cleanup + fix some policy problems

Brendonovich · Brendonovich · commit e7c26316f2be · 2025-10-07T15:44:04.000+08:00
diff --git a/packages/web-backend/src/Folders/FoldersPolicy.ts b/packages/web-backend/src/Folders/FoldersPolicy.ts
@@ -1,42 +1,32 @@
-import * as Db from "@cap/database/schema";
 import { type Folder, Policy } from "@cap/web-domain";
-import * as Dz from "drizzle-orm";
 import { Effect } from "effect";
 
 import { Database } from "../Database.ts";
+import { SpacesPolicy } from "../Spaces/SpacesPolicy.ts";
+import { FoldersRepo } from "./FoldersRepo.ts";
 
 export class FoldersPolicy extends Effect.Service<FoldersPolicy>()(
 	"FoldersPolicy",
 	{
 		effect: Effect.gen(function* () {
-			const db = yield* Database;
+			const repo = yield* FoldersRepo;
+			const spacesPolicy = yield* SpacesPolicy;
 
 			const canEdit = (id: Folder.FolderId) =>
 				Policy.policy((user) =>
 					Effect.gen(function* () {
-						const [folder] = yield* db.execute((db) =>
-							db.select().from(Db.folders).where(Dz.eq(Db.folders.id, id)),
+						const folder = yield* (yield* repo.getById(id)).pipe(
+							Effect.catchTag(
+								"NoSuchElementException",
+								() => new Policy.PolicyDeniedError(),
+							),
 						);
 
-						// All space members can edit space properties
-						if (!folder?.spaceId) {
-							return folder?.createdById === user.id;
-						}
+						if (folder.spaceId === null) return folder.createdById === user.id;
 
-						const { spaceId } = folder;
-						const [spaceMember] = yield* db.execute((db) =>
-							db
-								.select()
-								.from(Db.spaceMembers)
-								.where(
-									Dz.and(
-										Dz.eq(Db.spaceMembers.userId, user.id),
-										Dz.eq(Db.spaceMembers.spaceId, spaceId),
-									),
-								),
-						);
+						yield* spacesPolicy.isMember(folder.spaceId);
 
-						return spaceMember !== undefined;
+						return true;
 					}),
 				);
 
diff --git a/packages/web-backend/src/Folders/index.ts b/packages/web-backend/src/Folders/index.ts
@@ -130,66 +130,65 @@ export class Folders extends Effect.Service<Folders>()("Folders", {
 				folderId: Folder.FolderId,
 				data: Folder.FolderUpdate,
 			) {
-				const folder = yield* repo
+				const folder = yield* (yield* repo
 					.getById(folderId)
-					.pipe(
-						Policy.withPolicy(policy.canEdit(folderId)),
-						Effect.flatMap(
-							Effect.catchTag(
-								"NoSuchElementException",
-								() => new Folder.NotFoundError(),
-							),
-						),
-					);
+					.pipe(Policy.withPolicy(policy.canEdit(folderId)))).pipe(
+					Effect.catchTag(
+						"NoSuchElementException",
+						() => new Folder.NotFoundError(),
+					),
+				);
 
 				// If parentId is provided and not null, verify it exists and belongs to the same organization
-				if (!data.parentId) return;
-				const parentId = data.parentId;
-
-				// Check that we're not creating an immediate circular reference
-				if (parentId === folderId)
-					return yield* new Folder.RecursiveDefinitionError();
-
-				const parentFolder = yield* repo
-					.getById(parentId, {
-						organizationId: Organisation.OrganisationId.make(
-							folder.organizationId,
-						),
-					})
-					.pipe(
-						Policy.withPolicy(policy.canEdit(parentId)),
-						Effect.flatMap(
-							Effect.catchTag(
-								"NoSuchElementException",
-								() => new Folder.ParentNotFoundError(),
+				if (data.parentId && Option.isSome(data.parentId)) {
+					const parentId = data.parentId.value;
+					// Check that we're not creating an immediate circular reference
+					if (parentId === folderId)
+						return yield* new Folder.RecursiveDefinitionError();
+
+					const parentFolder = yield* repo
+						.getById(parentId, {
+							organizationId: Organisation.OrganisationId.make(
+								folder.organizationId,
 							),
-						),
-					);
+						})
+						.pipe(
+							Policy.withPolicy(policy.canEdit(parentId)),
+							Effect.flatMap(
+								Effect.catchTag(
+									"NoSuchElementException",
+									() => new Folder.ParentNotFoundError(),
+								),
+							),
+						);
 
-				// Check for circular references in the folder hierarchy
-				let currentParentId = parentFolder.parentId;
-				while (currentParentId) {
-					if (currentParentId === folderId)
-						return yield* new Folder.RecursiveDefinitionError();
+					// Check for circular references in the folder hierarchy
+					let currentParentId = parentFolder.parentId;
+					while (currentParentId) {
+						if (currentParentId === folderId)
+							return yield* new Folder.RecursiveDefinitionError();
 
-					const parentId = currentParentId;
-					const nextParent = yield* repo.getById(parentId, {
-						organizationId: Organisation.OrganisationId.make(
-							folder.organizationId,
-						),
-					});
+						const parentId = currentParentId;
+						const nextParent = yield* repo.getById(parentId, {
+							organizationId: Organisation.OrganisationId.make(
+								folder.organizationId,
+							),
+						});
 
-					if (Option.isNone(nextParent)) break;
-					currentParentId = nextParent.value.parentId;
+						if (Option.isNone(nextParent)) break;
+						currentParentId = nextParent.value.parentId;
+					}
 				}
 
 				yield* db.execute((db) =>
 					db
 						.update(Db.folders)
 						.set({
-							...(data.name ? { name: data.name } : {}),
-							...(data.color ? { color: data.color } : {}),
-							...(data.parentId ? { parentId: data.parentId } : {}),
+							name: data.name,
+							color: data.color,
+							parentId: data.parentId
+								? Option.getOrNull(data.parentId)
+								: undefined,
 						})
 						.where(Dz.eq(Db.folders.id, folderId)),
 				);
diff --git a/packages/web-backend/src/Spaces/SpacesPolicy.ts b/packages/web-backend/src/Spaces/SpacesPolicy.ts
@@ -12,10 +12,8 @@ export class SpacesPolicy extends Effect.Service<SpacesPolicy>()(
 			const repo = yield* SpacesRepo;
 
 			const hasMembership = (spaceId: string) =>
-				Policy.policy(
-					Effect.fn(function* (user) {
-						return Option.isSome(yield* repo.membership(user.id, spaceId));
-					}),
+				Policy.policy((user) =>
+					repo.membership(user.id, spaceId).pipe(Effect.map(Option.isSome)),
 				);
 
 			const isOwner = (spaceId: string) =>
diff --git a/packages/web-domain/src/Folder.ts b/packages/web-domain/src/Folder.ts
@@ -44,12 +44,13 @@ export class Folder extends Schema.Class<Folder>("Folder")({
 	parentId: Schema.OptionFromNullOr(FolderId),
 }) {}
 
-export class FolderUpdate extends Schema.Class<FolderUpdate>("FolderPatch")({
+export const FolderUpdate = Schema.Struct({
 	id: FolderId,
 	name: Schema.optional(Schema.String),
 	color: Schema.optional(FolderColor),
-	parentId: Schema.optional(FolderId),
-}) {}
+	parentId: Schema.optional(Schema.Option(FolderId)),
+});
+export type FolderUpdate = Schema.Schema.Type<typeof FolderUpdate>;
 
 export class FolderRpcs extends RpcGroup.make(
 	Rpc.make("FolderDelete", {
