domma-cms 0.17.0 → 0.21.0

package/server/services/userRoles.js

@@ -0,0 +1,86 @@
+/**
+ * User Roles — multi-role support helpers.
+ *
+ * A user has ONE primary role (`user.role`) and an optional array of
+ * additional roles (`user.additionalRoles`). Permission, visibility, and
+ * row-access checks consult ALL of them and grant access if any one role
+ * satisfies — "any path wins" semantics that matches how most apps actually
+ * model multi-membership (you can be both a candidate AND a recruiter).
+ *
+ * Hierarchical-level comparisons (`canManageUser`, `requireAdmin`, the
+ * level-clamp in `checkSingleVisibility`) use `getEffectiveLevel` which
+ * returns the LOWEST level number across all the user's roles — i.e. the
+ * highest privilege the user has access to. This is what makes "additional
+ * admin" meaningfully grant admin-tier access without rewriting the level
+ * arithmetic everywhere.
+ *
+ * Backward compatibility: users with no `additionalRoles` field behave
+ * exactly as before — `getEffectiveRoles` returns `[user.role]`, `getEffectiveLevel`
+ * returns `getRoleLevel(user.role)`. Existing callers that read `user.role`
+ * directly continue to work; the new helpers are opt-in for callers that
+ * want the union semantics.
+ */
+import {getRoleLevel} from './roles.js';
+
+/**
+ * Return all roles a user holds, primary first, deduplicated. Empty array
+ * if the user is null/has no role at all.
+ *
+ * @param {object|null} user
+ * @returns {string[]}
+ */
+export function getEffectiveRoles(user) {
+    if (!user || !user.role) return [];
+    const additional = Array.isArray(user.additionalRoles) ? user.additionalRoles : [];
+    const out = [user.role];
+    for (const r of additional) {
+        if (r && r !== user.role && !out.includes(r)) out.push(r);
+    }
+    return out;
+}
+
+/**
+ * Return the effective role level for a user — the LOWEST level number
+ * across all roles. Lower number = higher privilege, so the user's most
+ * privileged role wins all hierarchical checks.
+ *
+ * Returns `Infinity` for users with no roles (denies all level-gated checks).
+ *
+ * @param {object|null} user
+ * @returns {number}
+ */
+export function getEffectiveLevel(user) {
+    const roles = getEffectiveRoles(user);
+    if (!roles.length) return Infinity;
+    return Math.min(...roles.map(r => getRoleLevel(r)));
+}
+
+/**
+ * Check whether a user holds a specific role (primary or additional).
+ * Exact-name match — does NOT walk the hierarchy. For hierarchical "user
+ * is at least this level" checks use `getEffectiveLevel` against the target
+ * role's level instead.
+ *
+ * @param {object|null} user
+ * @param {string} role
+ * @returns {boolean}
+ */
+export function userHasRole(user, role) {
+    if (!user || !role) return false;
+    return getEffectiveRoles(user).includes(role);
+}
+
+/**
+ * Check whether a user holds ANY of the given roles. Convenience helper
+ * for "anyone in this set can do X" patterns — equivalent to OR-ing
+ * `userHasRole` over the list.
+ *
+ * @param {object|null} user
+ * @param {string[]}   roles
+ * @returns {boolean}
+ */
+export function userHasAnyRole(user, roles) {
+    if (!user || !Array.isArray(roles) || !roles.length) return false;
+    const userRoles = new Set(getEffectiveRoles(user));
+    return roles.some(r => userRoles.has(r));
+}

package/server/services/users.js

@@ -9,6 +9,7 @@ import bcrypt from 'bcryptjs';
 import {v4 as uuidv4} from 'uuid';
 import {config} from '../config.js';
 import {deleteProfile, ensureProfile} from './userProfiles.js';
+import * as cache from './cache/index.js';
 
 const USERS_DIR = path.resolve(config.content.usersDir);
 
@@ -122,7 +123,7 @@ export async function getUserByEmail(email) {
  * @param {object} data - { name, email, password, role }
  * @returns {Promise<object>} Created user (password stripped)
  */
-export async function createUser({ name, email, password, role = 'user' }) {
+export async function createUser({ name, email, password, role = 'user', additionalRoles = [], meta, projects }) {
     const existing = await getUserByEmail(email);
     if (existing) throw new Error('A user with that email already exists');
 
@@ -134,10 +135,19 @@ export async function createUser({ name, email, password, role = 'user' }) {
         name: name.trim(),
         password: hash,
         role,
+        // Additional roles beyond the primary — permission/visibility checks
+        // grant access if ANY role satisfies. The primary `role` is what
+        // appears in UI badges and is used for hierarchical level comparisons
+        // when a single value is needed.
+        additionalRoles: Array.isArray(additionalRoles) ? additionalRoles.filter(r => r && r !== role) : [],
+        // Project access-scope: when non-empty, the user is restricted to artefacts
+        // tagged with one of these project slugs (see canSeeArtefact in projects.js).
+        projects: Array.isArray(projects) ? projects.filter(Boolean) : [],
         isActive: true,
         createdAt: now,
         updatedAt: now,
-        lastLogin: null
+        lastLogin: null,
+        ...(meta != null && {meta})
     };
 
     await writeUserFile(user);
@@ -169,6 +179,17 @@ export async function updateUser(id, updates) {
     };
 
     await writeUserFile(updated);
+
+    // Invalidate per-user cache when the project access-scope changes — downstream
+    // request handlers cache scope-filtered responses keyed by `user:<id>`.
+    if (updates.projects !== undefined) {
+        const before = JSON.stringify(user.projects || []);
+        const after  = JSON.stringify(updated.projects || []);
+        if (before !== after) {
+            await cache.invalidateTags([`user:${id}`]);
+        }
+    }
+
     return stripPassword(updated);
 }
 

package/server/services/views.js

@@ -14,6 +14,7 @@
  */
 import {v4 as uuidv4} from 'uuid';
 import {buildRowLevelMatch} from './rowAccess.js';
+import * as cache from './cache/index.js';
 
 /** MongoDB collection where view configs are stored. */
 const VIEWS_COLLECTION = 'cms__views';
@@ -136,7 +137,7 @@ export async function getView(slug) {
  */
 export async function createView(data, userId = null) {
     const db = await getMetaDb();
-    const { title, description = '', connection = 'default', pipeline, display, access } = data;
+    const { title, description = '', connection = 'default', pipeline, display, access, meta: inputMeta } = data;
 
     if (!title) throw new Error('title is required');
     if (!pipeline?.source) throw new Error('pipeline.source is required');
@@ -169,10 +170,16 @@ export async function createView(data, userId = null) {
             public: access?.public || false,
             rowLevel: access?.rowLevel || null
         },
-        meta: { createdAt: now, updatedAt: now, createdBy: userId }
+        meta: {
+            createdAt: now,
+            updatedAt: now,
+            createdBy: userId,
+            ...(inputMeta?.project != null && {project: inputMeta.project})
+        }
     };
 
     await db.collection(VIEWS_COLLECTION).insertOne({ ...view });
+    await cache.invalidateTags([`view:${slug}`]);
     return view;
 }
 
@@ -192,7 +199,7 @@ export async function updateView(slug, data) {
     const stages = data.pipeline?.stages ?? existing.pipeline?.stages ?? [];
     validateStages(stages);
 
-    const { _id, id, meta, ...rest } = data;
+    const { _id, id, meta: inputMeta, ...rest } = data;
     const updated = {
         ...existing,
         ...rest,
@@ -202,10 +209,17 @@ export async function updateView(slug, data) {
             ...data.pipeline,
             stages
         },
-        meta: { ...existing.meta, updatedAt: new Date().toISOString() }
+        meta: {
+            ...existing.meta,
+            ...(inputMeta && typeof inputMeta === 'object'
+                ? ('project' in inputMeta ? {project: inputMeta.project} : {})
+                : {}),
+            updatedAt: new Date().toISOString()
+        }
     };
 
     await db.collection(VIEWS_COLLECTION).replaceOne({ slug }, { ...updated });
+    await cache.invalidateTags([`view:${slug}`]);
     const { _id: _stripped, ...result } = updated;
     return result;
 }
@@ -221,6 +235,7 @@ export async function deleteView(slug) {
     const db = await getMetaDb();
     const result = await db.collection(VIEWS_COLLECTION).deleteOne({ slug });
     if (result.deletedCount === 0) throw new Error(`View "${slug}" not found`);
+    await cache.invalidateTags([`view:${slug}`]);
 }
 
 // ---------------------------------------------------------------------------

package/server/templates/page.html

@@ -1,130 +1,135 @@
-<!DOCTYPE html>
-<html lang="en-GB">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>{{seoTitle}}</title>
-    <meta name="description" content="{{seoDescription}}">
-    {{#if ogImage}}<meta property="og:image" content="{{ogImage}}">{{/if}}
-
-    <!-- Fonts -->
-  {{#if fontLink}}{{fontLink}}{{/if}}
-
-    <!-- DommaJS CSS -->
-    <link rel="stylesheet" href="/dist/domma/domma.css">
-    <link rel="stylesheet" href="/dist/domma/grid.css">
-    <link rel="stylesheet" href="/dist/domma/elements.css">
-    <link rel="stylesheet" href="/dist/domma/themes/domma-themes.css">
-
-    <!-- Site CSS -->
-    <link rel="stylesheet" href="/public/css/site.css">
-    <link rel="stylesheet" href="/public/css/forms.css">
-
-  <!-- Font overrides -->
-  {{fontStyleTag}}
-
-    <!-- Plugin head injection -->
-    {{headInject}}
-
-  <!-- Late head injection — custom CSS always loads last so it can override everything -->
-  {{headInjectLate}}
-</head>
-<body class="dm-cloaked dm-theme-{{theme}} {{layoutBodyClass}}" data-layout="{{layout}}">
-
-    {{#if showNavbar}}
-    <nav id="site-navbar"></nav>
-    {{/if}}
-
-    <main class="site-main {{#if showSidebar}}with-sidebar{{/if}}">
-        {{#if showSidebar}}
-        <aside id="site-sidebar" class="site-sidebar"></aside>
-        {{/if}}
-
-        <article class="site-content">
-            <div class="container">
-                {{breadcrumbsHtml}}
-                <div class="page-body"{{#if pageBodyStyle}} style="{{pageBodyStyle}}"{{/if}}>
-                    {{html}}
-                </div>
-            </div>
-        </article>
-    </main>
-
-    {{#if showFooter}}
-    <footer id="site-footer" class="page-footer"></footer>
-    {{/if}}
-
-    <!-- DOMPurify - must load before DommaJS -->
-    <script src="https://cdn.jsdelivr.net/npm/dompurify@3/dist/purify.min.js"></script>
-
-    <!-- DommaJS -->
-    <script src="/dist/domma/domma.min.js"></script>
-
-    <!-- Initialise DommaJS before module loads -->
-    <script>
-      (function () {
-        var _stored;
-        try {
-          _stored = JSON.parse(localStorage.getItem('domma:reduced_motion'));
-        } catch (e) {
-        }
-        if (_stored === true) {
-          document.documentElement.classList.add('dm-reduced-motion');
-        }
-        // Override window.matchMedia so Domma JS effects (scribe, breathe, etc.)
-        // respect the stored preference. When explicitly set to false the user is
-        // overriding the OS "reduce" preference to allow motion on this site.
-        if (_stored !== null && _stored !== undefined && window.matchMedia) {
-          var _orig = window.matchMedia.bind(window);
-          window.matchMedia = function (q) {
-            if (q === '(prefers-reduced-motion: reduce)') {
-              return {
-                matches: !!_stored, media: q, onchange: null,
-                addListener: function () {
-                }, removeListener: function () {
-                },
-                addEventListener: function () {
-                }, removeEventListener: function () {
-                },
-                dispatchEvent: function () {
-                  return false;
-                }
-              };
-            }
-            return _orig(q);
-          };
-        }
-      }());
-        if (window.Domma && typeof window.Domma.init === 'function') {
-            window.Domma.init();
-        }
-        if (window.Domma && window.Domma.theme) {
-            window.Domma.theme.init({ theme: '{{theme}}', persist: false });
-        }
-        window.__CMS_NAV__ = {{navJson}};
-        window.__CMS_SITE__ = {{siteJson}};
-      (function () {
-          var c = window.__CMS_SITE__ && window.__CMS_SITE__.autoTheme;
-          if (!c || !c.enabled) return;
-          var n = new Date(), m = n.getHours() * 60 + n.getMinutes(), ds = (c.dayStart || "07:00").split(":"),
-              ns = (c.nightStart || "19:00").split(":"), d = +ds[0] * 60 + (+ds[1] || 0),
-              e = +ns[0] * 60 + (+ns[1] || 0), t = (m >= d && m < e) ? c.dayTheme : c.nightTheme;
-          if (window.Domma && window.Domma.theme) window.Domma.theme.set(t);
-      }());
-      {{dconfigScript}}
-    </script>
-
-    <!-- Site initialisation -->
-    <script src="/public/js/site.js" type="module"></script>
-
-    <!-- Core Forms (logic engine must load before renderer) -->
-    <script src="/public/js/form-logic-engine.js"></script>
-    <script src="/public/js/forms.js" type="module"></script>
-
-    <!-- Core effects runtime -->
-    <script src="/public/js/effects.js"></script>
-
-    <!-- Plugin body-end injection -->
-    {{bodyEndInject}}
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en-GB">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{seoTitle}}</title>
+    <meta name="description" content="{{seoDescription}}">
+    {{seoTags}}
+
+    <!-- Fonts -->
+  {{#if fontLink}}{{fontLink}}{{/if}}
+
+    <!-- DommaJS CSS -->
+    <link rel="stylesheet" href="/dist/domma/domma.css">
+    <link rel="stylesheet" href="/dist/domma/grid.css">
+    <link rel="stylesheet" href="/dist/domma/elements.css">
+    <link rel="stylesheet" href="/dist/domma/themes/domma-themes.css">
+
+    <!-- Site CSS -->
+    <link rel="stylesheet" href="/public/css/site.css">
+    <link rel="stylesheet" href="/public/css/forms.css">
+
+  <!-- Font overrides -->
+  {{fontStyleTag}}
+
+    <!-- Plugin head injection -->
+    {{headInject}}
+
+  <!-- Late head injection — custom CSS always loads last so it can override everything -->
+  {{headInjectLate}}
+</head>
+<body class="dm-cloaked dm-theme-{{theme}} {{layoutBodyClass}}" data-layout="{{layout}}">
+
+    {{#if showNavbar}}
+    <nav id="site-navbar"></nav>
+    {{/if}}
+
+    <main class="site-main {{#if showSidebar}}with-sidebar{{/if}}">
+        {{#if showSidebar}}
+        <aside id="site-sidebar" class="site-sidebar"></aside>
+        {{/if}}
+
+        <article class="site-content">
+            <div class="container">
+                {{breadcrumbsHtml}}
+                <div class="page-body"{{#if pageBodyStyle}} style="{{pageBodyStyle}}"{{/if}}>
+                    {{html}}
+                </div>
+            </div>
+        </article>
+    </main>
+
+    {{#if showFooter}}
+    <footer id="site-footer" class="page-footer"></footer>
+    {{/if}}
+
+    <!-- DOMPurify - must load before DommaJS -->
+    <script src="https://cdn.jsdelivr.net/npm/dompurify@3/dist/purify.min.js"></script>
+
+    <!-- DommaJS -->
+    <script src="/dist/domma/domma.min.js"></script>
+
+    <!-- Initialise DommaJS before module loads -->
+    <script>
+      (function () {
+        var _stored;
+        try {
+          _stored = JSON.parse(localStorage.getItem('domma:reduced_motion'));
+        } catch (e) {
+        }
+        if (_stored === true) {
+          document.documentElement.classList.add('dm-reduced-motion');
+        }
+        // Override window.matchMedia so Domma JS effects (scribe, breathe, etc.)
+        // respect the stored preference. When explicitly set to false the user is
+        // overriding the OS "reduce" preference to allow motion on this site.
+        if (_stored !== null && _stored !== undefined && window.matchMedia) {
+          var _orig = window.matchMedia.bind(window);
+          window.matchMedia = function (q) {
+            if (q === '(prefers-reduced-motion: reduce)') {
+              return {
+                matches: !!_stored, media: q, onchange: null,
+                addListener: function () {
+                }, removeListener: function () {
+                },
+                addEventListener: function () {
+                }, removeEventListener: function () {
+                },
+                dispatchEvent: function () {
+                  return false;
+                }
+              };
+            }
+            return _orig(q);
+          };
+        }
+      }());
+        if (window.Domma && typeof window.Domma.init === 'function') {
+            window.Domma.init();
+        }
+        if (window.Domma && window.Domma.theme) {
+            window.Domma.theme.init({ theme: '{{theme}}', persist: false });
+        }
+        window.__CMS_NAV__ = {{navJson}};
+        window.__CMS_SITE__ = {{siteJson}};
+        {{footerScript}}
+      (function () {
+          var c = window.__CMS_SITE__ && window.__CMS_SITE__.autoTheme;
+          if (!c || !c.enabled) return;
+          var n = new Date(), m = n.getHours() * 60 + n.getMinutes(), ds = (c.dayStart || "07:00").split(":"),
+              ns = (c.nightStart || "19:00").split(":"), d = +ds[0] * 60 + (+ds[1] || 0),
+              e = +ns[0] * 60 + (+ns[1] || 0), t = (m >= d && m < e) ? c.dayTheme : c.nightTheme;
+          if (window.Domma && window.Domma.theme) window.Domma.theme.set(t);
+      }());
+      {{dconfigScript}}
+    </script>
+
+    <!-- Site initialisation -->
+    <script src="/public/js/site.js?v=20260524-formerror" type="module"></script>
+
+    <!-- Interactive Collection Browser (used by [collection] shortcodes with
+         searchable / filterable / sortable / paginate attributes) -->
+    <script src="/public/js/collection-browser.js?v=20260523-browser"></script>
+
+    <!-- Core Forms (logic engine must load before renderer) -->
+    <script src="/public/js/form-logic-engine.js?v=20260509-chooser"></script>
+    <script src="/public/js/forms.js?v=20260509-chooser" type="module"></script>
+
+    <!-- Core effects runtime -->
+    <script src="/public/js/effects.js"></script>
+
+    <!-- Plugin body-end injection -->
+    {{bodyEndInject}}
+</body>
+</html>