GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Normalize Collection.findByPk (#9193)

Browse Source
This commit is contained in:
Tom Moor
2025-05-14 00:05:45 -04:00
committed by GitHub
parent 8a9a8cf751
commit 08b7c11461
18 changed files with 249 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/slack/server/auth/slack.ts
+3 -3
View File
@@ -156,9 +156,9 @@ if (env.SLACK_CLIENT_ID && env.SLACK_CLIENT_SECRET) {
switch (type) {
case IntegrationType.Post: {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "read", collection);
authorize(user, "update", user.team);
server/commands/documentLoader.ts
+8 -12
View File
@@ -116,12 +116,10 @@ export default async function loadDocument({
if (canReadDocument) {
if (document.collectionId) {
collection = await Collection.scope("withDocumentStructure").findByPk(
document.collectionId,
{
rejectOnEmpty: true,
}
);
collection = await Collection.findByPk(document.collectionId, {
includeDocumentStructure: true,
rejectOnEmpty: true,
});
}
return {
@@ -140,12 +138,10 @@ export default async function loadDocument({
// It is possible to disable sharing at the collection so we must check
if (document.collectionId) {
collection = await Collection.scope("withDocumentStructure").findByPk(
document.collectionId,
{
rejectOnEmpty: true,
}
);
collection = await Collection.findByPk(document.collectionId, {
includeDocumentStructure: true,
rejectOnEmpty: true,
});
}
if (!collection?.sharing) {
server/commands/documentMover.ts
+12 -17
View File
@@ -65,21 +65,18 @@ async function documentMover({
result.documents.push(document);
} else {
// Load the current and the next collection upfront and lock them
const collection = await Collection.scope("withDocumentStructure").findByPk(
document.collectionId!,
{
transaction,
lock: Transaction.LOCK.UPDATE,
paranoid: false,
}
);
const collection = await Collection.findByPk(document.collectionId!, {
includeDocumentStructure: true,
transaction,
lock: Transaction.LOCK.UPDATE,
paranoid: false,
});
let newCollection = collection;
if (collectionChanged) {
if (collectionId) {
newCollection = await Collection.scope(
"withDocumentStructure"
).findByPk(collectionId, {
newCollection = await Collection.findByPk(collectionId, {
includeDocumentStructure: true,
transaction,
lock: Transaction.LOCK.UPDATE,
});
@@ -148,13 +145,11 @@ async function documentMover({
if (collectionId) {
// Reload the collection to get relationship data
newCollection = await Collection.scope([
{
method: ["withMembership", user.id],
},
]).findByPk(collectionId, {
transaction,
newCollection = await Collection.findByPk(collectionId, {
userId: user.id,
includeDocumentStructure: true,
rejectOnEmpty: true,
transaction,
});
result.collections.push(newCollection);
server/models/Collection.ts
+20 -8
View File
@@ -67,6 +67,8 @@ import Length from "./validators/Length";
import NotContainsUrl from "./validators/NotContainsUrl";
type AdditionalFindOptions = {
userId?: string;
includeDocumentStructure?: boolean;
rejectOnEmpty?: boolean | Error;
};
@@ -466,9 +468,9 @@ class Collection extends ParanoidModel<
* @returns userIds
*/
static async membershipUserIds(collectionId: string) {
const collection = await this.scope("withAllMemberships").findByPk(
collectionId
);
const collection = await this.scope("withAllMemberships").findOne({
where: { id: collectionId },
});
if (!collection) {
return [];
}
@@ -485,6 +487,7 @@ class Collection extends ParanoidModel<
/**
* Overrides the standard findByPk behavior to allow also querying by urlId
* and loading memberships for a user passed in by `userId`
*
* @param id uuid or urlId
* @param options FindOptions
@@ -506,16 +509,25 @@ class Collection extends ParanoidModel<
return null;
}
const { includeDocumentStructure, userId, ...rest } = options;
const scope = this.scope([
includeDocumentStructure ? "withDocumentStructure" : "defaultScope",
{
method: ["withMembership", userId],
},
]);
if (isUUID(id)) {
const collection = await this.findOne({
const collection = await scope.findOne({
where: {
id,
},
...options,
...rest,
rejectOnEmpty: false,
});
if (!collection && options.rejectOnEmpty) {
if (!collection && rest.rejectOnEmpty) {
throw new EmptyResultError(`Collection doesn't exist with id: ${id}`);
}
@@ -524,7 +536,7 @@ class Collection extends ParanoidModel<
const match = id.match(UrlHelper.SLUG_URL_REGEX);
if (match) {
const collection = await this.findOne({
const collection = await scope.findOne({
where: {
urlId: match[1],
},
@@ -532,7 +544,7 @@ class Collection extends ParanoidModel<
rejectOnEmpty: false,
});
if (!collection && options.rejectOnEmpty) {
if (!collection && rest.rejectOnEmpty) {
throw new EmptyResultError(`Collection doesn't exist with id: ${id}`);
}
server/models/Document.ts
+26 -33
View File
@@ -426,13 +426,11 @@ class Document extends ArchivableModel<
return;
}
const collection = await Collection.scope("withDocumentStructure").findByPk(
model.collectionId,
{
transaction,
lock: Transaction.LOCK.UPDATE,
}
);
const collection = await Collection.findByPk(model.collectionId, {
includeDocumentStructure: true,
transaction,
lock: Transaction.LOCK.UPDATE,
});
if (!collection) {
return;
}
@@ -453,9 +451,8 @@ class Document extends ArchivableModel<
}
return this.sequelize!.transaction(async (transaction: Transaction) => {
const collection = await Collection.scope(
"withDocumentStructure"
).findByPk(model.collectionId!, {
const collection = await Collection.findByPk(model.collectionId!, {
includeDocumentStructure: true,
transaction,
lock: transaction.LOCK.UPDATE,
});
@@ -667,10 +664,11 @@ class Document extends ArchivableModel<
/**
* Overrides the standard findByPk behavior to allow also querying by urlId
* and loading memberships for a user passed in by `userId`
*
* @param id uuid or urlId
* @param options FindOptions
* @returns A promise resolving to a collection instance or null
* @returns A promise resolving to a document instance or null
*/
static async findByPk(
id: Identifier,
@@ -695,7 +693,7 @@ class Document extends ArchivableModel<
// almost every endpoint needs the collection membership to determine policy permissions.
const scope = this.scope([
"withDrafts",
options.includeState ? "withState" : "withoutState",
includeState ? "withState" : "withoutState",
{
method: ["withViews", userId],
},
@@ -943,9 +941,8 @@ class Document extends ArchivableModel<
}
if (!this.template && this.collectionId) {
const collection = await Collection.scope(
"withDocumentStructure"
).findByPk(this.collectionId, {
const collection = await Collection.findByPk(this.collectionId, {
includeDocumentStructure: true,
transaction,
lock: Transaction.LOCK.UPDATE,
});
@@ -1012,13 +1009,11 @@ class Document extends ArchivableModel<
await this.sequelize.transaction(async (transaction: Transaction) => {
const collection = this.collectionId
? await Collection.scope("withDocumentStructure").findByPk(
this.collectionId,
{
transaction,
lock: transaction.LOCK.UPDATE,
}
)
? await Collection.findByPk(this.collectionId, {
includeDocumentStructure: true,
transaction,
lock: transaction.LOCK.UPDATE,
})
: undefined;
if (collection) {
@@ -1049,13 +1044,11 @@ class Document extends ArchivableModel<
archive = async (user: User, options?: FindOptions) => {
const { transaction } = { ...options };
const collection = this.collectionId
? await Collection.scope("withDocumentStructure").findByPk(
this.collectionId,
{
transaction,
lock: transaction?.LOCK.UPDATE,
}
)
? await Collection.findByPk(this.collectionId, {
includeDocumentStructure: true,
transaction,
lock: transaction?.LOCK.UPDATE,
})
: undefined;
if (collection) {
@@ -1076,7 +1069,8 @@ class Document extends ArchivableModel<
) => {
const { transaction } = { ...options };
const collection = collectionId
? await Collection.scope("withDocumentStructure").findByPk(collectionId, {
? await Collection.findByPk(collectionId, {
includeDocumentStructure: true,
transaction,
lock: transaction?.LOCK.UPDATE,
})
@@ -1128,9 +1122,8 @@ class Document extends ArchivableModel<
let deleted = false;
if (!this.template && this.collectionId) {
const collection = await Collection.scope(
"withDocumentStructure"
).findByPk(this.collectionId!, {
const collection = await Collection.findByPk(this.collectionId!, {
includeDocumentStructure: true,
transaction,
lock: transaction.LOCK.UPDATE,
paranoid: false,
server/policies/collection.test.ts
+39 -39
View File
@@ -14,9 +14,9 @@ describe("admin", () => {
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", admin.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: admin.id,
});
const abilities = serialize(admin, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.update).toBeTruthy();
@@ -36,9 +36,9 @@ describe("admin", () => {
permission: null,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.readDocument).toEqual(false);
expect(abilities.updateDocument).toEqual(false);
@@ -59,9 +59,9 @@ describe("admin", () => {
permission: CollectionPermission.Read,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.readDocument).toBeTruthy();
expect(abilities.updateDocument).toBeTruthy();
@@ -87,9 +87,9 @@ describe("member", () => {
},
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", member.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: member.id,
});
const abilities = serialize(member, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.update).toBeTruthy();
@@ -116,9 +116,9 @@ describe("member", () => {
},
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", member.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: member.id,
});
const abilities = serialize(member, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.update).toBe(false);
@@ -161,9 +161,9 @@ describe("member", () => {
permission: CollectionPermission.Read,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -189,9 +189,9 @@ describe("member", () => {
},
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", member.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: member.id,
});
const abilities = serialize(member, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.update).not.toBeTruthy();
@@ -232,9 +232,9 @@ describe("member", () => {
},
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", member.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: member.id,
});
const abilities = serialize(member, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -279,9 +279,9 @@ describe("member", () => {
permission: CollectionPermission.ReadWrite,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -331,9 +331,9 @@ describe("viewer", () => {
permission: CollectionPermission.ReadWrite,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -361,9 +361,9 @@ describe("viewer", () => {
permission: CollectionPermission.ReadWrite,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -409,9 +409,9 @@ describe("viewer", () => {
permission: CollectionPermission.ReadWrite,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
@@ -462,9 +462,9 @@ describe("guest", () => {
permission: CollectionPermission.Read,
});
// reload to get membership
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
});
const abilities = serialize(user, reloaded);
expect(abilities.read).toBeTruthy();
expect(abilities.readDocument).toBeTruthy();
server/queues/processors/WebsocketsProcessor.ts
+18 -12
View File
@@ -353,9 +353,9 @@ export default class WebsocketsProcessor {
case "collections.remove_user": {
const [collection, user] = await Promise.all([
Collection.scope({
method: ["withMembership", event.userId],
}).findByPk(event.collectionId),
Collection.findByPk(event.collectionId, {
userId: event.userId,
}),
User.findByPk(event.userId),
]);
if (!user) {
@@ -424,9 +424,9 @@ export default class WebsocketsProcessor {
async (groupUsers) => {
for (const groupUser of groupUsers) {
const [collection, user] = await Promise.all([
Collection.scope({
method: ["withMembership", groupUser.userId],
}).findByPk(event.collectionId),
Collection.findByPk(event.collectionId, {
userId: groupUser.userId,
}),
User.findByPk(groupUser.userId),
]);
if (!user) {
@@ -716,9 +716,12 @@ export default class WebsocketsProcessor {
presentGroupMembership(groupMembership)
);
const collection = await Collection.scope({
method: ["withMembership", event.userId],
}).findByPk(groupMembership.collectionId);
const collection = await Collection.findByPk(
groupMembership.collectionId,
{
userId: event.userId,
}
);
if (cannot(user, "read", collection)) {
// tell any user clients to disconnect from the websocket channel for the collection
@@ -772,9 +775,12 @@ export default class WebsocketsProcessor {
.to(`user-${groupUser.userId}`)
.emit("collections.remove_group", payload);
const collection = await Collection.scope({
method: ["withMembership", groupUser.userId],
}).findByPk(groupMembership.collectionId);
const collection = await Collection.findByPk(
groupMembership.collectionId,
{
userId: groupUser.userId,
}
);
if (cannot(groupUser.user, "read", collection)) {
// tell any user clients to disconnect from the websocket channel for the collection
server/queues/tasks/CollectionSubscriptionRemoveUserTask.ts
+3 -3
View File
@@ -16,9 +16,9 @@ export default class CollectionSubscriptionRemoveUserTask extends BaseTask<Colle
return;
}
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(event.collectionId);
const collection = await Collection.findByPk(event.collectionId, {
userId: user.id,
});
if (can(user, "read", collection)) {
Logger.debug(
server/routes/api/collections/collections.ts
+37 -48
View File
@@ -1,4 +1,3 @@
import invariant from "invariant";
import Router from "koa-router";
import { Sequelize, Op, WhereOptions } from "sequelize";
import {
@@ -96,12 +95,11 @@ router.post(
},
});
// we must reload the collection to get memberships for policy presenter
const reloaded = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id, {
const reloaded = await Collection.findByPk(collection.id, {
userId: user.id,
transaction,
rejectOnEmpty: true,
});
invariant(reloaded, "collection not found");
ctx.body = {
data: await presentCollection(ctx, reloaded),
@@ -118,11 +116,14 @@ router.post(
const { id } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope([
"defaultScope",
"withArchivedBy",
{
method: ["withMembership", user.id],
},
"withArchivedBy",
]).findByPk(id);
]).findOne({
where: { id },
});
authorize(user, "read", collection);
@@ -140,11 +141,10 @@ router.post(
async (ctx: APIContext<T.CollectionsDocumentsReq>) => {
const { id } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope([
{
method: ["withMembership", user.id],
},
]).findByPk(id);
const collection = await Collection.findByPk(id, {
userId: user.id,
includeDocumentStructure: true,
});
authorize(user, "readDocument", collection);
@@ -201,9 +201,7 @@ router.post(
const { user } = ctx.state.auth;
const [collection, group] = await Promise.all([
Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, { transaction }),
Collection.findByPk(id, { userId: user.id, transaction }),
Group.findByPk(groupId, { transaction }),
]);
authorize(user, "update", collection);
@@ -248,9 +246,8 @@ router.post(
const { transaction } = ctx.state;
const [collection, group] = await Promise.all([
Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, {
Collection.findByPk(id, {
userId: user.id,
transaction,
}),
Group.findByPk(groupId, {
@@ -286,9 +283,9 @@ router.post(
const { id, query, permission } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id);
const collection = await Collection.findByPk(id, {
userId: user.id,
});
authorize(user, "read", collection);
let where: WhereOptions<GroupMembership> = {
@@ -356,9 +353,7 @@ router.post(
const { id, userId, permission } = ctx.input.body;
const [collection, user] = await Promise.all([
Collection.scope({
method: ["withMembership", actor.id],
}).findByPk(id, { transaction }),
Collection.findByPk(id, { userId, transaction }),
User.findByPk(userId, { transaction }),
]);
authorize(actor, "update", collection);
@@ -402,9 +397,7 @@ router.post(
const { id, userId } = ctx.input.body;
const [collection, user] = await Promise.all([
Collection.scope({
method: ["withMembership", actor.id],
}).findByPk(id, { transaction }),
Collection.findByPk(id, { userId, transaction }),
User.findByPk(userId, { transaction }),
]);
authorize(actor, "update", collection);
@@ -435,9 +428,9 @@ router.post(
const { id, query, permission } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id);
const collection = await Collection.findByPk(id, {
userId: user.id,
});
authorize(user, "read", collection);
let where: WhereOptions<UserMembership> = {
@@ -503,9 +496,10 @@ router.post(
const team = await Team.findByPk(user.teamId, { transaction });
authorize(user, "createExport", team);
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, { transaction });
const collection = await Collection.findByPk(id, {
userId: user.id,
transaction,
});
authorize(user, "export", collection);
const fileOperation = await collectionExporter({
@@ -576,9 +570,8 @@ router.post(
} = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, {
const collection = await Collection.findByPk(id, {
userId: user.id,
transaction,
});
authorize(user, "update", collection);
@@ -814,9 +807,8 @@ router.post(
const { id } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, {
const collection = await Collection.findByPk(id, {
userId: user.id,
transaction,
});
@@ -845,11 +837,8 @@ router.post(
const { id } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope([
{
method: ["withMembership", user.id],
},
]).findByPk(id, {
const collection = await Collection.findByPk(id, {
userId: user.id,
transaction,
rejectOnEmpty: true,
});
@@ -905,11 +894,11 @@ router.post(
const { id } = ctx.input.body;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(id, {
transaction,
const collection = await Collection.findByPk(id, {
userId: user.id,
includeDocumentStructure: true,
rejectOnEmpty: true,
transaction,
});
authorize(user, "restore", collection);
server/routes/api/comments/comments.ts
+3 -1
View File
@@ -154,7 +154,9 @@ router.post(
]);
comments.forEach((comment) => (comment.document = document));
} else if (collectionId) {
const collection = await Collection.findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "read", collection);
const include = [
{
server/routes/api/documents/documents.ts
+49 -58
View File
@@ -133,12 +133,10 @@ router.post(
// if a specific collection is passed then we need to check auth to view it
if (collectionId) {
where[Op.and].push({ collectionId: [collectionId] });
const collection = await Collection.scope([
sort === "index" ? "withDocumentStructure" : "defaultScope",
{
method: ["withMembership", user.id],
},
]).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
includeDocumentStructure: sort === "index",
});
authorize(user, "readDocument", collection);
@@ -331,9 +329,9 @@ router.post(
// if a specific collection is passed then we need to check auth to view it
if (collectionId) {
where = { ...where, collectionId };
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "readDocument", collection);
// index sort is special because it uses the order of the documents in the
@@ -512,9 +510,9 @@ router.post(
const { user } = ctx.state.auth;
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "readDocument", collection);
}
@@ -821,15 +819,20 @@ router.post(
const destCollectionId = collectionId ?? sourceCollectionId;
const srcCollection = sourceCollectionId
? await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(sourceCollectionId, { paranoid: false })
? await Collection.findByPk(sourceCollectionId, {
userId: user.id,
includeDocumentStructure: true,
paranoid: false,
transaction,
})
: undefined;
const destCollection = destCollectionId
? await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(destCollectionId)
? await Collection.findByPk(destCollectionId, {
userId: user.id,
includeDocumentStructure: true,
transaction,
})
: undefined;
// In case of workspace templates, both source and destination collections are undefined.
@@ -931,9 +934,9 @@ router.post(
let collaboratorIds = undefined;
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "readDocument", collection);
}
@@ -1027,9 +1030,9 @@ router.post(
teamId = user.teamId;
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "readDocument", collection);
}
@@ -1118,9 +1121,10 @@ router.post(
authorize(user, "update", original);
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId, { transaction });
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
});
authorize(user, "createDocument", collection);
} else {
authorize(user, "createTemplate", user.team);
@@ -1205,9 +1209,10 @@ router.post(
collectionId,
"collectionId is required to publish a draft without collection"
);
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId!, { transaction });
collection = await Collection.findByPk(collectionId!, {
userId: user.id,
transaction,
});
}
if (document.parentDocumentId) {
@@ -1261,9 +1266,10 @@ router.post(
authorize(user, "read", document);
const collection = collectionId
? await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId, { transaction })
? await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
})
: document?.collection;
if (collection) {
@@ -1323,9 +1329,10 @@ router.post(
authorize(user, "move", document);
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId, { transaction });
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
});
authorize(user, "updateDocument", collection);
} else if (document.template) {
authorize(user, "updateTemplate", user.team);
@@ -1503,13 +1510,8 @@ router.post(
const file = ctx.input.file;
const { user } = ctx.state.auth;
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findOne({
where: {
id: collectionId,
teamId: user.teamId,
},
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "createDocument", collection);
let parentDocument;
@@ -1606,14 +1608,8 @@ router.post(
});
if (parentDocument?.collectionId) {
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findOne({
where: {
id: parentDocument.collectionId,
teamId: user.teamId,
},
transaction,
collection = await Collection.findByPk(parentDocument.collectionId, {
userId: user.id,
});
}
@@ -1621,13 +1617,8 @@ router.post(
collection,
});
} else if (collectionId) {
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findOne({
where: {
id: collectionId,
teamId: user.teamId,
},
collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
});
authorize(user, "createDocument", collection);
server/routes/api/events/events.ts
+3 -3
View File
@@ -61,9 +61,9 @@ router.post(
if (collectionId) {
where = { ...where, collectionId };
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "read", collection);
} else {
const collectionIds = await user.collectionIds({
server/routes/api/pins/pins.ts
+4 -3
View File
@@ -33,9 +33,10 @@ router.post(
authorize(user, "read", document);
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId, { transaction });
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
});
authorize(user, "update", collection);
authorize(user, "pin", document);
} else {
server/routes/api/shares/shares.ts
+4 -3
View File
@@ -55,9 +55,10 @@ router.post(
authorize(user, "read", document);
const collection = document.collectionId
? await Collection.scope("withDocumentStructure").findByPk(
document.collectionId
)
? await Collection.findByPk(document.collectionId, {
userId: user.id,
includeDocumentStructure: true,
})
: undefined;
const parentIds = collection?.getDocumentParents(documentId);
const parentShare = parentIds
server/routes/api/stars/stars.ts
+4 -3
View File
@@ -37,9 +37,10 @@ router.post(
}
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId, { transaction });
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction,
});
authorize(user, "star", collection);
}
server/routes/api/subscriptions/subscriptions.ts
+10 -9
View File
@@ -34,9 +34,10 @@ router.post(
};
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
transaction: ctx.state.transaction,
});
authorize(user, "read", collection);
where.collectionId = collectionId;
@@ -78,9 +79,9 @@ router.post(
};
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "read", collection);
where.collectionId = collectionId;
@@ -116,9 +117,9 @@ router.post(
const { event, collectionId, documentId } = ctx.input.body;
if (collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collectionId);
const collection = await Collection.findByPk(collectionId, {
userId: user.id,
});
authorize(user, "subscribe", collection);
} else {
server/services/websockets.ts
+3 -3
View File
@@ -191,9 +191,9 @@ async function authenticated(io: IO.Server, socket: SocketWithAuth) {
// user is joining a collection channel, because their permissions have
// changed, granting them access.
if (event.collectionId) {
const collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(event.collectionId);
const collection = await Collection.findByPk(event.collectionId, {
userId: user.id,
});
if (can(user, "read", collection)) {
await socket.join(`collection-${event.collectionId}`);
server/test/factories.ts
+3 -3
View File
@@ -416,9 +416,9 @@ export async function buildDocument(
if (overrides.collectionId && overrides.publishedAt !== null) {
collection = collection
? await Collection.scope("withDocumentStructure").findByPk(
overrides.collectionId
)
? await Collection.findByPk(overrides.collectionId, {
includeDocumentStructure: true,
})
: undefined;
await collection?.addDocumentToStructure(document, 0);