Create data injection middleware and start centralizing lookups

app/routing/routers/api/v1/code.routes.js

@@ -6,17 +6,33 @@ module.exports = exports = {
 
     get: {
         // Get the code ref node config for the specified code editor
-        '/:PageId/:NodeId/get/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.get_config'],
+        '/:PageId/:NodeId/get/:CodiumId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:FormCode.get_config',
+        ],
     },
 
     post: {
         // Create a new code ref config
-        '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.create_new'],
+        '/:PageId/:NodeId/create': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormCode.create_new',
+        ],
 
         // Set the data for the specified code ref
-        '/:PageId/:NodeId/set/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.set_values'],
+        '/:PageId/:NodeId/set/:CodiumId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormCode.set_values',
+        ],
 
         // delete the specified code ref
-        '/:PageId/:NodeId/delete/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.drop_code'],
+        '/:PageId/:NodeId/delete/:CodiumId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormCode.drop_code',
+        ],
     },
 }

app/routing/routers/api/v1/db.routes.js

@@ -6,29 +6,61 @@ module.exports = exports = {
 
     get: {
         // Get the database ref node config for the specified database
-        '/:PageId/:NodeId/get/:DatabaseId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_config'],
+        '/:PageId/:NodeId/get/:DatabaseId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:FormDatabase.get_config',
+        ],
 
         // Get the column config records for the specified database
-        '/:PageId/:NodeId/get/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_columns' ],
+        '/:PageId/:NodeId/get/:DatabaseId/columns': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:FormDatabase.get_columns',
+        ],
 
         // Get the row records for the specified database
-        '/:PageId/:NodeId/get/:DatabaseId/data': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_data' ],
+        '/:PageId/:NodeId/get/:DatabaseId/data': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:FormDatabase.get_data',
+        ],
     },
 
     post: {
         // Create a new database ref config
-        '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.create_new'],
+        '/:PageId/:NodeId/create': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormDatabase.create_new',
+        ],
 
         // Set the column configs for a database ref
-        '/:PageId/:NodeId/set/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_columns' ],
+        '/:PageId/:NodeId/set/:DatabaseId/columns': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormDatabase.set_columns',
+        ],
 
         // Set the database name
-        '/:PageId/:NodeId/set/:DatabaseId/Name': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_name' ],
+        '/:PageId/:NodeId/set/:DatabaseId/Name': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormDatabase.set_name',
+        ],
 
         // Delete the specified database ref
-        '/:PageId/:NodeId/drop/:DatabaseId': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.drop_database' ],
+        '/:PageId/:NodeId/drop/:DatabaseId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormDatabase.drop_database',
+        ],
 
         // Set the row data for the specified database ref
-        '/:PageId/:NodeId/set/:DatabaseId/data': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_data'],
+        '/:PageId/:NodeId/set/:DatabaseId/data': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:FormDatabase.set_data',
+        ],
     },
 }

app/routing/routers/api/v1/files.routes.js

@@ -6,21 +6,42 @@ module.exports = exports = {
 
     get: {
         // Get the file ref node config for the specified file ref
-        '/:PageId/:NodeId/get/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.get_config'],
+        '/:PageId/:NodeId/get/:FilesId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:File.get_config',
+        ],
 
         // Download the specified file ID from the specified file ref node
-        '/:PageId/:NodeId/get/:FilesId/:FileId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.download'],
+        '/:PageId/:NodeId/get/:FilesId/:FileId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'view' }],
+            'controller::api:v1:File.download',
+        ],
     },
 
     post: {
         // FIXME - files, not file. Fix in front-end!
         // Upload the file in the 'uploaded_file' key to the specified file ref node
-        '/file/upload/:PageId/:NodeId/:FilesId': ['middleware::auth:ApiRoute', 'middleware::upload:UploadFile', 'controller::api:v1:File.save_upload'],
+        '/file/upload/:PageId/:NodeId/:FilesId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'middleware::upload:UploadFile',
+            'controller::api:v1:File.save_upload',
+        ],
 
         // Create a new file ref node
-        '/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:File.create_config'],
+        '/:PageId/:NodeId/create': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:File.create_config',
+        ],
 
         // Delete a file ref node and its files
-        '/:PageId/:NodeId/delete/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.delete_group'],
+        '/:PageId/:NodeId/delete/:FilesId': [
+            'middleware::auth:ApiRoute',
+            ['middleware::api:DataInjection', { access_level: 'update' }],
+            'controller::api:v1:File.delete_group',
+        ],
     },
 }