feat: Implement document permission handling and sharing features

2026-01-10 21:19:12 -08:00
parent 6ba18854bf
commit 6b1ed8d11c
13 changed files with 340 additions and 31 deletions
--- a/backend/internal/handlers/document.go
+++ b/backend/internal/handlers/document.go
@@ -233,4 +233,111 @@ func (h *DocumentHandler) DeleteDocument(c *gin.Context) {
 	}

 	c.JSON(http.StatusOK, gin.H{"message": "Document deleted successfully"})
+}
+
+// GetDocumentPermission returns the user's permission level for a document
+func (h *DocumentHandler) GetDocumentPermission(c *gin.Context) {
+    documentID, err := uuid.Parse(c.Param("id"))
+    if err != nil {
+        respondBadRequest(c, "Invalid document ID format")
+        return
+    }
+
+    // 1. 先检查文档是否存在 (Good practice)
+    _, err = h.store.GetDocument(documentID)
+    if err != nil {
+        respondNotFound(c, "document")
+        return
+    }
+
+    userID := auth.GetUserFromContext(c)
+    shareToken := c.Query("share")
+
+    // 定义两个临时变量，用来存两边的结果
+    var userPerm string  // 存 document_shares 的结果
+    var tokenPerm string // 存 share_token 的结果
+
+    // ====================================================
+    // 步骤 A: 检查个人权限 (Base Permission)
+    // ====================================================
+    if userID != nil {
+        perm, err := h.store.GetUserPermission(c.Request.Context(), documentID, *userID)
+        if err != nil {
+            respondInternalError(c, "Failed to get user permission", err)
+            return
+        }
+        userPerm = perm 
+        // ⚠️ 注意：如果 perm 是空，这里不报错！继续往下走！
+    }
+
+    // ====================================================
+    // 步骤 B: 检查 Token 权限 (Upgrade Permission)
+    // ====================================================
+    if shareToken != "" {
+        // 先验证 Token 是否有效
+        valid, err := h.store.ValidateShareToken(c.Request.Context(), documentID, shareToken)
+        if err != nil {
+            respondInternalError(c, "Failed to validate token", err)
+            return
+        }
+        
+        // 只有 Token 有效才去取权限
+        if valid {
+            p, err := h.store.GetShareLinkPermission(c.Request.Context(), documentID)
+            if err != nil {
+                respondInternalError(c, "Failed to get token permission", err)
+                return
+            }
+            tokenPerm = p
+            // 处理数据库老数据的 fallback
+            if tokenPerm == "" { tokenPerm = "view" } 
+        }
+    }
+
+    // ====================================================
+    // 步骤 C: ⚡️ 权限合并与计算 (The Brain)
+    // ====================================================
+    
+    finalPermission := ""
+    role := "viewer" // 默认角色
+
+    // 1. 如果是 Owner，无敌，直接返回
+    if userPerm == "owner" {
+        finalPermission = "edit"
+        role = "owner"
+        // 直接返回，不用看 Token 了
+        c.JSON(http.StatusOK, models.PermissionResponse{
+            Permission: finalPermission,
+            Role:       role,
+        })
+        return
+    }
+
+    // 2. 比较 User 和 Token，取最大值
+    // 逻辑：只要任意一边给了 "edit"，那就是 "edit"
+    if userPerm == "edit" || tokenPerm == "edit" {
+        finalPermission = "edit"
+        role = "editor"
+    } else if userPerm == "view" || tokenPerm == "view" {
+        finalPermission = "view"
+        role = "viewer"
+    }
+
+    // ====================================================
+    // 步骤 D: 最终判决
+    // ====================================================
+    if finalPermission == "" {
+        // 既没个人权限，Token 也不对（或者没 Token）
+        if userID == nil {
+             respondUnauthorized(c, "Authentication required") // 没登录且没Token
+        } else {
+             respondForbidden(c, "You don't have permission") // 登录了但没权限
+        }
+        return
+    }
+
+    c.JSON(http.StatusOK, models.PermissionResponse{
+        Permission: finalPermission,
+        Role:       role,
+    })
 }