Use membership formIds to calculate permissions and list of forms in switcher

Author: kalilsn

core/app/api/v0/c/[communitySlug]/site/[...ts-rest]/route.ts

@@ -387,7 +387,7 @@ const handler = createNextHandler(
 			create: async ({ body }) => {
 				const { authorization, community, lastModifiedBy } = await checkAuthorization({
 					token: { scope: ApiAccessScope.pub, type: ApiAccessType.write },
-					// TODO: figure out capability here
+					// TODO: refactor so we call userCanCreatePub here
 					cookies: false,
 				});
 
@@ -423,10 +423,8 @@ const handler = createNextHandler(
 			update: async ({ params, body }) => {
 				const { user, community, lastModifiedBy } = await checkAuthorization({
 					token: { scope: ApiAccessScope.pub, type: ApiAccessType.write },
-					cookies: {
-						capability: Capabilities.updatePubValues,
-						target: { type: MembershipType.pub, pubId: params.pubId as PubsId },
-					},
+					// TODO: refactor so we call userCanEditPub here
+					cookies: false,
 				});
 
 				const { exists } = await doesPubExist(

core/app/c/[communitySlug]/pubs/[pubId]/edit/page.tsx

@@ -5,14 +5,14 @@ import Link from "next/link";
 import { notFound, redirect } from "next/navigation";
 
 import type { CommunitiesId, PubsId, UsersId } from "db/public";
-import { Capabilities, MembershipType } from "db/public";
 import { Button } from "ui/button";
 
 import { ContentLayout } from "~/app/c/[communitySlug]/ContentLayout";
+import { FormSwitcher } from "~/app/components/FormSwitcher/FormSwitcher";
 import { PageTitleWithStatus } from "~/app/components/pubs/PubEditor/PageTitleWithStatus";
 import { PubEditor } from "~/app/components/pubs/PubEditor/PubEditor";
 import { getPageLoginData } from "~/lib/authentication/loginData";
-import { userCan } from "~/lib/authorization/capabilities";
+import { getAuthorizedUpdateForms, userCanEditPub } from "~/lib/authorization/capabilities";
 import { getPubTitle } from "~/lib/pubs";
 import { getPubsWithRelatedValues } from "~/lib/server";
 import { findCommunityBySlug } from "~/lib/server/community";
@@ -80,19 +80,12 @@ export default async function Page(props: {
 
 	const { user } = await getPageLoginData();
 
-	const canUpdatePub = await userCan(
-		Capabilities.updatePubValues,
-		{
-			type: MembershipType.pub,
-			pubId,
-		},
-		user.id
-	);
-
 	if (!pubId || !communitySlug) {
 		return null;
 	}
 
+	const canUpdatePub = await userCanEditPub({ userId: user.id, pubId });
+
 	if (!canUpdatePub) {
 		redirect(`/c/${communitySlug}/unauthorized`);
 	}
@@ -113,6 +106,8 @@ export default async function Page(props: {
 		return null;
 	}
 
+	const availableForms = await getAuthorizedUpdateForms(user.id, pub.id).execute();
+
 	const htmlFormId = `edit-pub-${pub.id}`;
 
 	return (
@@ -131,6 +126,7 @@ export default async function Page(props: {
 		>
 			<div className="flex justify-center py-10">
 				<div className="max-w-prose flex-1">
+					<FormSwitcher forms={availableForms} />
 					{/** TODO: Add suspense */}
 					<PubEditor
 						searchParams={searchParams}

core/app/c/[communitySlug]/pubs/[pubId]/page.tsx

@@ -17,13 +17,13 @@ import { CreatePubButton } from "~/app/components/pubs/CreatePubButton";
 import { RemovePubButton } from "~/app/components/pubs/RemovePubButton";
 import { db } from "~/kysely/database";
 import { getPageLoginData } from "~/lib/authentication/loginData";
-import { userCan } from "~/lib/authorization/capabilities";
+import { getAuthorizedUpdateForms, userCan } from "~/lib/authorization/capabilities";
 import { getStageActions } from "~/lib/db/queries";
 import { getPubByForm, getPubTitle } from "~/lib/pubs";
 import { getPubsWithRelatedValues, pubValuesByVal } from "~/lib/server";
 import { autoCache } from "~/lib/server/cache/autoCache";
 import { findCommunityBySlug } from "~/lib/server/community";
-import { getForm, getSimpleForms } from "~/lib/server/form";
+import { getForm } from "~/lib/server/form";
 import { selectAllCommunityMemberships } from "~/lib/server/member";
 import { getStages } from "~/lib/server/stages";
 import {
@@ -157,7 +157,7 @@ export default async function Page(props: {
 				{ type: MembershipType.pub, pubId: pub.id },
 				user.id
 			),
-			getSimpleForms(pub.pubType.id),
+			getAuthorizedUpdateForms(user.id, pub.id).execute(),
 		]);
 
 	const pubTypeHasRelatedPubs = pub.pubType.fields.some((field) => field.isRelation);

core/app/c/[communitySlug]/pubs/create/page.tsx

@@ -2,14 +2,14 @@ import type { Metadata } from "next";
 
 import { notFound, redirect } from "next/navigation";
 
-import { Capabilities, MembershipType } from "db/public";
+import { type PubTypesId } from "db/public";
 import { Button } from "ui/button";
 
 import { ContentLayout } from "~/app/c/[communitySlug]/ContentLayout";
 import { PageTitleWithStatus } from "~/app/components/pubs/PubEditor/PageTitleWithStatus";
 import { PubEditor } from "~/app/components/pubs/PubEditor/PubEditor";
 import { getPageLoginData } from "~/lib/authentication/loginData";
-import { userCan } from "~/lib/authorization/capabilities";
+import { userCanCreatePub } from "~/lib/authorization/capabilities";
 import { findCommunityBySlug } from "~/lib/server/community";
 
 export async function generateMetadata(props: {
@@ -29,7 +29,7 @@ export async function generateMetadata(props: {
 
 export default async function Page(props: {
 	params: Promise<{ communitySlug: string }>;
-	searchParams: Promise<Record<string, string>>;
+	searchParams: Promise<Record<string, string> & { pubTypeId: PubTypesId }>;
 }) {
 	const searchParams = await props.searchParams;
 	const params = await props.params;
@@ -43,14 +43,13 @@ export default async function Page(props: {
 		notFound();
 	}
 
-	const canCreatePub = await userCan(
-		Capabilities.createPub,
-		{
-			type: MembershipType.community,
-			communityId: community.id,
-		},
-		user.id
-	);
+	const canCreatePub = await userCanCreatePub({
+		communityId: community.id,
+		userId: user.id,
+		pubTypeId: searchParams.pubTypeId,
+		// No formSlug because we're just checking if there are any authorized forms
+		// We validate that the user can create a pub with the specified form in the create action
+	});
 
 	if (!canCreatePub) {
 		redirect(`/c/${communitySlug}/unauthorized`);

core/app/components/pubs/PubEditor/actions.ts

@@ -1,20 +1,20 @@
 "use server";
 
 import type { JsonValue } from "contracts";
-import type { PubsId, StagesId, UsersId } from "db/public";
+import type { PubsId, PubTypesId, StagesId, UsersId } from "db/public";
 import { Capabilities, FormAccessType, MemberRole, MembershipType } from "db/public";
 import { logger } from "logger";
 
 import { db } from "~/kysely/database";
 import { getLoginData } from "~/lib/authentication/loginData";
 import { isCommunityAdmin } from "~/lib/authentication/roles";
-import { userCan } from "~/lib/authorization/capabilities";
+import { userCan, userCanCreatePub, userCanEditPub } from "~/lib/authorization/capabilities";
 import { parseRichTextForPubFieldsAndRelatedPubs } from "~/lib/fields/richText";
 import { createLastModifiedBy } from "~/lib/lastModifiedBy";
 import { ApiError, createPubRecursiveNew } from "~/lib/server";
 import { findCommunityBySlug } from "~/lib/server/community";
 import { defineServerAction } from "~/lib/server/defineServerAction";
-import { getForm, grantFormAccess, userHasPermissionToForm } from "~/lib/server/form";
+import { getForm, grantFormAccess } from "~/lib/server/form";
 import { deletePub, maybeWithTrx, normalizePubValues } from "~/lib/server/pub";
 import { PubOp } from "~/lib/server/pub-op";
 
@@ -34,21 +34,21 @@ export const createPubRecursive = defineServerAction(async function createPubRec
 	}
 	const { user } = loginData;
 
-	const [form, canCreatePub, canCreateFromForm] = await Promise.all([
+	const [form, canCreatePub] = await Promise.all([
 		formSlug
 			? await getForm({ communityId: props.communityId, slug: formSlug }).executeTakeFirst()
 			: null,
-		userCan(
-			Capabilities.createPub,
-			{ type: MembershipType.community, communityId: props.communityId },
-			user.id
-		),
-		formSlug ? userHasPermissionToForm({ formSlug, userId: loginData.user.id }) : false,
+		userCanCreatePub({
+			userId: user.id,
+			communityId: props.communityId,
+			formSlug,
+			pubTypeId: createPubProps.body.pubTypeId as PubTypesId,
+		}),
 	]);
 
 	const isPublicForm = form?.access === FormAccessType.public;
 
-	if (!canCreatePub && !canCreateFromForm && !isPublicForm) {
+	if (!canCreatePub && !isPublicForm) {
 		return ApiError.UNAUTHORIZED;
 	}
 
@@ -128,16 +128,7 @@ export const updatePub = defineServerAction(async function updatePub({
 		return ApiError.COMMUNITY_NOT_FOUND;
 	}
 
-	const [canUpdateFromForm, canUpdatePubValues] = await Promise.all([
-		formSlug ? userHasPermissionToForm({ formSlug, userId: loginData.user.id, pubId }) : false,
-		userCan(
-			Capabilities.updatePubValues,
-			{ type: MembershipType.pub, pubId },
-			loginData.user.id
-		),
-	]);
-
-	if (!canUpdatePubValues && !canUpdateFromForm) {
+	if (!userCanEditPub({ pubId, userId: loginData.user.id, formSlug })) {
 		return ApiError.UNAUTHORIZED;
 	}
 

core/lib/authorization/capabilities.db.test.ts

@@ -107,9 +107,6 @@ describe("Community membership grants appropriate capabilities", async () => {
 		Capabilities.movePub,
 		Capabilities.viewPub,
 		Capabilities.deletePub,
-		Capabilities.updatePubValues,
-		Capabilities.createRelatedPub,
-		Capabilities.editPubWithForm,
 		Capabilities.runAction,
 		Capabilities.seeExtraPubValues,
 	] as const;