From 660b78d9e2bea922e46d675f6cb4e1a6e65fc0e0 Mon Sep 17 00:00:00 2001
From: Riccardo Re <kingrichard1980@gmail.com>
Date: Sun, 13 Sep 2020 19:53:31 +0200
Subject: [PATCH] fix: support permissions by tags for basic db search engine
 (#2416)

This code will allow the "search" component to correctly filter pages by usergroup permissions based on tags instead of paths

Co-authored-by: Riccardo Re <riccardo.re@clevermind.cloud>
---
 server/graph/resolvers/page.js     | 3 ++-
 server/modules/search/db/engine.js | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/server/graph/resolvers/page.js b/server/graph/resolvers/page.js
index 1d16a9e4..d1e60121 100644
--- a/server/graph/resolvers/page.js
+++ b/server/graph/resolvers/page.js
@@ -57,7 +57,8 @@ module.exports = {
           results: _.filter(resp.results, r => {
             return WIKI.auth.checkAccess(context.req.user, ['read:pages'], {
               path: r.path,
-              locale: r.locale
+              locale: r.locale,
+              tags: r.tags // Tags are needed since access permissions can be limited by page tags too
             })
           })
         }
diff --git a/server/modules/search/db/engine.js b/server/modules/search/db/engine.js
index 14bea0a4..04cb4280 100644
--- a/server/modules/search/db/engine.js
+++ b/server/modules/search/db/engine.js
@@ -21,7 +21,11 @@ module.exports = {
    */
   async query(q, opts) {
     const results = await WIKI.models.pages.query()
-      .column('id', 'title', 'description', 'path', 'localeCode as locale')
+      .column('pages.id', 'title', 'description', 'path', 'localeCode as locale')
+      .withGraphJoined('tags') // Adding page tags since they can be used to check resource access permissions
+      .modifyGraph('tags', builder => {
+        builder.select('tag')
+      })
       .where(builder => {
         builder.where('isPublished', true)
         if (opts.locale) {