Merge: resolve conflicts between feat/document-delete-permissions and feat/category-scopes-group-admin
- Keep HEAD's get_user_admin_groups dep and richer delete permission logic (can_delete via share OR group admin path)
- Use sa.text("false") for migration server_default (correct SQLAlchemy form)
- Preserve 0006/0007 migration entries in doc-service CLAUDE.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
@@ -73,7 +73,26 @@ async def _get_share_counts(doc_ids: list[str], db: AsyncSession) -> dict[str, i
|
||||
return {row[0]: row[1] for row in rows.all()}
|
||||
|
||||
|
||||
def _doc_with_categories(doc: Document, share_count: int = 0) -> DocumentOut:
|
||||
async def _get_deletable_doc_ids(
|
||||
doc_ids: list[str], user_groups: list[str], db: AsyncSession
|
||||
) -> set[str]:
|
||||
"""Return doc IDs for which the user has delete permission via a group share."""
|
||||
if not doc_ids or not user_groups:
|
||||
return set()
|
||||
rows = await db.execute(
|
||||
select(DocumentShare.document_id)
|
||||
.where(
|
||||
DocumentShare.document_id.in_(doc_ids),
|
||||
DocumentShare.group_id.in_(user_groups),
|
||||
DocumentShare.can_delete.is_(True),
|
||||
)
|
||||
)
|
||||
return {row[0] for row in rows.all()}
|
||||
|
||||
|
||||
def _doc_with_categories(
|
||||
doc: Document, share_count: int = 0, viewer_can_delete: bool = False
|
||||
) -> DocumentOut:
|
||||
from app.schemas.document import CategoryOut
|
||||
cats = [CategoryOut(id=a.category.id, name=a.category.name) for a in doc.category_assignments]
|
||||
return DocumentOut(
|
||||
@@ -95,6 +114,7 @@ def _doc_with_categories(doc: Document, share_count: int = 0) -> DocumentOut:
|
||||
suggested_folder=doc.suggested_folder,
|
||||
suggested_filename=doc.suggested_filename,
|
||||
share_count=share_count,
|
||||
viewer_can_delete=viewer_can_delete,
|
||||
)
|
||||
|
||||
|
||||
@@ -209,6 +229,8 @@ async def list_documents(
|
||||
search: str | None = Query(default=None),
|
||||
category_id: str | None = Query(default=None),
|
||||
user_id: str = Depends(get_user_id),
|
||||
user_groups: list[str] = Depends(get_user_groups),
|
||||
is_admin: bool = Depends(get_user_is_admin),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
) -> DocumentPage:
|
||||
sort_col = _SORT_COLUMNS.get(sort, Document.created_at)
|
||||
@@ -254,8 +276,19 @@ async def list_documents(
|
||||
)
|
||||
docs = items_result.scalars().all()
|
||||
|
||||
share_counts = await _get_share_counts([d.id for d in docs], db)
|
||||
items = [_doc_with_categories(d, share_counts.get(d.id, 0)) for d in docs]
|
||||
doc_ids = [d.id for d in docs]
|
||||
share_counts = await _get_share_counts(doc_ids, db)
|
||||
|
||||
if is_admin:
|
||||
deletable_ids = set(doc_ids)
|
||||
else:
|
||||
deletable_ids = {d.id for d in docs if d.user_id == user_id}
|
||||
deletable_ids |= await _get_deletable_doc_ids(doc_ids, user_groups, db)
|
||||
|
||||
items = [
|
||||
_doc_with_categories(d, share_counts.get(d.id, 0), viewer_can_delete=d.id in deletable_ids)
|
||||
for d in docs
|
||||
]
|
||||
|
||||
return DocumentPage(
|
||||
items=items,
|
||||
@@ -367,6 +400,7 @@ async def list_shared_with_me(
|
||||
source=doc.source,
|
||||
shared_by_user_id=share.shared_by_user_id if share else "",
|
||||
shared_via_group_id=share.group_id if share else "",
|
||||
viewer_can_delete=bool(share and share.can_delete),
|
||||
)
|
||||
)
|
||||
|
||||
@@ -382,11 +416,19 @@ async def list_shared_with_me(
|
||||
async def get_document(
|
||||
doc_id: str,
|
||||
user_id: str = Depends(get_user_id),
|
||||
user_groups: list[str] = Depends(get_user_groups),
|
||||
is_admin: bool = Depends(get_user_is_admin),
|
||||
db: AsyncSession = Depends(get_db),
|
||||
) -> DocumentOut:
|
||||
doc = await _get_user_doc(doc_id, user_id, db)
|
||||
counts = await _get_share_counts([doc.id], db)
|
||||
return _doc_with_categories(doc, counts.get(doc.id, 0))
|
||||
if is_admin:
|
||||
viewer_can_delete = True
|
||||
elif doc.user_id == user_id:
|
||||
viewer_can_delete = True
|
||||
else:
|
||||
viewer_can_delete = bool(await _get_deletable_doc_ids([doc.id], user_groups, db))
|
||||
return _doc_with_categories(doc, counts.get(doc.id, 0), viewer_can_delete=viewer_can_delete)
|
||||
|
||||
|
||||
@router.get("/{doc_id}/status", response_model=DocumentStatusOut)
|
||||
@@ -777,6 +819,7 @@ async def add_document_share(
|
||||
document_id=doc_id,
|
||||
group_id=body.group_id,
|
||||
shared_by_user_id=user_id,
|
||||
can_delete=body.can_delete,
|
||||
)
|
||||
db.add(share)
|
||||
await db.commit()
|
||||
|
||||
Reference in New Issue
Block a user