feat(server): doc level permission (#9760)

close CLOUD-89 CLOUD-90 CLOUD-91 CLOUD-92
This commit is contained in:
Brooooooklyn
2025-02-05 07:06:57 +00:00
parent 64de83b13d
commit abeff8bb1a
36 changed files with 2257 additions and 324 deletions
@@ -335,6 +335,7 @@ export class CopilotResolver {
await this.permissions.checkCloudPagePermission(
workspaceId,
docId,
'Doc_Read',
user.id
);
} else {
@@ -368,6 +369,7 @@ export class CopilotResolver {
await this.permissions.checkCloudPagePermission(
options.workspaceId,
options.docId,
'Doc_Read',
user.id
);
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${options.workspaceId}`;
@@ -401,6 +403,7 @@ export class CopilotResolver {
await this.permissions.checkCloudPagePermission(
workspaceId,
docId,
'Doc_Update',
user.id
);
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${workspaceId}`;
@@ -428,6 +431,7 @@ export class CopilotResolver {
await this.permissions.checkCloudPagePermission(
options.workspaceId,
options.docId,
'Doc_Copy',
user.id
);
const lockFlag = `${COPILOT_LOCKER}:session:${user.id}:${options.workspaceId}`;
@@ -456,6 +460,7 @@ export class CopilotResolver {
await this.permissions.checkCloudPagePermission(
options.workspaceId,
options.docId,
'Doc_Delete',
user.id
);
if (!options.sessionIds.length) {
@@ -11,7 +11,7 @@ import {
import { ActionForbidden, Config } from '../../base';
import { CurrentUser } from '../../core/auth';
import { Permission, PermissionService } from '../../core/permission';
import { PermissionService, WorkspaceRole } from '../../core/permission';
import { WorkspaceType } from '../../core/workspaces';
import { SubscriptionRecurring } from '../payment/types';
import { LicenseService } from './service';
@@ -61,7 +61,7 @@ export class LicenseResolver {
await this.permission.checkWorkspaceIs(
workspace.id,
user.id,
Permission.Owner
WorkspaceRole.Owner
);
return this.service.getLicense(workspace.id);
@@ -80,7 +80,7 @@ export class LicenseResolver {
await this.permission.checkWorkspaceIs(
workspaceId,
user.id,
Permission.Owner
WorkspaceRole.Owner
);
return this.service.activateTeamLicense(workspaceId, license);
@@ -98,7 +98,7 @@ export class LicenseResolver {
await this.permission.checkWorkspaceIs(
workspaceId,
user.id,
Permission.Owner
WorkspaceRole.Owner
);
return this.service.deactivateTeamLicense(workspaceId);
@@ -116,7 +116,7 @@ export class LicenseResolver {
await this.permission.checkWorkspaceIs(
workspaceId,
user.id,
Permission.Owner
WorkspaceRole.Owner
);
const { url } = await this.service.createCustomerPortal(workspaceId);
@@ -27,7 +27,7 @@ import {
WorkspaceIdRequiredToUpdateTeamSubscription,
} from '../../base';
import { CurrentUser, Public } from '../../core/auth';
import { Permission, PermissionService } from '../../core/permission';
import { PermissionService, WorkspaceRole } from '../../core/permission';
import { UserType } from '../../core/user';
import { WorkspaceType } from '../../core/workspaces';
import { Invoice, Subscription, WorkspaceSubscriptionManager } from './manager';
@@ -541,7 +541,11 @@ export class WorkspaceSubscriptionResolver {
@CurrentUser() me: CurrentUser,
@Parent() workspace: WorkspaceType
) {
await this.permission.checkWorkspace(workspace.id, me.id, Permission.Owner);
await this.permission.checkWorkspace(
workspace.id,
me.id,
WorkspaceRole.Owner
);
return this.db.invoice.count({
where: {
targetId: workspace.id,
@@ -557,7 +561,11 @@ export class WorkspaceSubscriptionResolver {
take: number,
@Args('skip', { type: () => Int, nullable: true }) skip?: number
) {
await this.permission.checkWorkspace(workspace.id, me.id, Permission.Owner);
await this.permission.checkWorkspace(
workspace.id,
me.id,
WorkspaceRole.Owner
);
return this.db.invoice.findMany({
where: {