feat: Collab access control (AppFlowy-IO#120)

* chore: check collab message with access permission

* chore: imple collab permission service

* refactor: migrations

* chore: collab member ops

* chore: collab permission

* chore: update can edit workspace collab

* chore: fix test

* feat: fetch collab members

* chore: fix test

* chore: fix client api

* chore: check permission for collab storage proxy

Cargo.toml

@@ -14,6 +14,7 @@ actix-web-actors = { version = "4.2.0" }
 actix-service = "2.0.2"
 actix-identity = "0.6.0"
 actix-cors = "0.6.4"
+actix-router = "0.5.1"
 actix-session = { version = "0.8", features = ["redis-rs-tls-session"] }
 openssl = "0.10.45"
 

libs/client-api/src/http.rs

@@ -2,8 +2,9 @@ use crate::notify::{ClientToken, TokenStateReceiver};
 use anyhow::{anyhow, Context};
 use bytes::Bytes;
 use database_entity::{
-  AFBlobRecord, AFUserProfileView, AFWorkspaceMember, BatchQueryCollabParams,
-  BatchQueryCollabResult, InsertCollabParams,
+  AFBlobRecord, AFCollabMember, AFCollabMembers, AFUserProfileView, AFWorkspaceMember,
+  BatchQueryCollabParams, BatchQueryCollabResult, CollabMemberIdentify, InsertCollabMemberParams,
+  InsertCollabParams, QueryCollabMembers, UpdateCollabMemberParams,
 };
 use database_entity::{AFWorkspaces, QueryCollabParams};
 use database_entity::{DeleteCollabParams, RawData};
@@ -321,7 +322,7 @@ impl Client {
   }
 
   #[instrument(level = "debug", skip_all, err)]
-  pub async fn profile(&self) -> Result<AFUserProfileView, AppError> {
+  pub async fn get_profile(&self) -> Result<AFUserProfileView, AppError> {
     let url = format!("{}/api/user/profile", self.base_url);
     let resp = self
       .http_client_with_auth(Method::GET, &url)
@@ -334,7 +335,7 @@ impl Client {
   }
 
   #[instrument(level = "debug", skip_all, err)]
-  pub async fn workspaces(&self) -> Result<AFWorkspaces, AppError> {
+  pub async fn get_workspaces(&self) -> Result<AFWorkspaces, AppError> {
     let url = format!("{}/api/workspace/list", self.base_url);
     let resp = self
       .http_client_with_auth(Method::GET, &url)
@@ -597,6 +598,94 @@ impl Client {
     AppResponse::<()>::from_response(resp).await?.into_error()
   }
 
+  #[instrument(level = "debug", skip_all, err)]
+  pub async fn add_collab_member(&self, params: InsertCollabMemberParams) -> Result<(), AppError> {
+    let url = format!(
+      "{}/api/workspace/{}/collab/{}/member",
+      self.base_url, params.workspace_id, &params.object_id
+    );
+    let resp = self
+      .http_client_with_auth(Method::POST, &url)
+      .await?
+      .json(&params)
+      .send()
+      .await?;
+    AppResponse::<()>::from_response(resp).await?.into_error()
+  }
+
+  #[instrument(level = "debug", skip_all, err)]
+  pub async fn get_collab_member(
+    &self,
+    params: CollabMemberIdentify,
+  ) -> Result<AFCollabMember, AppError> {
+    let url = format!(
+      "{}/api/workspace/{}/collab/{}/member",
+      self.base_url, params.workspace_id, &params.object_id
+    );
+    let resp = self
+      .http_client_with_auth(Method::GET, &url)
+      .await?
+      .json(&params)
+      .send()
+      .await?;
+    AppResponse::<AFCollabMember>::from_response(resp)
+      .await?
+      .into_data()
+  }
+
+  #[instrument(level = "debug", skip_all, err)]
+  pub async fn update_collab_member(
+    &self,
+    params: UpdateCollabMemberParams,
+  ) -> Result<(), AppError> {
+    let url = format!(
+      "{}/api/workspace/{}/collab/{}/member",
+      self.base_url, params.workspace_id, &params.object_id
+    );
+    let resp = self
+      .http_client_with_auth(Method::PUT, &url)
+      .await?
+      .json(&params)
+      .send()
+      .await?;
+    AppResponse::<()>::from_response(resp).await?.into_error()
+  }
+
+  #[instrument(level = "debug", skip_all, err)]
+  pub async fn remove_collab_member(&self, params: CollabMemberIdentify) -> Result<(), AppError> {
+    let url = format!(
+      "{}/api/workspace/{}/collab/{}/member",
+      self.base_url, params.workspace_id, &params.object_id
+    );
+    let resp = self
+      .http_client_with_auth(Method::DELETE, &url)
+      .await?
+      .json(&params)
+      .send()
+      .await?;
+    AppResponse::<()>::from_response(resp).await?.into_error()
+  }
+
+  #[instrument(level = "debug", skip_all, err)]
+  pub async fn get_collab_members(
+    &self,
+    params: QueryCollabMembers,
+  ) -> Result<AFCollabMembers, AppError> {
+    let url = format!(
+      "{}/api/workspace/{}/collab/{}/member/list",
+      self.base_url, params.workspace_id, &params.object_id
+    );
+    let resp = self
+      .http_client_with_auth(Method::GET, &url)
+      .await?
+      .json(&params)
+      .send()
+      .await?;
+    AppResponse::<AFCollabMembers>::from_response(resp)
+      .await?
+      .into_data()
+  }
+
   pub fn ws_url(&self, device_id: &str) -> Result<String, AppError> {
     let access_token = self.access_token()?;
     Ok(format!("{}/{}/{}", self.ws_addr, access_token, device_id))

libs/database-entity/Cargo.toml

@@ -15,3 +15,5 @@ chrono = {version="0.4",features = ["serde"]}
 uuid = { version = "1.4.1", features = ["serde", "v4"] }
 thiserror = "1.0.47"
 anyhow = "1.0.75"
+tracing = "0.1"
+serde_repr = "0.1.16"

libs/database-entity/src/database_error.rs

@@ -3,8 +3,8 @@ use std::borrow::Cow;
 
 #[derive(Debug, thiserror::Error)]
 pub enum DatabaseError {
-  #[error("Record not found")]
-  RecordNotFound,
+  #[error("Record not found:{0}")]
+  RecordNotFound(String),
 
   #[error(transparent)]
   UnexpectedData(#[from] validator::ValidationErrors),
@@ -33,14 +33,16 @@ pub enum DatabaseError {
 
 impl DatabaseError {
   pub fn is_not_found(&self) -> bool {
-    matches!(self, Self::RecordNotFound)
+    matches!(self, Self::RecordNotFound(_))
   }
 }
 
 impl From<sqlx::Error> for DatabaseError {
   fn from(value: sqlx::Error) -> Self {
     match value {
-      Error::RowNotFound => DatabaseError::RecordNotFound,
+      Error::RowNotFound => {
+        DatabaseError::RecordNotFound("Can't find the row in the database".to_string())
+      },
       _ => DatabaseError::SqlxError(value),
     }
   }