|
(_a = this.ctx).hasPathBasedPageRulesForSite ?? (_a.hasPathBasedPageRulesForSite = {});
|
|
293
289
|
if (!this.ctx.hasPathBasedPageRulesForSite[siteId]) {
|
|
294
|
-
const rules =
|
|
290
|
+
const rules = this.ctx.authInfo.pageRules;
|
|
295
291
|
this.ctx.hasPathBasedPageRulesForSite[siteId] = rules.some(r => r.path !== '/' && (!r.siteId || r.siteId === siteId));
|
|
296
292
|
}
|
|
297
293
|
return this.ctx.hasPathBasedPageRulesForSite[siteId];
|
|
298
294
|
}
|
|
299
295
|
// may view the page in a list
|
|
300
|
-
|
|
296
|
+
mayView(page) {
|
|
301
297
|
if (page.orphaned) {
|
|
302
|
-
|
|
303
|
-
return siteRules.some(r => r.grants.delete);
|
|
298
|
+
return this.ctx.authInfo.siteRules.some(r => r.grants.delete && SiteRuleService.applies(r, page.siteId));
|
|
304
299
|
}
|
|
305
|
-
const
|
|
306
|
-
this.currentPageRules(),
|
|
307
|
-
this.raw.getPath(page)
|
|
308
|
-
]);
|
|
309
|
-
const pagePathWithoutSite = shiftPath(pagePath);
|
|
310
|
-
for (const pr of pageRules) {
|
|
300
|
+
for (const pr of this.ctx.authInfo.pageRules) {
|
|
311
301
|
if (!pr.grants.view)
|
|
312
302
|
continue;
|
|
313
303
|
if (!PageRuleService.appliesToPagetree(pr, page))
|
|
@@ -316,29 +306,30 @@ export class PageService extends DosGatoService {
|
|
|
316
306
|
continue;
|
|
317
307
|
if (page.deleteState === DeleteState.MARKEDFORDELETE && !pr.grants.delete)
|
|
318
308
|
continue;
|
|
319
|
-
if (PageRuleService.appliesToPath(pr,
|
|
309
|
+
if (PageRuleService.appliesToPath(pr, page.resolvedPathWithoutSitename))
|
|
320
310
|
return true;
|
|
321
|
-
if (PageRuleService.appliesToChildOfPath(pr,
|
|
311
|
+
if (PageRuleService.appliesToChildOfPath(pr, page.resolvedPathWithoutSitename))
|
|
322
312
|
return true;
|
|
323
|
-
if (PageRuleService.appliesToParentOfPath(pr,
|
|
313
|
+
if (PageRuleService.appliesToParentOfPath(pr, page.resolvedPathWithoutSitename))
|
|
324
314
|
return true;
|
|
325
315
|
}
|
|
326
316
|
return false;
|
|
327
317
|
}
|
|
328
318
|
// may view the page if requested individually
|
|
329
|
-
|
|
330
|
-
return (page.pagetreeType === PagetreeType.PRIMARY && !page.orphaned && page.deleteState === DeleteState.NOTDELETED) ||
|
|
319
|
+
mayViewIndividual(page) {
|
|
320
|
+
return (page.pagetreeType === PagetreeType.PRIMARY && !page.orphaned && page.deleteState === DeleteState.NOTDELETED) || this.mayView(page);
|
|
331
321
|
}
|
|
332
|
-
|
|
333
|
-
return
|
|
322
|
+
mayViewForEdit(page) {
|
|
323
|
+
return this.mayView(page);
|
|
334
324
|
}
|
|
335
|
-
|
|
336
|
-
return
|
|
325
|
+
mayViewLatest(page) {
|
|
326
|
+
return this.havePagePerm(page, 'viewlatest');
|
|
337
327
|
}
|
|
338
|
-
|
|
339
|
-
return
|
|
328
|
+
mayViewManagerUI() {
|
|
329
|
+
return this.ctx.authInfo.pageRules.some(r => r.grants.viewForEdit);
|
|
340
330
|
}
|
|
341
|
-
|
|
331
|
+
/** @deprecated use page.published */
|
|
332
|
+
isPublished(page) {
|
|
342
333
|
return page.published;
|
|
343
334
|
}
|
|
344
335
|
async isLive(page) {
|
|
@@ -355,10 +346,10 @@ export class PageService extends DosGatoService {
|
|
|
355
346
|
return true;
|
|
356
347
|
return page.orphaned;
|
|
357
348
|
}
|
|
358
|
-
|
|
349
|
+
checkPerm(page, perm, acceptPendingDelete) {
|
|
359
350
|
if (this.isOrphanedOrDeleted(page, acceptPendingDelete))
|
|
360
351
|
return false;
|
|
361
|
-
return
|
|
352
|
+
return this.havePagePerm(page, perm);
|
|
362
353
|
}
|
|
363
354
|
opRestricted(page, operation) {
|
|
364
355
|
return templateRegistry.serverConfig.restrictPageOperation?.({
|
|
@@ -367,24 +358,23 @@ export class PageService extends DosGatoService {
|
|
|
367
358
|
path: page.path,
|
|
368
359
|
templateKey: page.templateKey,
|
|
369
360
|
pagetreeType: page.pagetreeType
|
|
370
|
-
}, operation, this.
|
|
361
|
+
}, operation, this.ctx.authInfo.roles);
|
|
371
362
|
}
|
|
372
363
|
// authenticated user may create pages underneath given page
|
|
373
|
-
|
|
374
|
-
return !this.opRestricted(page, 'into') &&
|
|
364
|
+
mayCreate(page) {
|
|
365
|
+
return !this.opRestricted(page, 'into') && this.checkPerm(page, 'create', false);
|
|
375
366
|
}
|
|
376
|
-
|
|
377
|
-
return
|
|
367
|
+
mayUpdate(page) {
|
|
368
|
+
return this.checkPerm(page, 'update', false);
|
|
378
369
|
}
|
|
379
370
|
async mayPublish(page, parentBeingPublished) {
|
|
380
|
-
if (!
|
|
371
|
+
if (!this.checkPerm(page, 'publish', false))
|
|
381
372
|
return false;
|
|
382
373
|
if (page.pagetreeType === PagetreeType.ARCHIVE)
|
|
383
374
|
return false;
|
|
384
375
|
if (page.parentInternalId && !parentBeingPublished) {
|
|
385
376
|
const parent = await this.raw.findByInternalId(page.parentInternalId);
|
|
386
|
-
|
|
387
|
-
return false;
|
|
377
|
+
return (!!parent.published);
|
|
388
378
|
}
|
|
389
379
|
return true;
|
|
390
380
|
}
|
|
@@ -394,30 +384,26 @@ export class PageService extends DosGatoService {
|
|
|
394
384
|
return false;
|
|
395
385
|
if (this.opRestricted(page, 'unpublish'))
|
|
396
386
|
return false;
|
|
397
|
-
|
|
398
|
-
this.checkPerm(page, 'unpublish', !!parentBeingUnpublished),
|
|
399
|
-
this.isPublished(page)
|
|
400
|
-
]);
|
|
401
|
-
return checkPerm && (isPublished || !!parentBeingUnpublished);
|
|
387
|
+
return this.checkPerm(page, 'unpublish', !!parentBeingUnpublished) && (page.published || !!parentBeingUnpublished);
|
|
402
388
|
}
|
|
403
|
-
|
|
389
|
+
mayMove(page) {
|
|
404
390
|
if (!page.parentInternalId)
|
|
405
391
|
return false; // root page of a site/pagetree cannot be moved
|
|
406
392
|
if (this.opRestricted(page, 'move'))
|
|
407
393
|
return false;
|
|
408
|
-
return
|
|
394
|
+
return this.checkPerm(page, 'move', false);
|
|
409
395
|
}
|
|
410
|
-
|
|
396
|
+
mayDelete(page) {
|
|
411
397
|
if (!page.parentInternalId)
|
|
412
398
|
return false; // root page of a site/pagetree cannot be deleted
|
|
413
399
|
if (this.opRestricted(page, 'delete'))
|
|
414
400
|
return false;
|
|
415
|
-
return
|
|
401
|
+
return this.checkPerm(page, 'delete', true);
|
|
416
402
|
}
|
|
417
|
-
|
|
403
|
+
mayUndelete(page) {
|
|
418
404
|
if (page.deleteState === DeleteState.NOTDELETED || page.orphaned)
|
|
419
405
|
return false;
|
|
420
|
-
return page.deleteState === DeleteState.MARKEDFORDELETE ?
|
|
406
|
+
return page.deleteState === DeleteState.MARKEDFORDELETE ? this.havePagePerm(page, 'delete') : this.havePagePerm(page, 'undelete');
|
|
421
407
|
}
|
|
422
408
|
/**
|
|
423
409
|
* MUTATIONS
|
|
@@ -425,7 +411,7 @@ export class PageService extends DosGatoService {
|
|
|
425
411
|
async movePages(dataIds, targetId, above) {
|
|
426
412
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull);
|
|
427
413
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
428
|
-
if (!
|
|
414
|
+
if (!this.mayCreate(parent) || pages.some(page => !this.mayMove(page))) {
|
|
429
415
|
throw new Error('You are not permitted to perform this move.');
|
|
430
416
|
}
|
|
431
417
|
if (pages.some(p => p.pagetreeId !== parent.pagetreeId))
|
|
@@ -442,7 +428,7 @@ export class PageService extends DosGatoService {
|
|
|
442
428
|
if (!pages.length)
|
|
443
429
|
throw new Error('No valid pages selected.');
|
|
444
430
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
445
|
-
if (!parent || !(
|
|
431
|
+
if (!parent || !(this.mayCreate(parent))) {
|
|
446
432
|
throw new Error('You are not permitted to copy pages to this location.');
|
|
447
433
|
}
|
|
448
434
|
// Is this page allowed to be copied here?
|
|
@@ -510,7 +496,7 @@ export class PageService extends DosGatoService {
|
|
|
510
496
|
}
|
|
511
497
|
async createPage(name, data, targetId, above, validateOnly, extra) {
|
|
512
498
|
const { parent, aboveTarget } = await this.resolveTarget(targetId, above);
|
|
513
|
-
if (!(
|
|
499
|
+
if (!(this.mayCreate(parent)))
|
|
514
500
|
throw new Error('Current user is not permitted to create pages in the specified parent.');
|
|
515
501
|
// at the time of writing this comment, template usage is approved for an entire pagetree, so
|
|
516
502
|
// it should be safe to simply check if the targeted parent/sibling is allowed to use this template
|
|
@@ -522,7 +508,7 @@ export class PageService extends DosGatoService {
|
|
|
522
508
|
siteId: site.id,
|
|
523
509
|
pagetreeId: pagetree.id,
|
|
524
510
|
parentId: parent.id,
|
|
525
|
-
pagePath: `${
|
|
511
|
+
pagePath: `${parent.resolvedPath}/${name}`,
|
|
526
512
|
name
|
|
527
513
|
};
|
|
528
514
|
const migrated = await migratePage(data, extras);
|
|
@@ -546,7 +532,7 @@ export class PageService extends DosGatoService {
|
|
|
546
532
|
let page = await this.raw.findById(dataId);
|
|
547
533
|
if (!page)
|
|
548
534
|
throw new Error('Cannot update a page that does not exist.');
|
|
549
|
-
if (!
|
|
535
|
+
if (!this.mayUpdate(page))
|
|
550
536
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
551
537
|
await this.validatePageTemplates(data, { page });
|
|
552
538
|
const parent = page.parentInternalId ? await this.findByInternalId(page.parentInternalId) : undefined;
|
|
@@ -557,7 +543,7 @@ export class PageService extends DosGatoService {
|
|
|
557
543
|
siteId: site.id,
|
|
558
544
|
pagetreeId: pagetree.id,
|
|
559
545
|
parentId: parent?.id,
|
|
560
|
-
pagePath: `${parent
|
|
546
|
+
pagePath: `${parent?.resolvedPath ?? ''}/${page.name}`,
|
|
561
547
|
name: page.name,
|
|
562
548
|
linkId: page.linkId,
|
|
563
549
|
pageId: page.id
|
|
@@ -581,7 +567,7 @@ export class PageService extends DosGatoService {
|
|
|
581
567
|
let page = await this.raw.findById(dataId);
|
|
582
568
|
if (!page)
|
|
583
569
|
throw new Error('Cannot restore an older version of a page that does not exist.');
|
|
584
|
-
if (!(
|
|
570
|
+
if (!(this.mayUpdate(page)))
|
|
585
571
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
586
572
|
const [dataToRestore, meta] = await Promise.all([
|
|
587
573
|
this.svc(VersionedService).get(page.intDataId, { version: restoreVersion }),
|
|
@@ -621,7 +607,7 @@ export class PageService extends DosGatoService {
|
|
|
621
607
|
let page = await this.raw.findById(dataId);
|
|
622
608
|
if (!page)
|
|
623
609
|
throw new Error('Cannot update a page that does not exist.');
|
|
624
|
-
if (!
|
|
610
|
+
if (!this.mayUpdate(page))
|
|
625
611
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
626
612
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
627
613
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -656,7 +642,7 @@ export class PageService extends DosGatoService {
|
|
|
656
642
|
let page = await this.raw.findById(dataId);
|
|
657
643
|
if (!page)
|
|
658
644
|
throw new Error('Cannot update a page that does not exist.');
|
|
659
|
-
if (!
|
|
645
|
+
if (!this.mayUpdate(page))
|
|
660
646
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
661
647
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
662
648
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -693,7 +679,7 @@ export class PageService extends DosGatoService {
|
|
|
693
679
|
let page = await this.raw.findById(dataId);
|
|
694
680
|
if (!page)
|
|
695
681
|
throw new Error('Cannot update a page that does not exist.');
|
|
696
|
-
if (!
|
|
682
|
+
if (!this.mayUpdate(page))
|
|
697
683
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
698
684
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
699
685
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -778,7 +764,7 @@ export class PageService extends DosGatoService {
|
|
|
778
764
|
let page = await this.raw.findById(dataId);
|
|
779
765
|
if (!page)
|
|
780
766
|
throw new Error('Cannot update a page that does not exist.');
|
|
781
|
-
if (!
|
|
767
|
+
if (!this.mayUpdate(page))
|
|
782
768
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
783
769
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
784
770
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -864,7 +850,7 @@ export class PageService extends DosGatoService {
|
|
|
864
850
|
let page = await this.raw.findById(dataId);
|
|
865
851
|
if (!page)
|
|
866
852
|
throw new Error('Cannot update a page that does not exist.');
|
|
867
|
-
if (!
|
|
853
|
+
if (!this.mayUpdate(page))
|
|
868
854
|
throw new Error(`Current user is not permitted to update page ${String(page.name)}`);
|
|
869
855
|
await this.checkLatestVersion(dataId, dataVersion);
|
|
870
856
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
@@ -896,7 +882,7 @@ export class PageService extends DosGatoService {
|
|
|
896
882
|
let page = await this.raw.findById(dataId);
|
|
897
883
|
if (!page)
|
|
898
884
|
throw new Error('Cannot update a page that does not exist.');
|
|
899
|
-
if (this.opRestricted(page, 'changetemplate') || !
|
|
885
|
+
if (this.opRestricted(page, 'changetemplate') || !this.mayUpdate(page))
|
|
900
886
|
throw new Error("You are not permitted to change this page's template.");
|
|
901
887
|
const pageData = await this.raw.getData(page, dataVersion);
|
|
902
888
|
const extras = await this.raw.pageExtras(page);
|
|
@@ -924,7 +910,7 @@ export class PageService extends DosGatoService {
|
|
|
924
910
|
const page = await this.raw.findById(dataId);
|
|
925
911
|
if (!page)
|
|
926
912
|
throw new Error('Cannot rename a page that does not exist.');
|
|
927
|
-
if (this.opRestricted(page, 'rename') || !
|
|
913
|
+
if (this.opRestricted(page, 'rename') || !this.mayMove(page))
|
|
928
914
|
throw new Error('You are not permitted to rename this page.');
|
|
929
915
|
const response = new PageResponse({ success: true });
|
|
930
916
|
if (isNotNull(page.parentInternalId)) {
|
|
@@ -950,12 +936,11 @@ export class PageService extends DosGatoService {
|
|
|
950
936
|
}
|
|
951
937
|
async deletePages(dataIds) {
|
|
952
938
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull);
|
|
953
|
-
if (
|
|
939
|
+
if (pages.some(page => !this.mayDelete(page))) {
|
|
954
940
|
throw new Error('Current user is not permitted to delete one or more pages');
|
|
955
941
|
}
|
|
956
|
-
const currentUser = await this.currentUser();
|
|
957
942
|
try {
|
|
958
|
-
await deletePages(this.svc(VersionedService), pages,
|
|
943
|
+
await deletePages(this.svc(VersionedService), pages, this.ctx.authInfo.user.internalId);
|
|
959
944
|
this.loaders.clear();
|
|
960
945
|
const updated = await this.raw.findByIds(dataIds);
|
|
961
946
|
return new PagesResponse({ success: true, pages: updated });
|
|
@@ -967,11 +952,10 @@ export class PageService extends DosGatoService {
|
|
|
967
952
|
}
|
|
968
953
|
async publishPageDeletions(dataIds) {
|
|
969
954
|
const pages = (await Promise.all(dataIds.map(async (id) => await this.raw.findById(id)))).filter(isNotNull).filter(p => p.deleteState !== DeleteState.NOTDELETED);
|
|
970
|
-
if (
|
|
971
|
-
throw new Error('
|
|
955
|
+
if (pages.some(page => !this.mayDelete(page))) {
|
|
956
|
+
throw new Error('You are not permitted to delete one or more of the selected pages.');
|
|
972
957
|
}
|
|
973
|
-
|
|
974
|
-
await publishPageDeletions(pages, currentUser.internalId);
|
|
958
|
+
await publishPageDeletions(pages, this.ctx.authInfo.user.internalId);
|
|
975
959
|
this.loaders.clear();
|
|
976
960
|
const updated = await this.raw.findByIds(pages.map(p => p.id));
|
|
977
961
|
return new PagesResponse({ success: true, pages: updated });
|
|
@@ -982,8 +966,8 @@ export class PageService extends DosGatoService {
|
|
|
982
966
|
const children = (await Promise.all(pages.map(async (page) => await this.getPageChildren(page, true)))).flat();
|
|
983
967
|
pages = [...pages, ...children];
|
|
984
968
|
}
|
|
985
|
-
if (
|
|
986
|
-
throw new Error('
|
|
969
|
+
if (pages.some(page => !this.mayUndelete(page))) {
|
|
970
|
+
throw new Error('You are not permitted to restore one or more of the selected pages.');
|
|
987
971
|
}
|
|
988
972
|
await undeletePages(pages);
|
|
989
973
|
this.loaders.clear();
|