Draft documents always visible to editors when space lifecycle set to Draft mode

Author: HarveyKandola

README.md

@@ -52,9 +52,9 @@ Space view.
 
 ## Latest version
 
-[Community edition: v1.64.3](https://github.com/documize/community/releases)
+[Community edition: v1.64.4](https://github.com/documize/community/releases)
 
-[Enterprise edition: v1.66.3](https://documize.com/downloads)
+[Enterprise edition: v1.66.4](https://documize.com/downloads)
 
 ## OS support
 

domain/document/endpoint.go

@@ -143,9 +143,19 @@ func (h *Handler) BySpace(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// get user permissions
+	// Get the space as we need to check settings.
+	space, err := h.Store.Space.Get(ctx, spaceID)
+
+	// Can user view drafts?
 	viewDrafts := permission.CanViewDrafts(ctx, *h.Store, spaceID)
 
+	// If space defaults to drfat documents, then this means
+	// user can view drafts as long as they have edit rights.
+	canEdit := permission.HasPermission(ctx, *h.Store, spaceID, pm.DocumentEdit)
+	if space.Lifecycle == workflow.LifecycleDraft && canEdit {
+		viewDrafts = true
+	}
+
 	// Get complete list of documents regardless of category permission
 	// and versioning.
 	documents, err := h.Store.Document.GetBySpace(ctx, spaceID)

domain/permission/permission.go

@@ -227,72 +227,6 @@ func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, ac
 	return false
 }
 
-// // GetDocumentApprovers returns list of users who can approve given document in given space
-// func GetDocumentApprovers(ctx domain.RequestContext, s domain.Store, spaceID, documentID string) (users []u.User, err error) {
-// 	users = []u.User{}
-// 	prev := make(map[string]bool) // used to ensure we only process user once
-
-// 	// Permissions can be assigned to both groups and individual users.
-// 	// Pre-fetch users with group membership to help us work out
-// 	// if user belongs to a group with permissions.
-// 	groupMembers, err := s.Group.GetMembers(ctx)
-// 	if err != nil {
-// 		return users, err
-// 	}
-
-// 	// space permissions
-// 	sp, err := s.Permission.GetSpacePermissions(ctx, spaceID)
-// 	if err != nil {
-// 		return users, err
-// 	}
-// 	// document permissions
-// 	dp, err := s.Permission.GetDocumentPermissions(ctx, documentID)
-// 	if err != nil {
-// 		return users, err
-// 	}
-
-// 	// all permissions
-// 	all := sp
-// 	all = append(all, dp...)
-
-// 	for _, p := range all {
-// 		// only approvers
-// 		if p.Action != pm.DocumentApprove {
-// 			continue
-// 		}
-
-// 		if p.Who == pm.GroupPermission {
-// 			// get group records for just this group
-// 			groupRecords := group.FilterGroupRecords(groupMembers, p.WhoID)
-
-// 			for i := range groupRecords {
-// 				user, err := s.User.Get(ctx, groupRecords[i].UserID)
-// 				if err != nil {
-// 					return users, err
-// 				}
-// 				if _, isExisting := prev[user.RefID]; !isExisting {
-// 					users = append(users, user)
-// 					prev[user.RefID] = true
-// 				}
-// 			}
-// 		}
-
-// 		if p.Who == pm.UserPermission {
-// 			user, err := s.User.Get(ctx, p.WhoID)
-// 			if err != nil {
-// 				return users, err
-// 			}
-
-// 			if _, isExisting := prev[user.RefID]; !isExisting {
-// 				users = append(users, user)
-// 				prev[user.RefID] = true
-// 			}
-// 		}
-// 	}
-
-// 	return users, err
-// }
-
 // GetUsersWithDocumentPermission returns list of users who have specified document permission in given space
 func GetUsersWithDocumentPermission(ctx domain.RequestContext, s domain.Store, spaceID, documentID string, permissionRequired pm.Action) (users []u.User, err error) {
 	users = []u.User{}

edition/community.go

@@ -42,7 +42,7 @@ func main() {
 	rt.Product = env.ProdInfo{}
 	rt.Product.Major = "1"
 	rt.Product.Minor = "64"
-	rt.Product.Patch = "3"
+	rt.Product.Patch = "4"
 	rt.Product.Version = fmt.Sprintf("%s.%s.%s", rt.Product.Major, rt.Product.Minor, rt.Product.Patch)
 	rt.Product.Edition = "Community"
 	rt.Product.Title = fmt.Sprintf("%s Edition", rt.Product.Edition)