feat(server): make permission a standalone module (#7880)

Author: forehalo

packages/backend/server/src/app.module.ts

@@ -12,6 +12,7 @@ import { AuthModule } from './core/auth';
 import { ADD_ENABLED_FEATURES, ServerConfigModule } from './core/config';
 import { DocModule } from './core/doc';
 import { FeatureModule } from './core/features';
+import { PermissionModule } from './core/permission';
 import { QuotaModule } from './core/quota';
 import { SelfhostModule } from './core/selfhost';
 import { StorageModule } from './core/storage';
@@ -41,7 +42,6 @@ import { ENABLED_PLUGINS } from './plugins/registry';
 
 export const FunctionalityModules = [
   ConfigModule.forRoot(),
-  ScheduleModule.forRoot(),
   EventModule,
   CacheModule,
   MutexModule,
@@ -147,12 +147,12 @@ export function buildAppModule() {
   const factor = new AppModuleBuilder(AFFiNE);
 
   factor
-    // common fundamental modules
+    // basic
     .use(...FunctionalityModules)
     .useIf(config => config.flavor.sync, WebSocketModule)
 
     // auth
-    .use(UserModule, AuthModule)
+    .use(UserModule, AuthModule, PermissionModule)
 
     // business modules
     .use(DocModule)
@@ -163,9 +163,10 @@ export function buildAppModule() {
     // graphql server only
     .useIf(
       config => config.flavor.graphql,
-      ServerConfigModule,
+      ScheduleModule.forRoot(),
       GqlModule,
       StorageModule,
+      ServerConfigModule,
       WorkspaceModule,
       FeatureModule,
       QuotaModule

packages/backend/server/src/core/doc/history.ts

@@ -11,10 +11,9 @@ import {
   DocNotFound,
   metrics,
   OnEvent,
-  WorkspaceNotFound,
 } from '../../fundamentals';
+import { PermissionService } from '../permission';
 import { QuotaService } from '../quota';
-import { Permission } from '../workspaces/types';
 import { isEmptyBuffer } from './manager';
 
 @Injectable()
@@ -23,7 +22,8 @@ export class DocHistoryManager {
   constructor(
     private readonly config: Config,
     private readonly db: PrismaClient,
-    private readonly quota: QuotaService
+    private readonly quota: QuotaService,
+    private readonly permission: PermissionService
   ) {}
 
   @OnEvent('workspace.deleted')
@@ -235,21 +235,8 @@ export class DocHistoryManager {
   }
 
   async getExpiredDateFromNow(workspaceId: string) {
-    const permission = await this.db.workspaceUserPermission.findFirst({
-      select: {
-        userId: true,
-      },
-      where: {
-        workspaceId,
-        type: Permission.Owner,
-      },
-    });
-
-    if (!permission) {
-      throw new WorkspaceNotFound({ workspaceId });
-    }
-
-    const quota = await this.quota.getUserQuota(permission.userId);
+    const owner = await this.permission.getWorkspaceOwner(workspaceId);
+    const quota = await this.quota.getUserQuota(owner.id);
     return quota.feature.historyPeriodFromNow;
   }
 

packages/backend/server/src/core/doc/index.ts

@@ -2,12 +2,13 @@ import './config';
 
 import { Module } from '@nestjs/common';
 
+import { PermissionModule } from '../permission';
 import { QuotaModule } from '../quota';
 import { DocHistoryManager } from './history';
 import { DocManager } from './manager';
 
 @Module({
-  imports: [QuotaModule],
+  imports: [QuotaModule, PermissionModule],
   providers: [DocManager, DocHistoryManager],
   exports: [DocManager, DocHistoryManager],
 })

packages/backend/server/src/core/permission/index.ts

@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+
+import { PermissionService } from './service';
+
+@Module({
+  providers: [PermissionService],
+  exports: [PermissionService],
+})
+export class PermissionModule {}
+
+export { PermissionService } from './service';
+export { Permission, PublicPageMode } from './types';

packages/backend/server/src/core/workspaces/permission.ts renamed to packages/backend/server/src/core/permission/service.ts

@@ -2,13 +2,12 @@ import { Injectable } from '@nestjs/common';
 import type { Prisma } from '@prisma/client';
 import { PrismaClient } from '@prisma/client';
 
-import { DocAccessDenied, WorkspaceAccessDenied } from '../../fundamentals';
-import { Permission } from './types';
-
-export enum PublicPageMode {
-  Page,
-  Edgeless,
-}
+import {
+  DocAccessDenied,
+  WorkspaceAccessDenied,
+  WorkspaceOwnerNotFound,
+} from '../../fundamentals';
+import { Permission, PublicPageMode } from './types';
 
 @Injectable()
 export class PermissionService {
@@ -59,7 +58,7 @@ export class PermissionService {
   }
 
   async getWorkspaceOwner(workspaceId: string) {
-    return this.prisma.workspaceUserPermission.findFirstOrThrow({
+    const owner = await this.prisma.workspaceUserPermission.findFirst({
       where: {
         workspaceId,
         type: Permission.Owner,
@@ -68,6 +67,12 @@ export class PermissionService {
         user: true,
       },
     });
+
+    if (!owner) {
+      throw new WorkspaceOwnerNotFound({ workspaceId });
+    }
+
+    return owner.user;
   }
 
   async tryGetWorkspaceOwner(workspaceId: string) {
@@ -195,6 +200,17 @@ export class PermissionService {
     return false;
   }
 
+  async allowUrlPreview(ws: string) {
+    const count = await this.prisma.workspace.count({
+      where: {
+        id: ws,
+        public: true,
+      },
+    });
+
+    return count > 0;
+  }
+
   async grant(
     ws: string,
     user: string,

packages/backend/server/src/core/permission/types.ts

@@ -0,0 +1,11 @@
+export enum Permission {
+  Read = 0,
+  Write = 1,
+  Admin = 10,
+  Owner = 99,
+}
+
+export enum PublicPageMode {
+  Page,
+  Edgeless,
+}

packages/backend/server/src/core/quota/index.ts

@@ -1,8 +1,8 @@
 import { Module } from '@nestjs/common';
 
 import { FeatureModule } from '../features';
+import { PermissionModule } from '../permission';
 import { StorageModule } from '../storage';
-import { PermissionService } from '../workspaces/permission';
 import { QuotaManagementResolver } from './resolver';
 import { QuotaService } from './service';
 import { QuotaManagementService } from './storage';
@@ -14,13 +14,8 @@ import { QuotaManagementService } from './storage';
  * - quota statistics
  */
 @Module({
-  imports: [FeatureModule, StorageModule],
-  providers: [
-    PermissionService,
-    QuotaService,
-    QuotaManagementResolver,
-    QuotaManagementService,
-  ],
+  imports: [FeatureModule, StorageModule, PermissionModule],
+  providers: [QuotaService, QuotaManagementResolver, QuotaManagementService],
   exports: [QuotaService, QuotaManagementService],
 })
 export class QuotaModule {}

packages/backend/server/src/core/quota/storage.ts

@@ -1,9 +1,8 @@
 import { Injectable, Logger } from '@nestjs/common';
 
-import { WorkspaceOwnerNotFound } from '../../fundamentals';
 import { FeatureService, FeatureType } from '../features';
+import { PermissionService } from '../permission';
 import { WorkspaceBlobStorage } from '../storage';
-import { PermissionService } from '../workspaces/permission';
 import { OneGB } from './constant';
 import { QuotaService } from './service';
 import { formatSize, QuotaQueryType } from './types';
@@ -113,9 +112,7 @@ export class QuotaManagementService {
   // get workspace's owner quota and total size of used
   // quota was apply to owner's account
   async getWorkspaceUsage(workspaceId: string): Promise<QuotaBusinessType> {
-    const { user: owner } =
-      await this.permissions.getWorkspaceOwner(workspaceId);
-    if (!owner) throw new WorkspaceOwnerNotFound({ workspaceId });
+    const owner = await this.permissions.getWorkspaceOwner(workspaceId);
     const {
       feature: {
         name,

packages/backend/server/src/core/sync/events/events.gateway.ts

@@ -23,9 +23,8 @@ import {
 } from '../../../fundamentals';
 import { Auth, CurrentUser } from '../../auth';
 import { DocManager } from '../../doc';
+import { Permission, PermissionService } from '../../permission';
 import { DocID } from '../../utils/doc';
-import { PermissionService } from '../../workspaces/permission';
-import { Permission } from '../../workspaces/types';
 
 const SubscribeMessage = (event: string) =>
   applyDecorators(

packages/backend/server/src/core/sync/events/events.module.ts

@@ -1,11 +1,11 @@
 import { Module } from '@nestjs/common';
 
 import { DocModule } from '../../doc';
-import { PermissionService } from '../../workspaces/permission';
+import { PermissionModule } from '../../permission';
 import { EventsGateway } from './events.gateway';
 
 @Module({
-  imports: [DocModule],
-  providers: [EventsGateway, PermissionService],
+  imports: [DocModule, PermissionModule],
+  providers: [EventsGateway],
 })
 export class EventsModule {}