mirror of
https://github.com/outline/outline.git
synced 2026-06-13 03:14:59 +03:00
dependabot[bot]
fc01deeefd
* chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1 Bumps [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) from 0.14.2 to 0.22.1. - [Release notes](https://github.com/oxc-project/tsgolint/releases) - [Commits](https://github.com/oxc-project/tsgolint/compare/v0.14.2...v0.22.1) --- updated-dependencies: - dependency-name: oxlint-tsgolint dependency-version: 0.22.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore: Switch tsconfig to bundler resolution for tsgolint 0.22.1 oxlint-tsgolint 0.22.1 removed support for moduleResolution=node10 (the alias for "node"). Switch to "bundler" with resolvePackageJsonExports disabled so packages whose exports field omits a types condition still resolve. Update markdown-it type imports to sub-paths since the package's .d.mts entry only re-exports a subset of named types. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix: Resolve type-aware lint errors caught by tsgolint 0.22.1 oxlint-tsgolint 0.22.1 catches several await-thenable, no-floating-promises, and no-meaningless-void-operator cases the prior 0.14.2 missed: - Drop redundant inner `await` from Promise.all([await x, await y]) call sites so the array entries are real Promises rather than already-resolved values. - Replace Promise.all wrappers around synchronous presenters (presentEvent, presentTemplate, presentPublicTeam) with plain map / direct calls. - Wrap non-promise branches of ternaries inside Promise.all with Promise.resolve so the array remains thenable across both arms. - Add `void` to the unawaited provider.connect() in the auth-failed retry chain, and remove `void` from the disconnect() call which returns void. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Moor <tom@getoutline.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
104 lines
2.7 KiB
TypeScript
104 lines
2.7 KiB
TypeScript
import Router from "koa-router";
|
|
import { intersection } from "es-toolkit/compat";
|
|
import type { WhereOptions } from "sequelize";
|
|
import { Op } from "sequelize";
|
|
import { EventHelper } from "@shared/utils/EventHelper";
|
|
import auth from "@server/middlewares/authentication";
|
|
import validate from "@server/middlewares/validate";
|
|
import { Event, User, Collection, Document } from "@server/models";
|
|
import { authorize } from "@server/policies";
|
|
import { presentEvent } from "@server/presenters";
|
|
import type { APIContext } from "@server/types";
|
|
import pagination from "../middlewares/pagination";
|
|
import * as T from "./schema";
|
|
|
|
const router = new Router();
|
|
|
|
router.post(
|
|
"events.list",
|
|
auth(),
|
|
pagination(),
|
|
validate(T.EventsListSchema),
|
|
async (ctx: APIContext<T.EventsListReq>) => {
|
|
const { user } = ctx.state.auth;
|
|
const {
|
|
name,
|
|
events,
|
|
auditLog,
|
|
actorId,
|
|
documentId,
|
|
collectionId,
|
|
sort,
|
|
direction,
|
|
} = ctx.input.body;
|
|
|
|
let where: WhereOptions<Event> = {
|
|
teamId: user.teamId,
|
|
actorId: { [Op.ne]: null },
|
|
};
|
|
|
|
if (auditLog) {
|
|
authorize(user, "audit", user.team);
|
|
where.name = events
|
|
? intersection(EventHelper.AUDIT_EVENTS, events)
|
|
: EventHelper.AUDIT_EVENTS;
|
|
} else {
|
|
where.name = events
|
|
? intersection(EventHelper.ACTIVITY_EVENTS, events)
|
|
: EventHelper.ACTIVITY_EVENTS;
|
|
}
|
|
|
|
if (name && (where.name as string[]).includes(name)) {
|
|
where.name = name;
|
|
}
|
|
|
|
if (actorId) {
|
|
const actor = await User.findByPk(actorId);
|
|
authorize(user, "readDetails", actor);
|
|
where = { ...where, actorId };
|
|
}
|
|
|
|
// Non-admins must specify either documentId or collectionId to use the read policy
|
|
if (!user.isAdmin && !documentId && !collectionId) {
|
|
authorize(user, "listAllEvents", user.team);
|
|
}
|
|
|
|
if (documentId) {
|
|
const document = await Document.findByPk(documentId, {
|
|
userId: user.id,
|
|
});
|
|
authorize(user, "read", document);
|
|
where = { ...where, documentId };
|
|
}
|
|
|
|
if (collectionId) {
|
|
const collection = await Collection.findByPk(collectionId, {
|
|
userId: user.id,
|
|
});
|
|
authorize(user, "read", collection);
|
|
where = { ...where, collectionId };
|
|
}
|
|
|
|
const loadedEvents = await Event.findAll({
|
|
where,
|
|
order: [[sort, direction]],
|
|
include: [
|
|
{
|
|
model: User,
|
|
as: "actor",
|
|
paranoid: false,
|
|
},
|
|
],
|
|
offset: ctx.state.pagination.offset,
|
|
limit: ctx.state.pagination.limit,
|
|
});
|
|
|
|
ctx.body = {
|
|
pagination: ctx.state.pagination,
|
|
data: loadedEvents.map((event) => presentEvent(event, auditLog)),
|
|
};
|
|
}
|
|
);
|
|
|
|
export default router;
|