Add options to change share visibility (#108)

Co-authored-by: cte <[email protected]>

Author: mrubens

apps/web/src/actions/analytics/events.ts

@@ -309,17 +309,24 @@ export const getTasks = async ({
   userId,
   taskId,
   allowCrossUserAccess = false,
+  skipAuth = false,
 }: {
   orgId?: string | null;
   userId?: string | null;
   taskId?: string | null;
   allowCrossUserAccess?: boolean;
+  skipAuth?: boolean;
 }): Promise<TaskWithUser[]> => {
-  const { effectiveUserId } = await authorizeAnalytics({
-    requestedOrgId: orgId,
-    requestedUserId: userId,
-    allowCrossUserAccess,
-  });
+  let effectiveUserId = userId;
+
+  if (!skipAuth) {
+    const authResult = await authorizeAnalytics({
+      requestedOrgId: orgId,
+      requestedUserId: userId,
+      allowCrossUserAccess,
+    });
+    effectiveUserId = authResult.effectiveUserId;
+  }
 
   if (!orgId) {
     return [];

apps/web/src/actions/taskSharing.ts

@@ -7,7 +7,8 @@ import {
   createTaskShareSchema,
   shareIdSchema,
 } from '@/types';
-import type { SharedByUser } from '@/types';
+import type { SharedByUser } from '@/types/task-sharing';
+import { TaskShareVisibility } from '@/types/task-sharing';
 import { type TaskShare, AuditLogTargetType } from '@/db';
 import { client as db, taskShares, users } from '@/db/server';
 import { handleError, generateShareToken } from '@/lib/server';
@@ -41,6 +42,7 @@ export async function canShareTask(taskId: string): Promise<{
   orgRole?: string;
 }> {
   try {
+    // Get authentication info
     const authResult = await authorize();
 
     if (!authResult.success) {
@@ -56,6 +58,7 @@ export async function canShareTask(taskId: string): Promise<{
         orgId,
         allowCrossUserAccess: true,
       });
+
       const task = tasks[0];
 
       if (!task) {
@@ -100,7 +103,11 @@ export async function createTaskShare(data: CreateTaskShareRequest) {
       return { success: false, error: 'Invalid request data' };
     }
 
-    const { taskId, expirationDays } = result.data;
+    const {
+      taskId,
+      expirationDays,
+      visibility = TaskShareVisibility.ORGANIZATION,
+    } = result.data;
 
     const orgSettingsData = await getOrganizationSettings();
 
@@ -142,6 +149,7 @@ export async function createTaskShare(data: CreateTaskShareRequest) {
           orgId,
           createdByUserId: userId,
           shareToken,
+          visibility,
           expiresAt,
         })
         .returning();
@@ -158,11 +166,12 @@ export async function createTaskShare(data: CreateTaskShareRequest) {
         newValue: {
           action: 'created',
           shareId: insertedShare[0].id,
+          visibility,
           expiresAt: expiresAt.toISOString(),
           taskOwnerId: task.userId,
           sharedByAdmin: orgRole === 'org:admin' && task.userId !== userId,
         },
-        description: `Created task share for task ${taskId}${
+        description: `Created ${visibility} task share for task ${taskId}${
           orgRole === 'org:admin' && task.userId !== userId
             ? ` (admin sharing task created by ${task.user.name})`
             : ''
@@ -182,8 +191,8 @@ export async function createTaskShare(data: CreateTaskShareRequest) {
 
     return {
       success: true,
-      message: 'Task share created successfully',
       data: { shareUrl, shareId: newShare.id, expiresAt },
+      message: 'Task share created successfully',
     };
   } catch (error) {
     return handleError(error, 'task_sharing');
@@ -198,18 +207,14 @@ export async function getTaskByShareToken(token: string): Promise<{
   messages: Message[];
   sharedBy: SharedByUser;
   sharedAt: Date;
+  visibility: string;
 } | null> {
   try {
-    const authResult = await authorize();
-
-    if (!authResult.success) {
-      throw new Error('Authentication required');
-    }
-
     if (!isValidShareToken(token)) {
       return null;
     }
 
+    // First, get the share without auth check to determine visibility
     const [shareWithUser] = await db
       .select({
         share: taskShares,
@@ -221,12 +226,7 @@ export async function getTaskByShareToken(token: string): Promise<{
       })
       .from(taskShares)
       .innerJoin(users, eq(taskShares.createdByUserId, users.id))
-      .where(
-        and(
-          eq(taskShares.shareToken, token),
-          eq(taskShares.orgId, authResult.orgId),
-        ),
-      )
+      .where(eq(taskShares.shareToken, token))
       .limit(1);
 
     if (!shareWithUser) {
@@ -239,12 +239,25 @@ export async function getTaskByShareToken(token: string): Promise<{
       return null;
     }
 
+    // Check visibility and auth requirements
+    if (share.visibility === TaskShareVisibility.ORGANIZATION) {
+      const authResult = await authorize();
+      const userId = authResult.success ? authResult.userId : null;
+      const orgId = authResult.success ? authResult.orgId : null;
+
+      if (!userId || !orgId || orgId !== share.orgId) {
+        throw new Error('Authentication required for organization shares');
+      }
+    }
+    // For public shares, no auth check needed
+
+    // Get task data based on visibility
     const tasks = await getTasks({
       taskId: share.taskId,
       orgId: share.orgId,
       allowCrossUserAccess: true,
+      skipAuth: share.visibility === TaskShareVisibility.PUBLIC, // Skip auth for public shares
     });
-
     const task = tasks[0];
 
     if (!task) {
@@ -258,6 +271,7 @@ export async function getTaskByShareToken(token: string): Promise<{
       messages,
       sharedBy: sharedByUser,
       sharedAt: share.createdAt,
+      visibility: share.visibility,
     };
   } catch (error) {
     console.error(
@@ -281,6 +295,7 @@ export async function deleteTaskShare(shareId: string) {
     }
 
     const { userId, orgId, orgRole } = authResult;
+
     const shareIdResult = shareIdSchema.safeParse(shareId);
 
     if (!shareIdResult.success) {

apps/web/src/app/api/extension/share/route.ts

@@ -1,18 +1,22 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { z } from 'zod';
 
-import { authorizeApi } from '@/actions/auth';
 import { createTaskShare } from '@/actions/taskSharing';
 import { getTasks } from '@/actions/analytics';
 import { getOrganizationSettings } from '@/actions/organizationSettings';
+import { authorize } from '@/actions/auth';
+import { TaskShareVisibility } from '@/types/task-sharing';
 
 const createShareRequestSchema = z.object({
   taskId: z.string().min(1, 'Task ID is required'),
+  visibility: z
+    .nativeEnum(TaskShareVisibility)
+    .default(TaskShareVisibility.ORGANIZATION),
 });
 
 export async function POST(request: NextRequest) {
   try {
-    const authResult = await authorizeApi(request);
+    const authResult = await authorize();
 
     if (!authResult.success) {
       return NextResponse.json(
@@ -33,7 +37,7 @@ export async function POST(request: NextRequest) {
       );
     }
 
-    const { taskId } = result.data;
+    const { taskId, visibility } = result.data;
 
     // Check if task sharing is enabled for the organization
     const orgSettings = await getOrganizationSettings();
@@ -59,7 +63,7 @@ export async function POST(request: NextRequest) {
       );
     }
 
-    const shareResponse = await createTaskShare({ taskId });
+    const shareResponse = await createTaskShare({ taskId, visibility });
 
     if (!shareResponse.success || !shareResponse.data) {
       return NextResponse.json(

…p/(authenticated)/share/[token]/page.tsx apps/web/src/app/share/[token]/page.tsxapps/web/src/app/(authenticated)/share/[token]/page.tsx renamed to apps/web/src/app/share/[token]/page.tsx apps/web/src/app/(authenticated)/share/[token]/page.tsx renamed to apps/web/src/app/share/[token]/page.tsx

@@ -1,19 +1,16 @@
 import { notFound, redirect } from 'next/navigation';
 
-import { authorize } from '@/actions/auth';
 import { getTaskByShareToken } from '@/actions/taskSharing';
-
 import { SharedTaskView } from '@/components/task-sharing/SharedTaskView';
+import { Badge } from '@/components/ui';
 
-type SharedTaskPageProps = { params: { token: string } };
+type SharedTaskPageProps = {
+  params: Promise<{
+    token: string;
+  }>;
+};
 
 export default async function SharedTaskPage({ params }: SharedTaskPageProps) {
-  const authResult = await authorize();
-
-  if (!authResult.success) {
-    redirect('/select-org');
-  }
-
   try {
     const { token } = await params;
     const result = await getTaskByShareToken(token);
@@ -22,13 +19,16 @@ export default async function SharedTaskPage({ params }: SharedTaskPageProps) {
       notFound();
     }
 
-    const { task, messages, sharedBy, sharedAt } = result;
+    const { task, messages, sharedBy, sharedAt, visibility } = result;
 
     return (
       <div className="container mx-auto py-6">
         <div className="mb-4">
           <div className="flex items-center gap-2 text-sm text-muted-foreground">
             <span>Shared Task</span>
+            {visibility === 'public' && (
+              <Badge variant="secondary">Public</Badge>
+            )}
           </div>
         </div>
         <SharedTaskView
@@ -40,22 +40,15 @@ export default async function SharedTaskPage({ params }: SharedTaskPageProps) {
       </div>
     );
   } catch (error) {
-    if (error instanceof Error && error.message.includes('Access denied')) {
-      return (
-        <div className="container mx-auto py-6">
-          <div className="text-center">
-            <h1 className="text-2xl font-bold text-destructive mb-4">
-              Access Denied
-            </h1>
-            <p className="text-muted-foreground mb-4">
-              You must be a member of the organization to view this shared task.
-            </p>
-            <p className="text-sm text-muted-foreground">
-              Please contact the person who shared this link to ensure you have
-              the correct organization access.
-            </p>
-          </div>
-        </div>
+    // Handle auth errors for org shares
+    if (
+      error instanceof Error &&
+      error.message.includes('Authentication required')
+    ) {
+      // For organization shares that require auth, redirect to sign-in
+      const { token } = await params;
+      redirect(
+        `/sign-in?redirect_url=${encodeURIComponent(`/share/${token}`)}`,
       );
     }
 
@@ -74,12 +67,14 @@ export async function generateMetadata({ params }: SharedTaskPageProps) {
       };
     }
 
-    const { task } = result;
+    const { task, visibility } = result;
     const title = task.title || `Task by ${task.user.name}`;
 
     return {
       title: `Shared Task: ${title}`,
-      description: `View shared task details and conversation history`,
+      description: `View shared task details and conversation history${
+        visibility === 'public' ? ' (Public)' : ''
+      }`,
     };
   } catch (_error) {
     return {