From d897e0e065e4e4335b0286e347bed1f232b8e396 Mon Sep 17 00:00:00 2001 From: "Moldovan, Georgia" Date: Wed, 23 Mar 2022 17:35:03 +0100 Subject: [PATCH] api: add document checks before sharing - before sharing a document it should be checked if document exists and if it is a document stored in the storage service --- api/src/service/document_share.ts | 17 ++++++++++++ .../service/domain/document/document_share.ts | 27 ++++++++++++++----- .../service/workflowitem_permission_grant.ts | 17 ++++++++++++ 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/api/src/service/document_share.ts b/api/src/service/document_share.ts index 47098b0f9..aef366988 100644 --- a/api/src/service/document_share.ts +++ b/api/src/service/document_share.ts @@ -8,6 +8,7 @@ import * as Cache from "./cache2"; import { ConnToken } from "./conn"; import { sourceSecrets } from "./domain/document/document_eventsourcing"; import * as DocumentShare from "./domain/document/document_share"; +import * as DocumentGet from "./domain/document/document_get"; import * as SecretGet from "./domain/document/secret_get"; import { ServiceUser } from "./domain/organization/service_user"; import * as PublicKeyGet from "./public_key_get"; @@ -54,6 +55,22 @@ export async function documentShare( getWorkflowitem: async (projectId, subprojectId, workflowitemId) => { return cache.getWorkflowitem(projectId, subprojectId, workflowitemId); }, + getDocumentInfo: async (docId) => { + return DocumentGet.getDocumentInfo(ctx, docId, { + getDocumentsEvents: async () => { + return cache.getDocumentUploadedEvents(); + }, + getAllProjects: async () => { + return cache.getProjects(); + }, + getAllSubprojects: async (projectId) => { + return cache.getSubprojects(projectId); + }, + getAllWorkflowitems: async (projectId, subprojectId) => { + return cache.getWorkflowitems(projectId, subprojectId); + }, + }); + }, }); }); diff --git a/api/src/service/domain/document/document_share.ts b/api/src/service/domain/document/document_share.ts index cee2f8a5a..b96434b22 100644 --- a/api/src/service/domain/document/document_share.ts +++ b/api/src/service/domain/document/document_share.ts @@ -9,6 +9,7 @@ import * as Workflowitem from "../workflow/workflowitem"; import { NotAuthorized } from "../errors/not_authorized"; import { PreconditionError } from "../errors/precondition_error"; import logger from "lib/logger"; +import * as DocumentUploaded from "../document/document_uploaded"; type Base64String = string; @@ -32,6 +33,7 @@ interface Repository { subprojectId: string, workflowitemId: string, ): Promise>; + getDocumentInfo(docId: string): Promise>; } export async function shareDocument( @@ -48,6 +50,25 @@ export async function shareDocument( // if secret is already published for this document and organization no event is created const alreadyPublished = await repository.secretAlreadyExists(docId, organization); if (alreadyPublished) { + logger.debug( + { docId, publisherOrganization }, + "Secret is already shared with this organization", + ); + return undefined; + } + + const workflowitem = await repository.getWorkflowitem(projectId, subprojectId, workflowitemId); + if (Result.isErr(workflowitem)) { + return new VError(" Error while fetching workflowitem!"); + } + + const { documents } = workflowitem; + if (!documents.some((doc) => doc.id === docId)) { + return new VError(`No documents with id ${docId} found in workflowitem ${workflowitemId}`); + } + const documentInfo = await repository.getDocumentInfo(docId); + if (!documentInfo) { + logger.debug({ docId, workflowitemId }, "No such document attached to this workflowitem"); return undefined; } @@ -114,12 +135,6 @@ export async function shareDocument( ); } - const workflowitem = await repository.getWorkflowitem(projectId, subprojectId, workflowitemId); - - if (Result.isErr(workflowitem)) { - return new VError(" Error while fetching workflowitem!"); - } - const intent = "workflowitem.intent.grantPermission"; logger.trace( diff --git a/api/src/service/workflowitem_permission_grant.ts b/api/src/service/workflowitem_permission_grant.ts index 82aca0bfe..56512940a 100644 --- a/api/src/service/workflowitem_permission_grant.ts +++ b/api/src/service/workflowitem_permission_grant.ts @@ -9,6 +9,7 @@ import * as Result from "../result"; import * as Cache from "./cache2"; import { ConnToken } from "./conn"; import * as DocumentShare from "./domain/document/document_share"; +import * as DocumentGet from "./domain/document/document_get"; import * as SecretGet from "./domain/document/secret_get"; import { Identity } from "./domain/organization/identity"; import { ServiceUser } from "./domain/organization/service_user"; @@ -92,6 +93,22 @@ export async function grantWorkflowitemPermission( getWorkflowitem: async (projectId, subprojectId, workflowitemId) => { return cache.getWorkflowitem(projectId, subprojectId, workflowitemId); }, + getDocumentInfo: async (docId) => { + return DocumentGet.getDocumentInfo(ctx, docId, { + getDocumentsEvents: async () => { + return cache.getDocumentUploadedEvents(); + }, + getAllProjects: async () => { + return cache.getProjects(); + }, + getAllSubprojects: async (projectId) => { + return cache.getSubprojects(projectId); + }, + getAllWorkflowitems: async (projectId, subprojectId) => { + return cache.getWorkflowitems(projectId, subprojectId); + }, + }); + }, }, ), groupExists: async (group) => GroupQuery.groupExists(conn, ctx, serviceUser, group),