vikunja-api/pkg/models/list_rights.go

// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-2020 Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.

package models

import (
	"code.vikunja.io/api/pkg/user"
	"code.vikunja.io/web"
	"xorm.io/builder"
)

// CanWrite return whether the user can write on that list or not
func (l *List) CanWrite(a web.Auth) (bool, error) {

	// Get the list and check the right
	originalList := &List{ID: l.ID}
	err := originalList.GetSimpleByID()
	if err != nil {
		return false, err
	}

	// We put the result of the is archived check in a separate variable to be able to return it later without
	// needing to recheck it again
	errIsArchived := originalList.CheckIsArchived()

	var canWrite bool

	// Check if we're dealing with a share auth
	shareAuth, ok := a.(*LinkSharing)
	if ok {
		return originalList.ID == shareAuth.ListID &&
			(shareAuth.Right == RightWrite || shareAuth.Right == RightAdmin), errIsArchived
	}

	// Check if the user is either owner or can write to the list
	if originalList.isOwner(&user.User{ID: a.GetID()}) {
		canWrite = true
	}

	if canWrite {
		return canWrite, errIsArchived
	}

	canWrite, err = originalList.checkRight(a, RightWrite, RightAdmin)
	if err != nil {
		return false, err
	}
	return canWrite, errIsArchived
}

// CanRead checks if a user has read access to a list
func (l *List) CanRead(a web.Auth) (bool, error) {
	// Check if the user is either owner or can read
	if err := l.GetSimpleByID(); err != nil {
		return false, err
	}

	// Check if we're dealing with a share auth
	shareAuth, ok := a.(*LinkSharing)
	if ok {
		return l.ID == shareAuth.ListID &&
			(shareAuth.Right == RightRead || shareAuth.Right == RightWrite || shareAuth.Right == RightAdmin), nil
	}

	if l.isOwner(&user.User{ID: a.GetID()}) {
		return true, nil
	}
	return l.checkRight(a, RightRead, RightWrite, RightAdmin)
}

// CanUpdate checks if the user can update a list
func (l *List) CanUpdate(a web.Auth) (canUpdate bool, err error) {
	canUpdate, err = l.CanWrite(a)
	// If the list is archived and the user tries to un-archive it, let the request through
	if IsErrListIsArchived(err) && !l.IsArchived {
		err = nil
	}
	return canUpdate, err
}

// CanDelete checks if the user can delete a list
func (l *List) CanDelete(a web.Auth) (bool, error) {
	return l.IsAdmin(a)
}

// CanCreate checks if the user can create a list
func (l *List) CanCreate(a web.Auth) (bool, error) {
	// A user can create a list if he has write access to the namespace
	n := &Namespace{ID: l.NamespaceID}
	return n.CanWrite(a)
}

// IsAdmin returns whether the user has admin rights on the list or not
func (l *List) IsAdmin(a web.Auth) (bool, error) {
	originalList := &List{ID: l.ID}
	err := originalList.GetSimpleByID()
	if err != nil {
		return false, err
	}

	// Check if we're dealing with a share auth
	shareAuth, ok := a.(*LinkSharing)
	if ok {
		return originalList.ID == shareAuth.ListID && shareAuth.Right == RightAdmin, nil
	}

	// Check all the things
	// Check if the user is either owner or can write to the list
	// Owners are always admins
	if originalList.isOwner(&user.User{ID: a.GetID()}) {
		return true, nil
	}
	return originalList.checkRight(a, RightAdmin)
}

// Little helper function to check if a user is list owner
func (l *List) isOwner(u *user.User) bool {
	return l.OwnerID == u.ID
}

// Checks n different rights for any given user
func (l *List) checkRight(a web.Auth, rights ...Right) (bool, error) {

	/*
			The following loop creates an sql condition like this one:

		    (ul.user_id = 1 AND ul.right = 1) OR (un.user_id = 1 AND un.right = 1) OR
			(tm.user_id = 1 AND tn.right = 1) OR (tm2.user_id = 1 AND tl.right = 1) OR

			for each passed right. That way, we can check with a single sql query (instead if 8)
			if the user has the right to see the list or not.
	*/

	var conds []builder.Cond
	for _, r := range rights {
		// User conditions
		// If the list was shared directly with the user and the user has the right
		conds = append(conds, builder.And(
			builder.Eq{"ul.user_id": a.GetID()},
			builder.Eq{"ul.right": r},
		))
		// If the namespace this list belongs to was shared directly with the user and the user has the right
		conds = append(conds, builder.And(
			builder.Eq{"un.user_id": a.GetID()},
			builder.Eq{"un.right": r},
		))

		// Team rights
		// If the list was shared directly with the team and the team has the right
		conds = append(conds, builder.And(
			builder.Eq{"tm2.user_id": a.GetID()},
			builder.Eq{"tl.right": r},
		))
		// If the namespace this list belongs to was shared directly with the team and the team has the right
		conds = append(conds, builder.And(
			builder.Eq{"tm.user_id": a.GetID()},
			builder.Eq{"tn.right": r},
		))
	}

	// If the user is the owner of a namespace, it has any right, all the time
	conds = append(conds, builder.Eq{"n.owner_id": a.GetID()})

	exists, err := x.Select("l.*").
		Table("list").
		Alias("l").
		// User stuff
		Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").
		Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").
		Join("LEFT", []string{"namespaces", "n"}, "n.id = l.namespace_id").
		// Team stuff
		Join("LEFT", []string{"team_namespaces", "tn"}, " l.namespace_id = tn.namespace_id").
		Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").
		Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").
		Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").
		// The actual condition
		Where(builder.And(
			builder.Or(
				conds...,
			),
			builder.Eq{"l.id": l.ID},
		)).
		Exist(&List{})
	return exists, err
}
Update copyright header 2020-02-07 17:27:45 +01:00			`// Vikunja is a to-do list application to facilitate your life.`
Update copyright year (#118) 2020-01-09 18:33:22 +01:00			`// Copyright 2018-2020 Vikunja and contributors. All rights reserved.`
Change License to GPLv3 (#26) 2018-11-26 21:17:33 +01:00			`//`
Consistent copyright text in file headers (#112) 2019-12-04 20:39:56 +01:00			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
Change License to GPLv3 (#26) 2018-11-26 21:17:33 +01:00			`//`
Consistent copyright text in file headers (#112) 2019-12-04 20:39:56 +01:00			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
Change License to GPLv3 (#26) 2018-11-26 21:17:33 +01:00			`//`
Consistent copyright text in file headers (#112) 2019-12-04 20:39:56 +01:00			`// You should have received a copy of the GNU General Public License`
			`// along with this program. If not, see <https://www.gnu.org/licenses/>.`
Change License to GPLv3 (#26) 2018-11-26 21:17:33 +01:00
Optimized right checking + list.ReadAll now really gets all lists 2018-07-12 21:07:59 +02:00			`package models`

New structure (#7) 2018-10-31 13:42:38 +01:00			`import (`
Refactor User and DB handling (#123) fix copyright date Add more user tests More user tests More user tests Start refactoring user tests Docs Fix lint Fix db fixtures init in tests Fix models test Fix loading fixtures Fix ineffasign Fix lint Fix integration tests Fix init of test engine creation Fix user related tests Better handling of creating test enging Moved all fixtures to db package Moved all fixtures to db package Moved user related stuff to seperate package Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/123 2020-01-26 18:08:06 +01:00			`"code.vikunja.io/api/pkg/user"`
Move the crudhandler to own repo (#27) 2018-12-01 00:26:56 +01:00			`"code.vikunja.io/web"`
Update xorm to use the new import path (#133) Fix ineffassign Fix getting all labels including the ones not associated to a task Signed-off-by: kolaente <k@knt.li> Fix logging sql queries Signed-off-by: kolaente <k@knt.li> Start fixing getting all labels Update xormigrate Update xorm to use the new import path Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/133 2020-02-14 17:34:25 +01:00			`"xorm.io/builder"`
New structure (#7) 2018-10-31 13:42:38 +01:00			`)`

Optimized right checking + list.ReadAll now really gets all lists 2018-07-12 21:07:59 +02:00			`// CanWrite return whether the user can write on that list or not`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`func (l *List) CanWrite(a web.Auth) (bool, error) {`
Move the crudhandler to own repo (#27) 2018-12-01 00:26:56 +01:00
Fixed rights check on lists and namespaces (#62) 2019-03-08 22:31:37 +01:00			`// Get the list and check the right`
			`originalList := &List{ID: l.ID}`
			`err := originalList.GetSimpleByID()`
			`if err != nil {`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`return false, err`
Fixed rights check on lists and namespaces (#62) 2019-03-08 22:31:37 +01:00			`}`

Add support for archiving lists and namespaces (#152) Add query param to get all lists including archived ones Add query param to get all namespaces including archived ones Fix getting lists by namespace only not archived lists Fix misspell Fix lint Merge branch 'master' into feature/archive-lists-namespaces Add docs for error codes Fix archive error codes Don't let archived lists show up in general lists Fix updating description Fix updating lists with link shares More comments Fix un-archiving lists Move check for archiving a list to canWrite Check Add more tests Add more checks Add checks for namespaces and lists Add namespace edit Add tests Add migrations and filter Add basic tests Add is archived property to lists and namespaces Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/152 2020-03-15 22:50:39 +01:00			`// We put the result of the is archived check in a separate variable to be able to return it later without`
			`// needing to recheck it again`
			`errIsArchived := originalList.CheckIsArchived()`

			`var canWrite bool`

Sharing of lists via public links (#94) 2019-08-31 22:56:41 +02:00			`// Check if we're dealing with a share auth`
			`shareAuth, ok := a.(*LinkSharing)`
			`if ok {`
			`return originalList.ID == shareAuth.ListID &&`
Add support for archiving lists and namespaces (#152) Add query param to get all lists including archived ones Add query param to get all namespaces including archived ones Fix getting lists by namespace only not archived lists Fix misspell Fix lint Merge branch 'master' into feature/archive-lists-namespaces Add docs for error codes Fix archive error codes Don't let archived lists show up in general lists Fix updating description Fix updating lists with link shares More comments Fix un-archiving lists Move check for archiving a list to canWrite Check Add more tests Add more checks Add checks for namespaces and lists Add namespace edit Add tests Add migrations and filter Add basic tests Add is archived property to lists and namespaces Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/152 2020-03-15 22:50:39 +01:00			`(shareAuth.Right == RightWrite \|\| shareAuth.Right == RightAdmin), errIsArchived`
Sharing of lists via public links (#94) 2019-08-31 22:56:41 +02:00			`}`

Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// Check if the user is either owner or can write to the list`
Refactor User and DB handling (#123) fix copyright date Add more user tests More user tests More user tests Start refactoring user tests Docs Fix lint Fix db fixtures init in tests Fix models test Fix loading fixtures Fix ineffasign Fix lint Fix integration tests Fix init of test engine creation Fix user related tests Better handling of creating test enging Moved all fixtures to db package Moved all fixtures to db package Moved user related stuff to seperate package Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/123 2020-01-26 18:08:06 +01:00			`if originalList.isOwner(&user.User{ID: a.GetID()}) {`
Add support for archiving lists and namespaces (#152) Add query param to get all lists including archived ones Add query param to get all namespaces including archived ones Fix getting lists by namespace only not archived lists Fix misspell Fix lint Merge branch 'master' into feature/archive-lists-namespaces Add docs for error codes Fix archive error codes Don't let archived lists show up in general lists Fix updating description Fix updating lists with link shares More comments Fix un-archiving lists Move check for archiving a list to canWrite Check Add more tests Add more checks Add checks for namespaces and lists Add namespace edit Add tests Add migrations and filter Add basic tests Add is archived property to lists and namespaces Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/152 2020-03-15 22:50:39 +01:00			`canWrite = true`
			`}`

			`if canWrite {`
			`return canWrite, errIsArchived`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`}`

Add support for archiving lists and namespaces (#152) Add query param to get all lists including archived ones Add query param to get all namespaces including archived ones Fix getting lists by namespace only not archived lists Fix misspell Fix lint Merge branch 'master' into feature/archive-lists-namespaces Add docs for error codes Fix archive error codes Don't let archived lists show up in general lists Fix updating description Fix updating lists with link shares More comments Fix un-archiving lists Move check for archiving a list to canWrite Check Add more tests Add more checks Add checks for namespaces and lists Add namespace edit Add tests Add migrations and filter Add basic tests Add is archived property to lists and namespaces Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/152 2020-03-15 22:50:39 +01:00			`canWrite, err = originalList.checkRight(a, RightWrite, RightAdmin)`
			`if err != nil {`
			`return false, err`
			`}`
			`return canWrite, errIsArchived`
Optimized right checking + list.ReadAll now really gets all lists 2018-07-12 21:07:59 +02:00			`}`

			`// CanRead checks if a user has read access to a list`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`func (l *List) CanRead(a web.Auth) (bool, error) {`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// Check if the user is either owner or can read`
Refactored canRead method to get the list before checking the right (#65) 2019-03-24 14:17:36 +01:00			`if err := l.GetSimpleByID(); err != nil {`
			`return false, err`
			`}`
Sharing of lists via public links (#94) 2019-08-31 22:56:41 +02:00
			`// Check if we're dealing with a share auth`
			`shareAuth, ok := a.(*LinkSharing)`
			`if ok {`
			`return l.ID == shareAuth.ListID &&`
			`(shareAuth.Right == RightRead \|\| shareAuth.Right == RightWrite \|\| shareAuth.Right == RightAdmin), nil`
			`}`

Refactor User and DB handling (#123) fix copyright date Add more user tests More user tests More user tests Start refactoring user tests Docs Fix lint Fix db fixtures init in tests Fix models test Fix loading fixtures Fix ineffasign Fix lint Fix integration tests Fix init of test engine creation Fix user related tests Better handling of creating test enging Moved all fixtures to db package Moved all fixtures to db package Moved user related stuff to seperate package Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/123 2020-01-26 18:08:06 +01:00			`if l.isOwner(&user.User{ID: a.GetID()}) {`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`return true, nil`
			`}`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`return l.checkRight(a, RightRead, RightWrite, RightAdmin)`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`}`
Task assignees (#44) 2018-12-29 15:29:50 +01:00
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// CanUpdate checks if the user can update a list`
Add support for archiving lists and namespaces (#152) Add query param to get all lists including archived ones Add query param to get all namespaces including archived ones Fix getting lists by namespace only not archived lists Fix misspell Fix lint Merge branch 'master' into feature/archive-lists-namespaces Add docs for error codes Fix archive error codes Don't let archived lists show up in general lists Fix updating description Fix updating lists with link shares More comments Fix un-archiving lists Move check for archiving a list to canWrite Check Add more tests Add more checks Add checks for namespaces and lists Add namespace edit Add tests Add migrations and filter Add basic tests Add is archived property to lists and namespaces Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/152 2020-03-15 22:50:39 +01:00			`func (l *List) CanUpdate(a web.Auth) (canUpdate bool, err error) {`
			`canUpdate, err = l.CanWrite(a)`
			`// If the list is archived and the user tries to un-archive it, let the request through`
			`if IsErrListIsArchived(err) && !l.IsArchived {`
			`err = nil`
			`}`
			`return canUpdate, err`
Optimized right checking + list.ReadAll now really gets all lists 2018-07-12 21:07:59 +02:00			`}`
Implemented CanDelete method for lists and listitems 2018-07-12 21:20:24 +02:00
			`// CanDelete checks if the user can delete a list`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`func (l *List) CanDelete(a web.Auth) (bool, error) {`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`return l.IsAdmin(a)`
Implemented CanUpdate method 2018-07-12 23:07:03 +02:00			`}`
Implemented CanCreate method 2018-07-12 23:16:32 +02:00
Sharing of lists via public links (#94) 2019-08-31 22:56:41 +02:00			`// CanCreate checks if the user can create a list`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`func (l *List) CanCreate(a web.Auth) (bool, error) {`
Implemented CanCreate method 2018-07-12 23:16:32 +02:00			`// A user can create a list if he has write access to the namespace`
Fixed rights check on lists and namespaces (#62) 2019-03-08 22:31:37 +01:00			`n := &Namespace{ID: l.NamespaceID}`
Move the crudhandler to own repo (#27) 2018-12-01 00:26:56 +01:00			`return n.CanWrite(a)`
Implemented CanCreate method 2018-07-12 23:16:32 +02:00			`}`
Implemented proper check for team rights on lists 2018-07-25 00:40:24 +02:00
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// IsAdmin returns whether the user has admin rights on the list or not`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`func (l *List) IsAdmin(a web.Auth) (bool, error) {`
Fixed rights check on lists and namespaces (#62) 2019-03-08 22:31:37 +01:00			`originalList := &List{ID: l.ID}`
			`err := originalList.GetSimpleByID()`
			`if err != nil {`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`return false, err`
Fixed rights check on lists and namespaces (#62) 2019-03-08 22:31:37 +01:00			`}`

Sharing of lists via public links (#94) 2019-08-31 22:56:41 +02:00			`// Check if we're dealing with a share auth`
			`shareAuth, ok := a.(*LinkSharing)`
			`if ok {`
			`return originalList.ID == shareAuth.ListID && shareAuth.Right == RightAdmin, nil`
			`}`

Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// Check all the things`
			`// Check if the user is either owner or can write to the list`
			`// Owners are always admins`
Refactor User and DB handling (#123) fix copyright date Add more user tests More user tests More user tests Start refactoring user tests Docs Fix lint Fix db fixtures init in tests Fix models test Fix loading fixtures Fix ineffasign Fix lint Fix integration tests Fix init of test engine creation Fix user related tests Better handling of creating test enging Moved all fixtures to db package Moved all fixtures to db package Moved user related stuff to seperate package Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/123 2020-01-26 18:08:06 +01:00			`if originalList.isOwner(&user.User{ID: a.GetID()}) {`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`return true, nil`
			`}`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`return originalList.checkRight(a, RightAdmin)`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`}`

			`// Little helper function to check if a user is list owner`
Refactor User and DB handling (#123) fix copyright date Add more user tests More user tests More user tests Start refactoring user tests Docs Fix lint Fix db fixtures init in tests Fix models test Fix loading fixtures Fix ineffasign Fix lint Fix integration tests Fix init of test engine creation Fix user related tests Better handling of creating test enging Moved all fixtures to db package Moved all fixtures to db package Moved user related stuff to seperate package Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/123 2020-01-26 18:08:06 +01:00			`func (l List) isOwner(u user.User) bool {`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`return l.OwnerID == u.ID`
Implemented proper check for team rights on lists 2018-07-25 00:40:24 +02:00			`}`
List rights are now respected 2018-09-06 08:42:18 +02:00
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// Checks n different rights for any given user`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`func (l *List) checkRight(a web.Auth, rights ...Right) (bool, error) {`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00
			`/*`
			`The following loop creates an sql condition like this one:`

			`(ul.user_id = 1 AND ul.right = 1) OR (un.user_id = 1 AND un.right = 1) OR`
			`(tm.user_id = 1 AND tn.right = 1) OR (tm2.user_id = 1 AND tl.right = 1) OR`

			`for each passed right. That way, we can check with a single sql query (instead if 8)`
			`if the user has the right to see the list or not.`
			`*/`

			`var conds []builder.Cond`
			`for _, r := range rights {`
			`// User conditions`
			`// If the list was shared directly with the user and the user has the right`
			`conds = append(conds, builder.And(`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`builder.Eq{"ul.user_id": a.GetID()},`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`builder.Eq{"ul.right": r},`
			`))`
			`// If the namespace this list belongs to was shared directly with the user and the user has the right`
			`conds = append(conds, builder.And(`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`builder.Eq{"un.user_id": a.GetID()},`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`builder.Eq{"un.right": r},`
			`))`

			`// Team rights`
			`// If the list was shared directly with the team and the team has the right`
			`conds = append(conds, builder.And(`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`builder.Eq{"tm2.user_id": a.GetID()},`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`builder.Eq{"tl.right": r},`
			`))`
			`// If the namespace this list belongs to was shared directly with the team and the team has the right`
			`conds = append(conds, builder.And(`
Use the auth methods to get IDs to avoid unneeded casts 2019-06-28 10:21:48 +02:00			`builder.Eq{"tm.user_id": a.GetID()},`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`builder.Eq{"tn.right": r},`
			`))`
			`}`

Refactor ListTask to Task (#92) 2019-08-14 22:19:04 +02:00			`// If the user is the owner of a namespace, it has any right, all the time`
			`conds = append(conds, builder.Eq{"n.owner_id": a.GetID()})`

List rights are now respected 2018-09-06 08:42:18 +02:00			`exists, err := x.Select("l.*").`
			`Table("list").`
			`Alias("l").`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// User stuff`
List rights are now respected 2018-09-06 08:42:18 +02:00			`Join("LEFT", []string{"users_namespace", "un"}, "un.namespace_id = l.namespace_id").`
			`Join("LEFT", []string{"users_list", "ul"}, "ul.list_id = l.id").`
Fixed a bug where a user didn't had access to lists which are not his own, but part of a namespace he owns 2018-09-12 19:56:07 +02:00			`Join("LEFT", []string{"namespaces", "n"}, "n.id = l.namespace_id").`
Rights performance improvements for lists and namespaces (#54) 2019-01-21 23:08:04 +01:00			`// Team stuff`
			`Join("LEFT", []string{"team_namespaces", "tn"}, " l.namespace_id = tn.namespace_id").`
			`Join("LEFT", []string{"team_members", "tm"}, "tm.team_id = tn.team_id").`
			`Join("LEFT", []string{"team_list", "tl"}, "l.id = tl.list_id").`
			`Join("LEFT", []string{"team_members", "tm2"}, "tm2.team_id = tl.team_id").`
			`// The actual condition`
			`Where(builder.And(`
			`builder.Or(`
			`conds...,`
			`),`
			`builder.Eq{"l.id": l.ID},`
			`)).`
Fixed a bug where a user didn't had access to lists which are not his own, but part of a namespace he owns 2018-09-12 19:56:07 +02:00			`Exist(&List{})`
Let rights methods return errors (#64) 2019-03-24 13:35:50 +01:00			`return exists, err`
List rights are now respected 2018-09-06 08:42:18 +02:00			`}`