From 358ae4662710c1bededfd714ae1b0b3368812573 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 3 Nov 2022 19:08:44 +0200
Subject: [PATCH 1/5] Began work on copy to for library nodes

---
 .../api/library/methods/copyLibraryNodeTo.js  | 100 ++++++++++++++++++
 .../library/methods/duplicateLibraryNode.js   |   2 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 app/imports/api/library/methods/copyLibraryNodeTo.js

diff --git a/app/imports/api/library/methods/copyLibraryNodeTo.js b/app/imports/api/library/methods/copyLibraryNodeTo.js
new file mode 100644
index 00000000..e87eb5e2
--- /dev/null
+++ b/app/imports/api/library/methods/copyLibraryNodeTo.js
@@ -0,0 +1,100 @@
+import { ValidatedMethod } from 'meteor/mdg:validated-method';
+import SimpleSchema from 'simpl-schema';
+i
+import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
+import { RefSchema } from '/imports/api/parenting/ChildSchema.js';
+import LibraryNodes from '/imports/api/library/LibraryNodes.js';
+import { assertDocEditPermission } from '/imports/api/sharing/sharingPermissions.js';
+import {
+  setLineageOfDocs,
+  renewDocIds
+} from '/imports/api/parenting/parenting.js';
+import { reorderDocs } from '/imports/api/parenting/order.js';
+import fetchDocByRef from '/imports/api/parenting/fetchDocByRef.js';
+
+var snackbar;
+if (Meteor.isClient) {
+  snackbar = require(
+    '/imports/ui/components/snackbars/SnackbarQueue.js'
+  ).snackbar
+}
+
+const DUPLICATE_CHILDREN_LIMIT = 100;
+
+const copyLibraryNodeTo = new ValidatedMethod({
+  name: 'libraryNodes.copyTo',
+  validate: new SimpleSchema({
+    _id: {
+      type: String,
+      regEx: SimpleSchema.RegEx.Id,
+    },
+    parent: {
+      type: RefSchema,
+    },
+  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 1,
+    timeInterval: 5000,
+  },
+  run({ _id, parent }) {
+    if (parent.collection !== 'libraryNodes' && parent.collection !== 'libraries') {
+      throw new Meteor.Error('Invalid destination',
+        'Library documents can only be copied to destinations inside other libraries'
+      );
+    }
+    const libraryNode = LibraryNodes.findOne(_id);
+    const parentDoc = fetchDocByRef(parent);
+    assertDocEditPermission(libraryNode, this.userId);
+
+    let randomSrc = DDP.randomStream('copyLibraryNodeTo');
+    let libraryNodeId = randomSrc.id();
+    libraryNode._id = libraryNodeId;
+
+    let decendants = LibraryNodes.find({
+      'ancestors.id': _id,
+      removed: { $ne: true },
+    }, {
+      limit: DUPLICATE_CHILDREN_LIMIT + 1,
+      sort: { order: 1 },
+    }).fetch();
+
+    if (decendants.length > DUPLICATE_CHILDREN_LIMIT) {
+      decendants.pop();
+      if (Meteor.isClient) {
+        snackbar({
+          text: `Only the first ${DUPLICATE_CHILDREN_LIMIT} children were duplicated`,
+        });
+      }
+    }
+
+    const nodes = [libraryNode, decendants];
+
+    const newAncestry = parentDoc.ancestors || [];
+    newAncestry.push(parent);
+    // re-map all the ancestors
+    setLineageOfDocs({
+      docArray: nodes,
+      newAncestry,
+      oldParent: libraryNode.parent,
+    });
+
+    // Give the docs new IDs without breaking internal references
+    renewDocIds({ docArray: nodes });
+
+    // Order the root node
+    libraryNode.order = (parentDoc.order || 0) + 0.5;
+
+    LibraryNodes.batchInsert(nodes);
+
+    // Tree structure changed by inserts, reorder the tree
+    reorderDocs({
+      collection: LibraryNodes,
+      ancestorId: parent.collection === 'libraries' ? parent.id : parentDoc.ancestors[0].id,
+    });
+
+    return libraryNodeId;
+  },
+});
+
+export default duplicateLibraryNode;
diff --git a/app/imports/api/library/methods/duplicateLibraryNode.js b/app/imports/api/library/methods/duplicateLibraryNode.js
index 107f3c6b..59b54c8a 100644
--- a/app/imports/api/library/methods/duplicateLibraryNode.js
+++ b/app/imports/api/library/methods/duplicateLibraryNode.js
@@ -16,7 +16,7 @@ if (Meteor.isClient) {
   ).snackbar
 }
 
-const DUPLICATE_CHILDREN_LIMIT = 50;
+const DUPLICATE_CHILDREN_LIMIT = 100;
 
 const duplicateLibraryNode = new ValidatedMethod({
   name: 'libraryNodes.duplicate',

From 8f56a60fb142a9583525c6a2e9df2aa48f49854b Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 3 Nov 2022 20:18:59 +0200
Subject: [PATCH 2/5] Added copy-to and related sharing permissions

---
 .../api/library/methods/copyLibraryNodeTo.js  | 23 +++--
 .../library/methods/duplicateLibraryNode.js   |  4 +-
 app/imports/api/library/methods/index.js      |  1 +
 app/imports/api/sharing/SharingSchema.js      |  4 +
 app/imports/api/sharing/sharing.js            | 22 ++++-
 app/imports/api/sharing/sharingPermissions.js | 88 ++++++++++++++-----
 app/imports/ui/components/ColorPicker.vue     |  4 +
 app/imports/ui/components/propertyToolbar.vue | 20 +++++
 app/imports/ui/library/LibraryNodeDialog.vue  | 47 +++++++++-
 .../ui/library/MoveLibraryNodeDialog.vue      |  8 +-
 app/imports/ui/sharing/ShareDialog.vue        | 20 +++++
 11 files changed, 202 insertions(+), 39 deletions(-)

diff --git a/app/imports/api/library/methods/copyLibraryNodeTo.js b/app/imports/api/library/methods/copyLibraryNodeTo.js
index e87eb5e2..f99b184f 100644
--- a/app/imports/api/library/methods/copyLibraryNodeTo.js
+++ b/app/imports/api/library/methods/copyLibraryNodeTo.js
@@ -1,10 +1,12 @@
 import { ValidatedMethod } from 'meteor/mdg:validated-method';
 import SimpleSchema from 'simpl-schema';
-i
 import { RateLimiterMixin } from 'ddp-rate-limiter-mixin';
 import { RefSchema } from '/imports/api/parenting/ChildSchema.js';
 import LibraryNodes from '/imports/api/library/LibraryNodes.js';
-import { assertDocEditPermission } from '/imports/api/sharing/sharingPermissions.js';
+import {
+  assertDocCopyPermission,
+  assertDocEditPermission
+} from '/imports/api/sharing/sharingPermissions.js';
 import {
   setLineageOfDocs,
   renewDocIds
@@ -19,7 +21,7 @@ if (Meteor.isClient) {
   ).snackbar
 }
 
-const DUPLICATE_CHILDREN_LIMIT = 100;
+const DUPLICATE_CHILDREN_LIMIT = 500;
 
 const copyLibraryNodeTo = new ValidatedMethod({
   name: 'libraryNodes.copyTo',
@@ -35,7 +37,7 @@ const copyLibraryNodeTo = new ValidatedMethod({
   mixins: [RateLimiterMixin],
   rateLimit: {
     numRequests: 1,
-    timeInterval: 5000,
+    timeInterval: 10000,
   },
   run({ _id, parent }) {
     if (parent.collection !== 'libraryNodes' && parent.collection !== 'libraries') {
@@ -45,11 +47,8 @@ const copyLibraryNodeTo = new ValidatedMethod({
     }
     const libraryNode = LibraryNodes.findOne(_id);
     const parentDoc = fetchDocByRef(parent);
-    assertDocEditPermission(libraryNode, this.userId);
-
-    let randomSrc = DDP.randomStream('copyLibraryNodeTo');
-    let libraryNodeId = randomSrc.id();
-    libraryNode._id = libraryNodeId;
+    assertDocCopyPermission(libraryNode, this.userId);
+    assertDocEditPermission(parentDoc, this.userId);
 
     let decendants = LibraryNodes.find({
       'ancestors.id': _id,
@@ -68,7 +67,7 @@ const copyLibraryNodeTo = new ValidatedMethod({
       }
     }
 
-    const nodes = [libraryNode, decendants];
+    const nodes = [libraryNode, ...decendants];
 
     const newAncestry = parentDoc.ancestors || [];
     newAncestry.push(parent);
@@ -92,9 +91,7 @@ const copyLibraryNodeTo = new ValidatedMethod({
       collection: LibraryNodes,
       ancestorId: parent.collection === 'libraries' ? parent.id : parentDoc.ancestors[0].id,
     });
-
-    return libraryNodeId;
   },
 });
 
-export default duplicateLibraryNode;
+export default copyLibraryNodeTo;
diff --git a/app/imports/api/library/methods/duplicateLibraryNode.js b/app/imports/api/library/methods/duplicateLibraryNode.js
index 59b54c8a..ff35b8fb 100644
--- a/app/imports/api/library/methods/duplicateLibraryNode.js
+++ b/app/imports/api/library/methods/duplicateLibraryNode.js
@@ -16,7 +16,7 @@ if (Meteor.isClient) {
   ).snackbar
 }
 
-const DUPLICATE_CHILDREN_LIMIT = 100;
+const DUPLICATE_CHILDREN_LIMIT = 500;
 
 const duplicateLibraryNode = new ValidatedMethod({
   name: 'libraryNodes.duplicate',
@@ -28,7 +28,7 @@ const duplicateLibraryNode = new ValidatedMethod({
   }).validator(),
   mixins: [RateLimiterMixin],
   rateLimit: {
-    numRequests: 5,
+    numRequests: 1,
     timeInterval: 5000,
   },
   run({ _id }) {
diff --git a/app/imports/api/library/methods/index.js b/app/imports/api/library/methods/index.js
index 1b566bc5..e67eec8a 100644
--- a/app/imports/api/library/methods/index.js
+++ b/app/imports/api/library/methods/index.js
@@ -1,2 +1,3 @@
+import '/imports/api/library/methods/copyLibraryNodeTo.js';
 import '/imports/api/library/methods/duplicateLibraryNode.js';
 import '/imports/api/library/methods/updateReferenceNode.js';
diff --git a/app/imports/api/sharing/SharingSchema.js b/app/imports/api/sharing/SharingSchema.js
index 2a4f87c3..629f90bb 100644
--- a/app/imports/api/sharing/SharingSchema.js
+++ b/app/imports/api/sharing/SharingSchema.js
@@ -33,6 +33,10 @@ let SharingSchema = new SimpleSchema({
     defaultValue: false,
     index: 1,
   },
+  readersCanCopy: {
+    type: Boolean,
+    optional: true,
+  },
 });
 
 export default SharingSchema;
diff --git a/app/imports/api/sharing/sharing.js b/app/imports/api/sharing/sharing.js
index f6c8d8b7..7062ff40 100644
--- a/app/imports/api/sharing/sharing.js
+++ b/app/imports/api/sharing/sharing.js
@@ -27,6 +27,26 @@ const setPublic = new ValidatedMethod({
   },
 });
 
+const setReadersCanCopy = new ValidatedMethod({
+  name: 'sharing.setReadersCanCopy',
+  validate: new SimpleSchema({
+    docRef: RefSchema,
+    readersCanCopy: { type: Boolean },
+  }).validator(),
+  mixins: [RateLimiterMixin],
+  rateLimit: {
+    numRequests: 5,
+    timeInterval: 5000,
+  },
+  run({ docRef, readersCanCopy }) {
+    let doc = fetchDocByRef(docRef);
+    assertOwnership(doc, this.userId);
+    return getCollectionByName(docRef.collection).update(docRef.id, {
+      $set: { readersCanCopy },
+    });
+  },
+});
+
 const updateUserSharePermissions = new ValidatedMethod({
   name: 'sharing.updateUserSharePermissions',
   validate: new SimpleSchema({
@@ -129,4 +149,4 @@ const transferOwnership = new ValidatedMethod({
   },
 });
 
-export { setPublic, updateUserSharePermissions, transferOwnership };
+export { setPublic, setReadersCanCopy, updateUserSharePermissions, transferOwnership };
diff --git a/app/imports/api/sharing/sharingPermissions.js b/app/imports/api/sharing/sharingPermissions.js
index 58629c62..5591c59c 100644
--- a/app/imports/api/sharing/sharingPermissions.js
+++ b/app/imports/api/sharing/sharingPermissions.js
@@ -1,24 +1,25 @@
 import { _ } from 'meteor/underscore';
 import fetchDocByRef from '/imports/api/parenting/fetchDocByRef.js';
 
-function assertIdValid(userId){
-  if (!userId || typeof userId !== 'string'){
+function assertIdValid(userId) {
+  if (!userId || typeof userId !== 'string') {
     throw new Meteor.Error('Permission denied',
       'No user ID. Are you logged in?');
   }
 }
 
-function assertdocExists(doc){
-  if (!doc){
+function assertdocExists(doc) {
+  if (!doc) {
     throw new Meteor.Error('Permission denied',
       'Permission denied: No such document exists');
   }
 }
 
-export function assertOwnership(doc, userId){
+export function assertOwnership(doc, userId) {
   assertIdValid(userId);
   assertdocExists(doc);
-  if (doc.owner === userId ){
+
+  if (doc.owner === userId) {
     return true;
   } else {
     throw new Meteor.Error('Permission denied',
@@ -37,13 +38,12 @@ export function assertEditPermission(doc, userId) {
   assertdocExists(doc);
   const user = Meteor.users.findOne(userId, {
     fields: {
-      'services.patreon': 1,
       'roles': 1,
     }
   });
 
   // Admin override
-  if (user.roles && user.roles.includes('admin')){
+  if (user.roles && user.roles.includes('admin')) {
     return true;
   }
 
@@ -51,7 +51,7 @@ export function assertEditPermission(doc, userId) {
   if (
     doc.owner === userId ||
     _.contains(doc.writers, userId)
-  ){
+  ) {
     return true;
   } else {
     throw new Meteor.Error('Edit permission denied',
@@ -59,9 +59,46 @@ export function assertEditPermission(doc, userId) {
   }
 }
 
-function getRoot(doc){
+/**
+ * Assert that the user can edit the root document which manages its own sharing
+ * permissions.
+ *
+ * Warning: the doc and userId must be set by a trusted source
+ */
+export function assertCopyPermission(doc, userId) {
+  assertIdValid(userId);
   assertdocExists(doc);
-  if (doc.ancestors && doc.ancestors.length && doc.ancestors[0]){
+  const user = Meteor.users.findOne(userId, {
+    fields: {
+      'roles': 1,
+    }
+  });
+
+  // Admin override
+  if (user.roles && user.roles.includes('admin')) {
+    return true;
+  }
+
+  // Ensure the user is authorized for this specific document
+  if (
+    doc.owner === userId ||
+    _.contains(doc.writers, userId)
+  ) {
+    return true;
+  } else if (
+    (_.contains(doc.readers, userId) || doc.public) &&
+    doc.readersCanCopy
+  ) {
+    return true;
+  } else {
+    throw new Meteor.Error('Copy permission denied',
+      'You do not have permission to copy this document');
+  }
+}
+
+function getRoot(doc) {
+  assertdocExists(doc);
+  if (doc.ancestors && doc.ancestors.length && doc.ancestors[0]) {
     return fetchDocByRef(doc.ancestors[0]);
   } else {
     return doc;
@@ -74,11 +111,22 @@ function getRoot(doc){
  *
  * Warning: the doc and userId must be set by a trusted source
  */
-export function assertDocEditPermission(doc, userId){
+export function assertDocEditPermission(doc, userId) {
   let root = getRoot(doc);
   assertEditPermission(root, userId);
 }
 
+/**
+ * Assert that the user can copy a descendant document whose root ancestor
+ * implements sharing permissions.
+ *
+ * Warning: the doc and userId must be set by a trusted source
+ */
+export function assertDocCopyPermission(doc, userId) {
+  let root = getRoot(doc);
+  assertCopyPermission(root, userId);
+}
+
 export function assertViewPermission(doc, userId) {
   assertdocExists(doc);
   if (doc.public) return true;
@@ -88,17 +136,17 @@ export function assertViewPermission(doc, userId) {
     doc.owner === userId ||
     _.contains(doc.readers, userId) ||
     _.contains(doc.writers, userId)
-  ){
+  ) {
     return true;
   } else {
-    
+
     // Admin override
     const user = Meteor.users.findOne(userId, {
       fields: {
         'roles': 1,
       }
     });
-    if (user.roles && user.roles.includes('admin')){
+    if (user.roles && user.roles.includes('admin')) {
       return true;
     }
 
@@ -113,20 +161,20 @@ export function assertViewPermission(doc, userId) {
  *
  * Warning: the doc and userId must be set by a trusted source
  */
-export function assertDocViewPermission(doc, userId){
+export function assertDocViewPermission(doc, userId) {
   let root = getRoot(doc);
   assertViewPermission(root, userId);
 }
 
-export function assertAdmin(userId){
+export function assertAdmin(userId) {
   assertIdValid(userId);
-  let user = Meteor.users.findOne(userId, {fields: {roles: 1}});
-  if (!user){
+  let user = Meteor.users.findOne(userId, { fields: { roles: 1 } });
+  if (!user) {
     throw new Meteor.Error('Permission denied',
       'UserId does not match any existing user');
   }
   let isAdmin = user.roles && user.roles.includes('admin')
-  if (!isAdmin){
+  if (!isAdmin) {
     throw new Meteor.Error('Permission denied',
       'User does not have the admin role');
   }
diff --git a/app/imports/ui/components/ColorPicker.vue b/app/imports/ui/components/ColorPicker.vue
index bb1115f6..cc1423bd 100644
--- a/app/imports/ui/components/ColorPicker.vue
+++ b/app/imports/ui/components/ColorPicker.vue
@@ -10,6 +10,7 @@
         :outlined="!!label"
         :icon="!label"
         :min-width="label && 108"
+        :disabled="context.editPermission === false"
         v-on="on"
       >
         {{ label }}
@@ -124,6 +125,9 @@
   }
 
   export default {
+    inject: {
+      context: { default: {} }
+    },
     props: {
      //hex string
       value: {
diff --git a/app/imports/ui/components/propertyToolbar.vue b/app/imports/ui/components/propertyToolbar.vue
index 28b454d7..af6ba016 100644
--- a/app/imports/ui/components/propertyToolbar.vue
+++ b/app/imports/ui/components/propertyToolbar.vue
@@ -69,6 +69,7 @@
             </v-list-item>
             <v-list-item
               v-if="$listeners && $listeners.duplicate"
+              :disabled="context.editPermission === false"
               @click="$emit('duplicate')"
             >
               <v-list-item-content>
@@ -80,8 +81,23 @@
                 <v-icon>mdi-content-copy</v-icon>
               </v-list-item-action>
             </v-list-item>
+            <v-list-item
+              v-if="$listeners && $listeners.copy"
+              :disabled="context.copyPermission === false"
+              @click="$emit('copy')"
+            >
+              <v-list-item-content>
+                <v-list-item-title>
+                  Copy To
+                </v-list-item-title>
+              </v-list-item-content>
+              <v-list-item-action>
+                <v-icon>mdi-content-duplicate</v-icon>
+              </v-list-item-action>
+            </v-list-item>
             <v-list-item
               v-if="$listeners && $listeners.move"
+              :disabled="context.editPermission === false"
               @click="$emit('move')"
             >
               <v-list-item-content>
@@ -95,6 +111,7 @@
             </v-list-item>
             <v-list-item
               v-if="$listeners && $listeners.remove"
+              :disabled="context.editPermission === false"
               @click="$emit('remove')"
             >
               <v-list-item-content>
@@ -157,6 +174,9 @@ export default {
     PropertyIcon,
     ColorPicker,
   },
+  inject: {
+    context: { default: {} }
+  },
   props: {
     model: {
       type: Object,
diff --git a/app/imports/ui/library/LibraryNodeDialog.vue b/app/imports/ui/library/LibraryNodeDialog.vue
index e67c0cc2..977f3906 100644
--- a/app/imports/ui/library/LibraryNodeDialog.vue
+++ b/app/imports/ui/library/LibraryNodeDialog.vue
@@ -8,6 +8,7 @@
         :embedded="embedded"
         @duplicate="duplicate"
         @move="move"
+        @copy="copy"
         @remove="remove"
         @toggle-editing="editing = !editing"
         @color-changed="value => change({path: ['color'], value})"
@@ -95,10 +96,13 @@
   import propertyFormIndex from '/imports/ui/properties/forms/shared/propertyFormIndex.js';
   import propertyViewerIndex from '/imports/ui/properties/viewers/shared/propertyViewerIndex.js';
   import { get } from 'lodash';
-  import { assertDocEditPermission } from '/imports/api/sharing/sharingPermissions.js';
+  import {
+    assertDocEditPermission, assertDocCopyPermission
+  } from '/imports/api/sharing/sharingPermissions.js';
   import { organizeDoc } from '/imports/api/parenting/organizeMethods.js';
   import { snackbar } from '/imports/ui/components/snackbars/SnackbarQueue.js';
   import getPropertyTitle from '/imports/ui/properties/shared/getPropertyTitle.js';
+  import copyLibraryNodeTo from '/imports/api/library/methods/copyLibraryNodeTo.js';
 
   let formIndex = {};
   for (let key in propertyFormIndex){
@@ -126,7 +130,7 @@
     },
     reactiveProvide: {
       name: 'context',
-      include: ['editPermission', 'isLibraryForm'],
+      include: ['editPermission', 'copyPermission', 'isLibraryForm'],
     },
     data(){return {
       editing: !!this.startInEditTab,
@@ -162,6 +166,14 @@
           return false;
         }
       },
+      copyPermission(){
+        try {
+          assertDocCopyPermission(this.model, Meteor.userId());
+          return true;
+        } catch (e) {
+          return false;
+        }
+      },
     },
     methods: {
       getPropertyName,
@@ -200,6 +212,37 @@
           }
         });
       },
+      copy(){
+        const thisId = this._id;
+        this.$store.commit('pushDialogStack', {
+          component: 'move-library-node-dialog',
+          elementId: 'property-toolbar-menu-button',
+          data: {
+            action: 'Copy',
+          },
+          callback(parentId){
+            if (!parentId) return;
+            copyLibraryNodeTo.call({
+              _id: thisId,
+              parent: {
+                collection: 'libraryNodes',
+                id: parentId
+              },
+            }, (error) => {
+              if (error) {
+                console.error(error);
+                snackbar({
+                  text: error.reason || error.message || error.toString(),
+                });
+              } else {
+                snackbar({
+                  text: 'Copied successfully',
+                });
+              }
+            });
+          }
+        });
+      },
       change({path, value, ack}){
         updateLibraryNode.call({_id: this.currentId, path, value}, (error) =>{
           if (ack){
diff --git a/app/imports/ui/library/MoveLibraryNodeDialog.vue b/app/imports/ui/library/MoveLibraryNodeDialog.vue
index ce412813..f0d22101 100644
--- a/app/imports/ui/library/MoveLibraryNodeDialog.vue
+++ b/app/imports/ui/library/MoveLibraryNodeDialog.vue
@@ -16,7 +16,7 @@
         color="primary"
         @click="$store.dispatch('popDialogStack', node._id)"
       >
-        Move
+        {{ action || 'Move' }}
       </v-btn>
     </template>
   </dialog-base>
@@ -30,6 +30,12 @@ export default {
     DialogBase,
     LibraryAndNode,
   },
+  props: {
+    action: {
+      type: String,
+      default: undefined,
+    },
+  },
   data() {
     return {
       node: undefined,
diff --git a/app/imports/ui/sharing/ShareDialog.vue b/app/imports/ui/sharing/ShareDialog.vue
index 8cd82873..27d8318f 100644
--- a/app/imports/ui/sharing/ShareDialog.vue
+++ b/app/imports/ui/sharing/ShareDialog.vue
@@ -13,6 +13,16 @@
         :value="!!model.public + ''"
         @change="(value, ack) => setSheetPublic({value, ack})"
       />
+      <smart-select
+        v-if="docRef.collection === 'libraries'"
+        label="Who can copy from this library"
+        :items="[
+          {text: 'Only people with edit permission', value: 'false'},
+          {text: 'Anyone with read permission', value: 'true'}
+        ]"
+        :value="!!model.readersCanCopy + ''"
+        @change="(value, ack) => setReadersCanCopy({value, ack})"
+      />
       <text-field
         v-if="model.public && docRef.collection === 'libraries'"
         readonly
@@ -30,6 +40,7 @@
           @change="(value, ack) => getUser({value, ack})"
         />
         <v-btn
+          class="ml-2 mt-2"
           :disabled="userFoundState !== 'found'"
           @click="updateSharing(userId, 'reader')"
         >
@@ -126,6 +137,7 @@
 <script lang="js">
 import {
   setPublic,
+  setReadersCanCopy,
   updateUserSharePermissions
 } from '/imports/api/sharing/sharing.js';
 import fetchDocByRef from '/imports/api/parenting/fetchDocByRef.js';
@@ -157,6 +169,14 @@ export default {
         ack(error && error.reason || error);
       });
     },
+    setReadersCanCopy({ value, ack }) {
+      setReadersCanCopy.call({
+        docRef: this.docRef,
+        readersCanCopy: value === 'true',
+      }, (error) => {
+        ack(error && error.reason || error);
+      });
+    },
     getUser({ value, ack }) {
       this.userSearched = value;
       if (!value) {

From d63ad9ea8fd966d2e5f6a1f01aa0ee16db225818 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 3 Nov 2022 20:39:02 +0200
Subject: [PATCH 3/5] Added hide when total/value zero to attributes

---
 app/imports/api/properties/Attributes.js      |  8 ++
 .../character/characterSheetTabs/StatsTab.vue |  4 +
 .../attributes/HealthBarCardContainer.vue     |  4 +
 .../ui/properties/forms/AttributeForm.vue     | 88 ++++++++++++++-----
 4 files changed, 84 insertions(+), 20 deletions(-)

diff --git a/app/imports/api/properties/Attributes.js b/app/imports/api/properties/Attributes.js
index d486d5f9..a2681d33 100644
--- a/app/imports/api/properties/Attributes.js
+++ b/app/imports/api/properties/Attributes.js
@@ -107,6 +107,14 @@ let AttributeSchema = createPropertySchema({
     type: Boolean,
     optional: true,
   },
+  hideWhenTotalZero: {
+    type: Boolean,
+    optional: true,
+  },
+  hideWhenValueZero: {
+    type: Boolean,
+    optional: true,
+  },
   // Automatically zero the adjustment on these conditions
   reset: {
     type: String,
diff --git a/app/imports/ui/creature/character/characterSheetTabs/StatsTab.vue b/app/imports/ui/creature/character/characterSheetTabs/StatsTab.vue
index e8122e32..a201c69c 100644
--- a/app/imports/ui/creature/character/characterSheetTabs/StatsTab.vue
+++ b/app/imports/ui/creature/character/characterSheetTabs/StatsTab.vue
@@ -365,6 +365,10 @@ const getProperties = function (creature, filter, options = {
   filter.removed = { $ne: true };
   filter.inactive = { $ne: true };
   filter.overridden = { $ne: true };
+  filter.$nor = [
+    { hideWhenTotalZero: true, total: 0 },
+    { hideWhenValueZero: true, value: 0 },
+  ];
 
   return CreatureProperties.find(filter, options);
 };
diff --git a/app/imports/ui/properties/components/attributes/HealthBarCardContainer.vue b/app/imports/ui/properties/components/attributes/HealthBarCardContainer.vue
index 639beee0..db3b9c66 100644
--- a/app/imports/ui/properties/components/attributes/HealthBarCardContainer.vue
+++ b/app/imports/ui/properties/components/attributes/HealthBarCardContainer.vue
@@ -42,6 +42,10 @@ export default {
         removed: { $ne: true },
         inactive: { $ne: true },
         overridden: { $ne: true },
+        $nor: [
+          { hideWhenTotalZero: true, total: 0 },
+          { hideWhenValueZero: true, value: 0 },
+        ],
       };
       if (creature.settings.hideUnusedStats) {
         filter.hide = { $ne: true };
diff --git a/app/imports/ui/properties/forms/AttributeForm.vue b/app/imports/ui/properties/forms/AttributeForm.vue
index 42814d86..4dc36f07 100644
--- a/app/imports/ui/properties/forms/AttributeForm.vue
+++ b/app/imports/ui/properties/forms/AttributeForm.vue
@@ -151,26 +151,74 @@
           @change="change('tags', ...arguments)"
         />
         <div class="layout column align-center">
-          <smart-switch
-            v-if="model.attributeType !== 'hitDice'"
-            label="Allow decimal values"
-            class="no-flex"
-            :value="model.decimal"
-            :error-messages="errors.decimal"
-            @change="change('decimal', ...arguments)"
-          />
-          <smart-switch
-            label="Can be damaged into negative values"
-            :value="model.ignoreLowerLimit"
-            :error-messages="errors.ignoreLowerLimit"
-            @change="change('ignoreLowerLimit', ...arguments)"
-          />
-          <smart-switch
-            label="Can be incremented above total"
-            :value="model.ignoreUpperLimit"
-            :error-messages="errors.ignoreUpperLimit"
-            @change="change('ignoreUpperLimit', ...arguments)"
-          />
+          <v-row dense>
+            <v-col
+              cols="12"
+              sm="6"
+              md="4"
+            >
+              <smart-switch
+                v-if="model.attributeType !== 'hitDice'"
+                label="Allow decimal values"
+                class="mx-4"
+                :value="model.decimal"
+                :error-messages="errors.decimal"
+                @change="change('decimal', ...arguments)"
+              />
+            </v-col>
+            <v-col
+              cols="12"
+              sm="6"
+              md="4"
+            >
+              <smart-switch
+                label="Can be damaged into negative values"
+                class="mx-4"
+                :value="model.ignoreLowerLimit"
+                :error-messages="errors.ignoreLowerLimit"
+                @change="change('ignoreLowerLimit', ...arguments)"
+              />
+            </v-col>
+            <v-col
+              cols="12"
+              sm="6"
+              md="4"
+            >
+              <smart-switch
+                label="Can be incremented above total"
+                class="mx-4"
+                :value="model.ignoreUpperLimit"
+                :error-messages="errors.ignoreUpperLimit"
+                @change="change('ignoreUpperLimit', ...arguments)"
+              />
+            </v-col>
+            <v-col
+              cols="12"
+              sm="6"
+              md="4"
+            >
+              <smart-switch
+                label="Hide when total is zero"
+                class="mx-4"
+                :value="model.hideWhenTotalZero"
+                :error-messages="errors.hideWhenTotalZero"
+                @change="change('hideWhenTotalZero', ...arguments)"
+              />
+            </v-col>
+            <v-col
+              cols="12"
+              sm="6"
+              md="4"
+            >
+              <smart-switch
+                label="Hide when value is zero"
+                class="mx-4"
+                :value="model.hideWhenValueZero"
+                :error-messages="errors.hideWhenValueZero"
+                @change="change('hideWhenValueZero', ...arguments)"
+              />
+            </v-col>
+          </v-row>
           <div
             class="layout justify-center"
             style="align-self: stretch;"

From c0ccafa7876a0e2242274bf5c4efb61a19bea2b7 Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 3 Nov 2022 20:50:10 +0200
Subject: [PATCH 4/5] Added overflow stops to health bars

---
 .../applyPropertyByType/applyDamage.js        | 48 +++++++++++--------
 app/imports/api/properties/Attributes.js      | 10 ++++
 .../ui/properties/forms/AttributeForm.vue     | 15 +++++-
 3 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/app/imports/api/engine/actions/applyPropertyByType/applyDamage.js b/app/imports/api/engine/actions/applyPropertyByType/applyDamage.js
index c35546de..f1c0c832 100644
--- a/app/imports/api/engine/actions/applyPropertyByType/applyDamage.js
+++ b/app/imports/api/engine/actions/applyPropertyByType/applyDamage.js
@@ -1,6 +1,6 @@
 import { some, intersection, difference, remove, includes } from 'lodash';
 import applyProperty from '../applyProperty.js';
-import {insertCreatureLog} from '/imports/api/creature/log/CreatureLogs.js';
+import { insertCreatureLog } from '/imports/api/creature/log/CreatureLogs.js';
 import resolve, { Context, toString } from '/imports/parser/resolve.js';
 import logErrors from './shared/logErrors.js';
 import applyEffectsToCalculationParseNode from '/imports/api/engine/actions/applyPropertyByType/shared/applyEffectsToCalculationParseNode.js';
@@ -10,9 +10,9 @@ import {
 } from '/imports/api/engine/loadCreatures.js';
 import { applyNodeTriggers } from '/imports/api/engine/actions/applyTriggers.js';
 
-export default function applyDamage(node, actionContext){
+export default function applyDamage(node, actionContext) {
   applyNodeTriggers(node, 'before', actionContext);
-  const applyChildren = function(){
+  const applyChildren = function () {
     applyNodeTriggers(node, 'after', actionContext);
     node.children.forEach(child => applyProperty(child, actionContext));
   };
@@ -28,10 +28,10 @@ export default function applyDamage(node, actionContext){
   // Determine if the hit is critical
   let criticalHit = scope['$criticalHit']?.value &&
     prop.damageType !== 'healing' // Can't critically heal
-  ;
+    ;
   // Double the damage rolls if the hit is critical
   let context = new Context({
-    options: {doubleRolls: criticalHit},
+    options: { doubleRolls: criticalHit },
   });
 
   // Gather all the lines we need to log into an array
@@ -40,8 +40,8 @@ export default function applyDamage(node, actionContext){
 
   // roll the dice only and store that string
   applyEffectsToCalculationParseNode(prop.amount, actionContext.log);
-  const {result: rolled} = resolve('roll', prop.amount.parseNode, scope, context);
-  if (rolled.parseType !== 'constant'){
+  const { result: rolled } = resolve('roll', prop.amount.parseNode, scope, context);
+  if (rolled.parseType !== 'constant') {
     logValue.push(toString(rolled));
   }
   logErrors(context.errors, actionContext);
@@ -50,13 +50,13 @@ export default function applyDamage(node, actionContext){
   context.errors = [];
 
   // Resolve the roll to a final value
-  const {result: reduced} = resolve('reduce', rolled, scope, context);
+  const { result: reduced } = resolve('reduce', rolled, scope, context);
   logErrors(context.errors, actionContext);
 
   // Store the result
-  if (reduced.parseType === 'constant'){
+  if (reduced.parseType === 'constant') {
     prop.amount.value = reduced.value;
-  } else if (reduced.parseType === 'error'){
+  } else if (reduced.parseType === 'error') {
     prop.amount.value = null;
   } else {
     prop.amount.value = toString(reduced);
@@ -64,7 +64,7 @@ export default function applyDamage(node, actionContext){
   let damage = +reduced.value;
 
   // If we didn't end up with a constant of finite amount, give up
-  if (reduced?.parseType !== 'constant' || !isFinite(reduced.value)){
+  if (reduced?.parseType !== 'constant' || !isFinite(reduced.value)) {
     return applyChildren();
   }
 
@@ -83,7 +83,7 @@ export default function applyDamage(node, actionContext){
   // Memoise the damage suffix for the log
   let suffix = (criticalHit ? ' critical ' : ' ') +
     prop.damageType +
-    (prop.damageType !== 'healing' ? ' damage ': '');
+    (prop.damageType !== 'healing' ? ' damage ' : '');
 
   if (damageTargets && damageTargets.length) {
     // Iterate through all the targets
@@ -107,7 +107,7 @@ export default function applyDamage(node, actionContext){
       });
 
       // Log the damage done
-      if (target._id === actionContext.creature._id){
+      if (target._id === actionContext.creature._id) {
         // Target is same as self, log damage as such
         logValue.push(`**${damageDealt}** ${suffix}  to self`);
       } else {
@@ -136,33 +136,33 @@ export default function applyDamage(node, actionContext){
   return applyChildren();
 }
 
-function applyDamageMultipliers({target, damage, damageProp, logValue}){
+function applyDamageMultipliers({ target, damage, damageProp, logValue }) {
   const damageType = damageProp?.damageType;
   if (!damageType) return damage;
 
   const multiplier = target?.variables?.[damageType];
   if (!multiplier) return damage;
 
-  const damageTypeText = damageType == 'healing' ? 'healing': `${damageType} damage`;
+  const damageTypeText = damageType == 'healing' ? 'healing' : `${damageType} damage`;
 
   if (
     multiplier.immunity &&
     some(multiplier.immunities, multiplierAppliesTo(damageProp, 'immunity'))
-  ){
+  ) {
     logValue.push(`Immune to ${damageTypeText}`);
     return 0;
   } else {
     if (
       multiplier.resistance &&
       some(multiplier.resistances, multiplierAppliesTo(damageProp, 'resistance'))
-    ){
+    ) {
       logValue.push(`Resistant to ${damageTypeText}`);
       damage = Math.floor(damage / 2);
     }
     if (
       multiplier.vulnerability &&
       some(multiplier.vulnerabilities, multiplierAppliesTo(damageProp, 'vulnerability'))
-    ){
+    ) {
       logValue.push(`Vulnerable to ${damageTypeText}`);
       damage = Math.floor(damage * 2);
     }
@@ -170,7 +170,7 @@ function applyDamageMultipliers({target, damage, damageProp, logValue}){
   return damage;
 }
 
-function multiplierAppliesTo(damageProp, multiplierType){
+function multiplierAppliesTo(damageProp, multiplierType) {
   return multiplier => {
     // Apply the default 'ignore x' tags
     if (includes(damageProp.tags, `ignore ${multiplierType}`)) return false;
@@ -187,7 +187,7 @@ function multiplierAppliesTo(damageProp, multiplierType){
   }
 }
 
-function dealDamage({target, damageType, amount, actionContext}){
+function dealDamage({ target, damageType, amount, actionContext }) {
   // Get all the health bars and do damage to them
   let healthBars = getPropertiesOfType(target._id, 'attribute');
 
@@ -239,6 +239,14 @@ function dealDamage({target, damageType, amount, actionContext}){
       actionContext
     });
     damageLeft -= damageAdded;
+    // Prevent overflow
+    if (
+      damageType === 'healing' ?
+        healthBar.healthBarNoHealingOverflow :
+        healthBar.healthBarNoDamageOverflow
+    ) {
+      damageLeft = 0;
+    }
   });
   return totalDamage;
 }
diff --git a/app/imports/api/properties/Attributes.js b/app/imports/api/properties/Attributes.js
index a2681d33..1052e2e5 100644
--- a/app/imports/api/properties/Attributes.js
+++ b/app/imports/api/properties/Attributes.js
@@ -69,6 +69,16 @@ let AttributeSchema = createPropertySchema({
     type: Boolean,
     optional: true,
   },
+  // Control how the health bar handles overflow
+  healthBarNoDamageOverflow: {
+    type: Boolean,
+    optional: true,
+  },
+  healthBarNoHealingOverflow: {
+    type: Boolean,
+    optional: true,
+  },
+  // Control when the health bar takes damage or healing
   healthBarDamageOrder: {
     type: SimpleSchema.Integer,
     optional: true,
diff --git a/app/imports/ui/properties/forms/AttributeForm.vue b/app/imports/ui/properties/forms/AttributeForm.vue
index 4dc36f07..1d76e1a0 100644
--- a/app/imports/ui/properties/forms/AttributeForm.vue
+++ b/app/imports/ui/properties/forms/AttributeForm.vue
@@ -106,10 +106,17 @@
             />
             <smart-switch
               label="Ignore damage"
+              class="mr-4"
               :value="model.healthBarNoDamage"
               :error-messages="errors.healthBarNoDamage"
               @change="change('healthBarNoDamage', ...arguments)"
             />
+            <smart-switch
+              label="Prevent damage overflow"
+              :value="model.healthBarNoDamageOverflow"
+              :error-messages="errors.healthBarNoDamageOverflow"
+              @change="change('healthBarNoDamageOverflow', ...arguments)"
+            />
           </v-layout>
           <v-layout wrap>
             <text-field
@@ -125,14 +132,20 @@
             />
             <smart-switch
               label="Ignore healing"
+              class="mr-4"
               :value="model.healthBarNoHealing"
               :error-messages="errors.healthBarNoHealing"
               @change="change('healthBarNoHealing', ...arguments)"
             />
+            <smart-switch
+              label="Prevent healing overflow"
+              :value="model.healthBarNoHealingOverflow"
+              :error-messages="errors.healthBarNoHealingOverflow"
+              @change="change('healthBarNoHealingOverflow', ...arguments)"
+            />
           </v-layout>
         </form-section>
       </v-expand-transition>
-
       <form-section
         v-if="$slots.children"
         name="Children"

From 21b0029df7b2ac8755df9e66bd84266279231f4c Mon Sep 17 00:00:00 2001
From: Stefan Zermatten <stefanzermatten@gmail.com>
Date: Thu, 3 Nov 2022 20:51:58 +0200
Subject: [PATCH 5/5] bumped version

---
 app/package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/package.json b/app/package.json
index d212f19c..23f1e79f 100644
--- a/app/package.json
+++ b/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dicecloud",
-  "version": "2.0.42",
+  "version": "2.0.43",
   "description": "Unofficial Online Realtime D&D 5e App",
   "license": "GPL-3.0",
   "repository": {
@@ -124,4 +124,4 @@
       "vuetify/no-deprecated-classes": "error"
     }
   }
-}
+}
\ No newline at end of file