fix: change storymap viewer access level when it is embed mode. (#4160)

* fix: change storymap viewer access level when it is embed mode.

* fix: removed comment

.changeset/pretty-toes-remain.md

@@ -0,0 +1,5 @@
+---
+"geohub": patch
+---
+
+fix: change storymap viewer access level when it is embed mode.

sites/geohub/src/lib/server/helpers/loadStorymapById.ts

@@ -2,41 +2,69 @@ import { AccessLevel, Permission } from '$lib/config/AppConfig';
 import { getDomainFromEmail } from '$lib/helper';
 import type { StoryMapConfig } from '$lib/types';
 import { error } from '@sveltejs/kit';
+import DatabaseManager from '../DatabaseManager';
+import StorymapManager from '../StorymapManager';
+import { isSuperuser } from './isSuperuser';
 
 export const loadStorymapById = async (
 	id: string,
 	user_email: string,
 	socialImage: string,
-	fetch: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>
+	url: URL,
+	embed = false
 ) => {
-	const res = await fetch(`/api/storymaps/${id}`);
-
-	if (!res.ok) {
-		if (res.status === 403) {
-			error(res.status, { message: 'No permission to access' });
-		} else if (res.status === 404) {
-			error(res.status, { message: 'No storymap found' });
-		} else {
-			error(res.status, { message: res.statusText });
-		}
+	let is_superuser = false;
+	if (user_email) {
+		is_superuser = await isSuperuser(user_email);
 	}
 
-	const storymap: StoryMapConfig = await res.json();
+	let storymap: StoryMapConfig | undefined;
 
-	const accessLevel = storymap.access_level;
-	if (accessLevel === AccessLevel.PRIVATE) {
-		if (!(storymap.permission && storymap.permission >= Permission.READ)) {
-			error(403, { message: 'Permission error' });
+	const dbm = new DatabaseManager();
+	const client = await dbm.start();
+	try {
+		const sm = new StorymapManager();
+		storymap = await sm.getById(client, id, is_superuser, user_email);
+		if (!storymap) {
+			error(404, { message: `No storymap found.` });
 		}
-	} else if (accessLevel === AccessLevel.ORGANIZATION) {
-		let domain = '';
-		if (user_email) {
-			domain = getDomainFromEmail(user_email);
+
+		if (storymap.style) {
+			storymap.style = `${url.origin}${storymap.style}`;
 		}
-		if (!(domain && storymap.created_user && storymap.created_user.indexOf(domain) > -1)) {
+		storymap.chapters.forEach((ch) => {
+			ch.style = `${url.origin}${ch.style}`;
+		});
+
+		storymap.links = storymap.links?.map((l) => {
+			const _url = new URL(decodeURI(l.href), url.origin);
+			const subUrl = _url.searchParams.get('url');
+			if (subUrl) {
+				_url.searchParams.set('url', new URL(subUrl, url.origin).href);
+			}
+			l.href = decodeURI(_url.href);
+			return l;
+		});
+	} finally {
+		dbm.end();
+	}
+
+	if (!embed) {
+		const accessLevel = storymap.access_level;
+		if (accessLevel === AccessLevel.PRIVATE) {
 			if (!(storymap.permission && storymap.permission >= Permission.READ)) {
 				error(403, { message: 'Permission error' });
 			}
+		} else if (accessLevel === AccessLevel.ORGANIZATION) {
+			let domain = '';
+			if (user_email) {
+				domain = getDomainFromEmail(user_email);
+			}
+			if (!(domain && storymap.created_user && storymap.created_user.indexOf(domain) > -1)) {
+				if (!(storymap.permission && storymap.permission >= Permission.READ)) {
+					error(403, { message: 'Permission error' });
+				}
+			}
 		}
 	}
 

sites/geohub/src/routes/(app)/storymaps/[[id]]/edit/+page.server.ts

@@ -39,7 +39,7 @@ export const load: PageServerLoad = async ({ params, parent, fetch, url }) => {
 	}
 
 	const user_email = user?.email as string;
-	const res = await loadStorymapById(id, user_email, socialImage, fetch);
+	const res = await loadStorymapById(id, user_email, socialImage, url);
 
 	return {
 		...res

sites/geohub/src/routes/(app)/storymaps/[id]/+page.server.ts

@@ -2,11 +2,11 @@ import type { PageServerLoad } from './$types';
 import { loadStorymapById } from '$lib/server/helpers/loadStorymapById';
 
 export const load: PageServerLoad = async (event) => {
-	const { params, parent, fetch } = event;
+	const { params, parent, url } = event;
 	const { session, socialImage } = await parent();
 	const user = session?.user;
 	const id = params.id;
 	const user_email = user?.email as string;
-	const res = await loadStorymapById(id, user_email, socialImage, fetch);
+	const res = await loadStorymapById(id, user_email, socialImage, url);
 	return res;
 };

sites/geohub/src/routes/(app)/storymaps/[id]/viewer/+page.server.ts

@@ -1,11 +1,14 @@
 import type { PageServerLoad } from './$types';
 import { loadStorymapById } from '$lib/server/helpers/loadStorymapById';
 
-export const load: PageServerLoad = async ({ fetch, params, parent }) => {
+export const load: PageServerLoad = async ({ params, parent, url }) => {
 	const { session, socialImage } = await parent();
 	const user = session?.user;
 	const id = params.id;
 	const user_email = user?.email as string;
-	const res = await loadStorymapById(id, user_email, socialImage, fetch);
+
+	const embed = url.searchParams.get('embed');
+	const isEmbed = embed && embed.toLowerCase() === 'true' ? true : false;
+	const res = await loadStorymapById(id, user_email, socialImage, url, isEmbed);
 	return res;
 };