domma-cms 0.18.0 → 0.21.0

package/server/services/userRoles.js

@@ -0,0 +1,86 @@
+/**
+ * User Roles — multi-role support helpers.
+ *
+ * A user has ONE primary role (`user.role`) and an optional array of
+ * additional roles (`user.additionalRoles`). Permission, visibility, and
+ * row-access checks consult ALL of them and grant access if any one role
+ * satisfies — "any path wins" semantics that matches how most apps actually
+ * model multi-membership (you can be both a candidate AND a recruiter).
+ *
+ * Hierarchical-level comparisons (`canManageUser`, `requireAdmin`, the
+ * level-clamp in `checkSingleVisibility`) use `getEffectiveLevel` which
+ * returns the LOWEST level number across all the user's roles — i.e. the
+ * highest privilege the user has access to. This is what makes "additional
+ * admin" meaningfully grant admin-tier access without rewriting the level
+ * arithmetic everywhere.
+ *
+ * Backward compatibility: users with no `additionalRoles` field behave
+ * exactly as before — `getEffectiveRoles` returns `[user.role]`, `getEffectiveLevel`
+ * returns `getRoleLevel(user.role)`. Existing callers that read `user.role`
+ * directly continue to work; the new helpers are opt-in for callers that
+ * want the union semantics.
+ */
+import {getRoleLevel} from './roles.js';
+
+/**
+ * Return all roles a user holds, primary first, deduplicated. Empty array
+ * if the user is null/has no role at all.
+ *
+ * @param {object|null} user
+ * @returns {string[]}
+ */
+export function getEffectiveRoles(user) {
+    if (!user || !user.role) return [];
+    const additional = Array.isArray(user.additionalRoles) ? user.additionalRoles : [];
+    const out = [user.role];
+    for (const r of additional) {
+        if (r && r !== user.role && !out.includes(r)) out.push(r);
+    }
+    return out;
+}
+
+/**
+ * Return the effective role level for a user — the LOWEST level number
+ * across all roles. Lower number = higher privilege, so the user's most
+ * privileged role wins all hierarchical checks.
+ *
+ * Returns `Infinity` for users with no roles (denies all level-gated checks).
+ *
+ * @param {object|null} user
+ * @returns {number}
+ */
+export function getEffectiveLevel(user) {
+    const roles = getEffectiveRoles(user);
+    if (!roles.length) return Infinity;
+    return Math.min(...roles.map(r => getRoleLevel(r)));
+}
+
+/**
+ * Check whether a user holds a specific role (primary or additional).
+ * Exact-name match — does NOT walk the hierarchy. For hierarchical "user
+ * is at least this level" checks use `getEffectiveLevel` against the target
+ * role's level instead.
+ *
+ * @param {object|null} user
+ * @param {string} role
+ * @returns {boolean}
+ */
+export function userHasRole(user, role) {
+    if (!user || !role) return false;
+    return getEffectiveRoles(user).includes(role);
+}
+
+/**
+ * Check whether a user holds ANY of the given roles. Convenience helper
+ * for "anyone in this set can do X" patterns — equivalent to OR-ing
+ * `userHasRole` over the list.
+ *
+ * @param {object|null} user
+ * @param {string[]}   roles
+ * @returns {boolean}
+ */
+export function userHasAnyRole(user, roles) {
+    if (!user || !Array.isArray(roles) || !roles.length) return false;
+    const userRoles = new Set(getEffectiveRoles(user));
+    return roles.some(r => userRoles.has(r));
+}

package/server/services/users.js

@@ -9,6 +9,7 @@ import bcrypt from 'bcryptjs';
 import {v4 as uuidv4} from 'uuid';
 import {config} from '../config.js';
 import {deleteProfile, ensureProfile} from './userProfiles.js';
+import * as cache from './cache/index.js';
 
 const USERS_DIR = path.resolve(config.content.usersDir);
 
@@ -122,7 +123,7 @@ export async function getUserByEmail(email) {
  * @param {object} data - { name, email, password, role }
  * @returns {Promise<object>} Created user (password stripped)
  */
-export async function createUser({ name, email, password, role = 'user' }) {
+export async function createUser({ name, email, password, role = 'user', additionalRoles = [], meta, projects }) {
     const existing = await getUserByEmail(email);
     if (existing) throw new Error('A user with that email already exists');
 
@@ -134,10 +135,19 @@ export async function createUser({ name, email, password, role = 'user' }) {
         name: name.trim(),
         password: hash,
         role,
+        // Additional roles beyond the primary — permission/visibility checks
+        // grant access if ANY role satisfies. The primary `role` is what
+        // appears in UI badges and is used for hierarchical level comparisons
+        // when a single value is needed.
+        additionalRoles: Array.isArray(additionalRoles) ? additionalRoles.filter(r => r && r !== role) : [],
+        // Project access-scope: when non-empty, the user is restricted to artefacts
+        // tagged with one of these project slugs (see canSeeArtefact in projects.js).
+        projects: Array.isArray(projects) ? projects.filter(Boolean) : [],
         isActive: true,
         createdAt: now,
         updatedAt: now,
-        lastLogin: null
+        lastLogin: null,
+        ...(meta != null && {meta})
     };
 
     await writeUserFile(user);
@@ -169,6 +179,17 @@ export async function updateUser(id, updates) {
     };
 
     await writeUserFile(updated);
+
+    // Invalidate per-user cache when the project access-scope changes — downstream
+    // request handlers cache scope-filtered responses keyed by `user:<id>`.
+    if (updates.projects !== undefined) {
+        const before = JSON.stringify(user.projects || []);
+        const after  = JSON.stringify(updated.projects || []);
+        if (before !== after) {
+            await cache.invalidateTags([`user:${id}`]);
+        }
+    }
+
     return stripPassword(updated);
 }
 

package/server/services/views.js

@@ -137,7 +137,7 @@ export async function getView(slug) {
  */
 export async function createView(data, userId = null) {
     const db = await getMetaDb();
-    const { title, description = '', connection = 'default', pipeline, display, access } = data;
+    const { title, description = '', connection = 'default', pipeline, display, access, meta: inputMeta } = data;
 
     if (!title) throw new Error('title is required');
     if (!pipeline?.source) throw new Error('pipeline.source is required');
@@ -170,7 +170,12 @@ export async function createView(data, userId = null) {
             public: access?.public || false,
             rowLevel: access?.rowLevel || null
         },
-        meta: { createdAt: now, updatedAt: now, createdBy: userId }
+        meta: {
+            createdAt: now,
+            updatedAt: now,
+            createdBy: userId,
+            ...(inputMeta?.project != null && {project: inputMeta.project})
+        }
     };
 
     await db.collection(VIEWS_COLLECTION).insertOne({ ...view });
@@ -194,7 +199,7 @@ export async function updateView(slug, data) {
     const stages = data.pipeline?.stages ?? existing.pipeline?.stages ?? [];
     validateStages(stages);
 
-    const { _id, id, meta, ...rest } = data;
+    const { _id, id, meta: inputMeta, ...rest } = data;
     const updated = {
         ...existing,
         ...rest,
@@ -204,7 +209,13 @@ export async function updateView(slug, data) {
             ...data.pipeline,
             stages
         },
-        meta: { ...existing.meta, updatedAt: new Date().toISOString() }
+        meta: {
+            ...existing.meta,
+            ...(inputMeta && typeof inputMeta === 'object'
+                ? ('project' in inputMeta ? {project: inputMeta.project} : {})
+                : {}),
+            updatedAt: new Date().toISOString()
+        }
     };
 
     await db.collection(VIEWS_COLLECTION).replaceOne({ slug }, { ...updated });

package/server/templates/page.html

@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>{{seoTitle}}</title>
     <meta name="description" content="{{seoDescription}}">
-    {{#if ogImage}}<meta property="og:image" content="{{ogImage}}">{{/if}}
+    {{seoTags}}
 
     <!-- Fonts -->
   {{#if fontLink}}{{fontLink}}{{/if}}
@@ -103,6 +103,7 @@
         }
         window.__CMS_NAV__ = {{navJson}};
         window.__CMS_SITE__ = {{siteJson}};
+        {{footerScript}}
       (function () {
           var c = window.__CMS_SITE__ && window.__CMS_SITE__.autoTheme;
           if (!c || !c.enabled) return;
@@ -115,7 +116,11 @@
     </script>
 
     <!-- Site initialisation -->
-    <script src="/public/js/site.js?v=20260509-chooser" type="module"></script>
+    <script src="/public/js/site.js?v=20260524-formerror" type="module"></script>
+
+    <!-- Interactive Collection Browser (used by [collection] shortcodes with
+         searchable / filterable / sortable / paginate attributes) -->
+    <script src="/public/js/collection-browser.js?v=20260523-browser"></script>
 
     <!-- Core Forms (logic engine must load before renderer) -->
     <script src="/public/js/form-logic-engine.js?v=20260509-chooser"></script>