chore: update find shortcut

api/shortcut.go

@@ -74,10 +74,11 @@ type ShortcutFind struct {
 	WorkspaceID *int `json:"workspaceId"`
 
 	// Domain specific fields
-	Name        *string     `json:"name"`
-	Link        *string     `json:"link"`
-	Description *string     `json:"description"`
-	Visibility  *Visibility `json:"visibility"`
+	Name           *string
+	Link           *string
+	Description    *string
+	MemberID       *int
+	VisibilityList []Visibility
 }
 
 type ShortcutDelete struct {

server/shortcut.go

@@ -66,8 +66,12 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 
 	g.GET("/shortcut", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		shortcutFind := &api.ShortcutFind{}
+		userID, ok := c.Get(getUserIDContextKey()).(int)
+		if !ok {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
+		}
 
+		shortcutFind := &api.ShortcutFind{}
 		if workspaceID, err := strconv.Atoi(c.QueryParam("workspaceId")); err == nil {
 			shortcutFind.WorkspaceID = &workspaceID
 		}
@@ -78,10 +82,24 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 			shortcutFind.Link = &link
 		}
 
-		list, err := s.Store.FindShortcutList(ctx, shortcutFind)
+		list := []*api.Shortcut{}
+		if shortcutFind.WorkspaceID == nil {
+			shortcutFind.MemberID = &userID
+		}
+		shortcutFind.VisibilityList = []api.Visibility{api.VisibilityWorkspace, api.VisibilityPublic}
+		visibleShortcutList, err := s.Store.FindShortcutList(ctx, shortcutFind)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch shortcut list").SetInternal(err)
 		}
+		list = append(list, visibleShortcutList...)
+
+		shortcutFind.VisibilityList = []api.Visibility{api.VisibilityPrivite}
+		shortcutFind.CreatorID = &userID
+		privateShortcutList, err := s.Store.FindShortcutList(ctx, shortcutFind)
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch private shortcut list").SetInternal(err)
+		}
+		list = append(list, privateShortcutList...)
 
 		c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)
 		if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(list)); err != nil {

server/workspace.go

@@ -125,6 +125,10 @@ func (s *Server) registerWorkspaceRoutes(g *echo.Group) {
 				return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
 			}
 
+			if shortcut.Visibility == api.VisibilityPrivite && shortcut.CreatorID != userID {
+				return echo.NewHTTPError(http.StatusUnauthorized, "not shortcut owner")
+			}
+
 			workspaceUser, err := s.Store.FindWordspaceUser(ctx, &api.WorkspaceUserFind{
 				WorkspaceID: &workspace.ID,
 				UserID:      &userID,

store/shortcut.go

@@ -269,8 +269,16 @@ func findShortcutList(ctx context.Context, tx *sql.Tx, find *api.ShortcutFind) (
 	if v := find.Description; v != nil {
 		where, args = append(where, "description = ?"), append(args, *v)
 	}
-	if v := find.Visibility; v != nil {
-		where, args = append(where, "visibility = ?"), append(args, *v)
+	if v := find.VisibilityList; len(v) != 0 {
+		list := []string{}
+		for _, visibility := range v {
+			list = append(list, fmt.Sprintf("$%d", len(args)+1))
+			args = append(args, visibility)
+		}
+		where = append(where, fmt.Sprintf("visibility in (%s)", strings.Join(list, ",")))
+	}
+	if v := find.MemberID; v != nil {
+		where, args = append(where, "workspace_id IN (SELECT workspace_id FROM workspace_user WHERE user_id = ? )"), append(args, *v)
 	}
 
 	rows, err := tx.QueryContext(ctx, `