Create data injection middleware and start centralizing lookups
This commit is contained in:
parent
9df5f2d5f4
commit
42b7ccad7f
@ -15,16 +15,7 @@ class File extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async create_config(req, res) {
|
async create_config(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const group = new FileGroup({
|
const group = new FileGroup({
|
||||||
NodeId: node.UUID,
|
NodeId: node.UUID,
|
||||||
@ -47,70 +38,30 @@ class File extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async get_config(req, res) {
|
async get_config(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, file_group } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const group = await FileGroup.findOne({UUID: req.params.FilesId})
|
|
||||||
if ( !group ) return res.status(404).message('Invalid file group.').api({})
|
|
||||||
// if ( !group.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
const File = this.models.get('upload::File')
|
const File = this.models.get('upload::File')
|
||||||
const files = await File.find({_id: {$in: group.FileIds.map(x => ObjectId(x))}})
|
file_group.files = await File.find({_id: {$in: file_group.FileIds.map(x => ObjectId(x))}})
|
||||||
group.files = files
|
|
||||||
|
|
||||||
return res.api(group)
|
return res.api(file_group)
|
||||||
}
|
}
|
||||||
|
|
||||||
async save_upload(req, res) {
|
async save_upload(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, file_group } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const group = await FileGroup.findOne({UUID: req.params.FilesId})
|
|
||||||
if ( !group ) return res.status(404).message('Invalid file group.').api({})
|
|
||||||
// if ( !group.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
let file_name = ''
|
let file_name = ''
|
||||||
if ( req.uploads.uploaded_file ) {
|
if ( req.uploads.uploaded_file ) {
|
||||||
group.FileIds.push(req.uploads.uploaded_file.id)
|
file_group.FileIds.push(req.uploads.uploaded_file.id)
|
||||||
}
|
}
|
||||||
|
|
||||||
await group.version_save(`Added file${file_name ? ' "'+file_name+'"' : ''}`, req.user.id)
|
await file_group.version_save(`Added file${file_name ? ' "'+file_name+'"' : ''}`, req.user.id)
|
||||||
return res.redirect(req.body.redirectTo ? req.body.redirectTo : '/')
|
return res.redirect(req.body.redirectTo ? req.body.redirectTo : '/')
|
||||||
}
|
}
|
||||||
|
|
||||||
async download(req, res) {
|
async download(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, file_group } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
if ( !file_group.FileIds.includes(req.params.FileId) ) {
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const group = await FileGroup.findOne({UUID: req.params.FilesId})
|
|
||||||
if ( !group ) return res.status(404).message('Invalid file group.').api({})
|
|
||||||
// if ( !group.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
if ( !group.FileIds.includes(req.params.FileId) ) {
|
|
||||||
return req.security.deny()
|
return req.security.deny()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -122,22 +73,9 @@ class File extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async delete_group(req, res) {
|
async delete_group(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, file_group } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
await file_group.delete()
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const group = await FileGroup.findOne({UUID: req.params.FilesId})
|
|
||||||
if ( !group ) return res.status(404).message('Invalid file group.').api({})
|
|
||||||
// if ( !group.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
await group.delete()
|
|
||||||
return res.api({})
|
return res.api({})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,5 @@
|
|||||||
const Controller = require('libflitter/controller/Controller')
|
const Controller = require('libflitter/controller/Controller')
|
||||||
const Codium = require('../../../models/api/Codium.model')
|
const Codium = require('../../../models/api/Codium.model')
|
||||||
const Page = require('../../../models/api/Page.model')
|
|
||||||
const Node = require('../../../models/api/Node.model')
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* FormCode Controller
|
* FormCode Controller
|
||||||
@ -11,16 +9,7 @@ const Node = require('../../../models/api/Node.model')
|
|||||||
class FormCode extends Controller {
|
class FormCode extends Controller {
|
||||||
|
|
||||||
async create_new(req, res) {
|
async create_new(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const code = new Codium({
|
const code = new Codium({
|
||||||
NodeId: node.UUID,
|
NodeId: node.UUID,
|
||||||
@ -48,63 +37,25 @@ class FormCode extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async get_config(req, res) {
|
async get_config(req, res) {
|
||||||
const PageId = req.params.PageId
|
return res.api(req.form.codium)
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const code = await Codium.findOne({UUID: req.params.CodiumId})
|
|
||||||
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
|
|
||||||
|
|
||||||
return res.api(code)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async set_values(req, res) {
|
async set_values(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, codium } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
codium.code = req.body.code
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
codium.Language = req.body.Language
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
codium.NodeId = node.UUID
|
||||||
|
codium.PageId = page.UUID
|
||||||
const NodeId = req.params.NodeId
|
await codium.version_save(`Updated in page "${page.Name}"`, req.user.id)
|
||||||
|
return res.api(codium)
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const code = await Codium.findOne({UUID: req.params.CodiumId})
|
|
||||||
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
|
|
||||||
|
|
||||||
code.code = req.body.code
|
|
||||||
code.Language = req.body.Language
|
|
||||||
code.NodeId = node.UUID
|
|
||||||
code.PageId = page.UUID
|
|
||||||
await code.version_save(`Updated in page "${page.Name}"`, req.user.id)
|
|
||||||
return res.api(code)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async drop_code(req, res) {
|
async drop_code(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { codium } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
codium.Active = false
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
await codium.version_save(`Deleted`, req.user.id)
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const code = await Codium.findOne({UUID: req.params.CodiumId})
|
|
||||||
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
|
|
||||||
|
|
||||||
code.Active = false
|
|
||||||
await code.version_save(`Deleted`, req.user.id)
|
|
||||||
return res.api({})
|
return res.api({})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,4 @@
|
|||||||
const Controller = require('libflitter/controller/Controller')
|
const Controller = require('libflitter/controller/Controller')
|
||||||
const Page = require('../../../models/api/Page.model')
|
|
||||||
const Node = require('../../../models/api/Node.model')
|
|
||||||
const Database = require('../../../models/api/db/Database.model')
|
const Database = require('../../../models/api/db/Database.model')
|
||||||
const ColumnDef = require('../../../models/api/db/ColumnDef.model')
|
const ColumnDef = require('../../../models/api/db/ColumnDef.model')
|
||||||
const DBEntry = require('../../../models/api/db/DBEntry.model')
|
const DBEntry = require('../../../models/api/db/DBEntry.model')
|
||||||
@ -13,16 +11,7 @@ const DBEntry = require('../../../models/api/db/DBEntry.model')
|
|||||||
class FormDatabase extends Controller {
|
class FormDatabase extends Controller {
|
||||||
|
|
||||||
async create_new(req, res) {
|
async create_new(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const db = new Database({
|
const db = new Database({
|
||||||
Name: req.body.name || req.body.Name || 'New Database',
|
Name: req.body.name || req.body.Name || 'New Database',
|
||||||
@ -46,43 +35,16 @@ class FormDatabase extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async get_config(req, res) {
|
async get_config(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
return res.api(database)
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
return res.api(db)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async get_columns(req, res) {
|
async get_columns(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
|
|
||||||
const columns = []
|
const columns = []
|
||||||
for ( const col_id of db.ColumnIds ) {
|
for ( const col_id of database.ColumnIds ) {
|
||||||
const rec = await ColumnDef.findOne({UUID: col_id})
|
const rec = await ColumnDef.findOne({UUID: col_id})
|
||||||
if ( rec ) {
|
if ( rec ) {
|
||||||
rec.additionalData = rec.data()
|
rec.additionalData = rec.data()
|
||||||
@ -92,7 +54,7 @@ class FormDatabase extends Controller {
|
|||||||
|
|
||||||
// Fallback for backwards compat
|
// Fallback for backwards compat
|
||||||
if ( columns.length < 1 ) {
|
if ( columns.length < 1 ) {
|
||||||
return res.api((await ColumnDef.find({DatabaseId: db.UUID})).map(x => {
|
return res.api((await ColumnDef.find({DatabaseId: database.UUID})).map(x => {
|
||||||
x.additionalData = x.data()
|
x.additionalData = x.data()
|
||||||
return x
|
return x
|
||||||
}))
|
}))
|
||||||
@ -108,50 +70,22 @@ class FormDatabase extends Controller {
|
|||||||
.api()
|
.api()
|
||||||
}
|
}
|
||||||
|
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
if ( req.body.Name !== database.Name ) {
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
database.Name = req.body.Name
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
await database.version_save(`Changed database name to "${req.body.Name}"`, req.user.id)
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user, 'update') ) return req.security.deny()
|
|
||||||
|
|
||||||
if ( req.body.Name !== db.Name ) {
|
|
||||||
db.Name = req.body.Name
|
|
||||||
await db.version_save(`Changed database name to "${req.body.Name}"`, req.user.id)
|
|
||||||
} else {
|
} else {
|
||||||
await db.save()
|
await database.save()
|
||||||
}
|
}
|
||||||
|
|
||||||
return res.api(db)
|
return res.api(database)
|
||||||
}
|
}
|
||||||
|
|
||||||
async set_columns(req, res) {
|
async set_columns(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
const existing_columns = await ColumnDef.find({ DatabaseId: database.UUID })
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user, 'update') ) return req.security.deny()
|
|
||||||
|
|
||||||
const existing_columns = await ColumnDef.find({ DatabaseId: db.UUID })
|
|
||||||
const assoc_columns = []
|
const assoc_columns = []
|
||||||
existing_columns.forEach(col => assoc_columns[col.UUID] = col)
|
existing_columns.forEach(col => assoc_columns[col.UUID] = col)
|
||||||
|
|
||||||
@ -160,7 +94,7 @@ class FormDatabase extends Controller {
|
|||||||
if ( col.UUID && assoc_columns[col.UUID] ) {
|
if ( col.UUID && assoc_columns[col.UUID] ) {
|
||||||
assoc_columns[col.UUID].headerName = col.headerName
|
assoc_columns[col.UUID].headerName = col.headerName
|
||||||
assoc_columns[col.UUID].field = col.field
|
assoc_columns[col.UUID].field = col.field
|
||||||
assoc_columns[col.UUID].DatabaseId = db.UUID
|
assoc_columns[col.UUID].DatabaseId = database.UUID
|
||||||
assoc_columns[col.UUID].Type = col.Type
|
assoc_columns[col.UUID].Type = col.Type
|
||||||
assoc_columns[col.UUID].additionalData = JSON.stringify(col.additionalData)
|
assoc_columns[col.UUID].additionalData = JSON.stringify(col.additionalData)
|
||||||
await assoc_columns[col.UUID].version_save(`Updated in page "${page.Name}"`, req.user.id)
|
await assoc_columns[col.UUID].version_save(`Updated in page "${page.Name}"`, req.user.id)
|
||||||
@ -169,7 +103,7 @@ class FormDatabase extends Controller {
|
|||||||
const new_col = new ColumnDef({
|
const new_col = new ColumnDef({
|
||||||
headerName: col.headerName,
|
headerName: col.headerName,
|
||||||
field: col.field,
|
field: col.field,
|
||||||
DatabaseId: db.UUID,
|
DatabaseId: database.UUID,
|
||||||
Type: col.Type,
|
Type: col.Type,
|
||||||
additionalData: JSON.stringify(col.additionalData),
|
additionalData: JSON.stringify(col.additionalData),
|
||||||
})
|
})
|
||||||
@ -193,62 +127,34 @@ class FormDatabase extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const new_cols = update_columns.map(x => x.UUID)
|
const new_cols = update_columns.map(x => x.UUID)
|
||||||
const no_updates = (new_cols.length === db.ColumnIds.length) && (new_cols.every(val => db.ColumnIds.includes(val)));
|
const no_updates = (new_cols.length === database.ColumnIds.length) && (new_cols.every(val => database.ColumnIds.includes(val)));
|
||||||
if ( !no_updates ) {
|
if ( !no_updates ) {
|
||||||
db.ColumnIds = new_cols
|
database.ColumnIds = new_cols
|
||||||
await db.version_save('Updated columns', req.user.id)
|
await database.version_save('Updated columns', req.user.id)
|
||||||
} else {
|
} else {
|
||||||
await db.save()
|
await database.save()
|
||||||
}
|
}
|
||||||
|
|
||||||
return res.api(update_columns)
|
return res.api(update_columns)
|
||||||
}
|
}
|
||||||
|
|
||||||
async get_data(req, res) {
|
async get_data(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
const entries = await DBEntry.find({DatabaseId: database.UUID})
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
const entries = await DBEntry.find({DatabaseId: db.UUID})
|
|
||||||
entries.forEach(entry => entry.RowData.UUID = entry.UUID)
|
entries.forEach(entry => entry.RowData.UUID = entry.UUID)
|
||||||
|
|
||||||
return res.api(entries)
|
return res.api(entries)
|
||||||
}
|
}
|
||||||
|
|
||||||
async set_data(req, res) {
|
async set_data(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
await DBEntry.deleteMany({DatabaseId: database.UUID})
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
await DBEntry.deleteMany({DatabaseId: db.UUID})
|
|
||||||
|
|
||||||
const new_recs = []
|
const new_recs = []
|
||||||
for ( const rec of req.body ) {
|
for ( const rec of req.body ) {
|
||||||
const data = {DatabaseId: db.UUID}
|
const data = {DatabaseId: database.UUID}
|
||||||
if ( rec.UUID ) data.UUID = rec.UUID
|
if ( rec.UUID ) data.UUID = rec.UUID
|
||||||
delete rec.UUID
|
delete rec.UUID
|
||||||
data.RowData = rec
|
data.RowData = rec
|
||||||
@ -259,30 +165,16 @@ class FormDatabase extends Controller {
|
|||||||
new_recs.push(dbe)
|
new_recs.push(dbe)
|
||||||
}
|
}
|
||||||
|
|
||||||
await db.version_save('Updated data', req.user.id)
|
await database.version_save('Updated data', req.user.id)
|
||||||
return res.api(await this._set_indices(db, new_recs))
|
return res.api(await this._set_indices(database, new_recs))
|
||||||
}
|
}
|
||||||
|
|
||||||
async drop_database(req, res) {
|
async drop_database(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page, node, database } = req.form
|
||||||
|
|
||||||
let page = await Page.findOne({UUID: PageId})
|
await DBEntry.deleteMany({DatabaseId: database.UUID})
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
await database.version_save('Deleted', req.user.id)
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
await database.delete()
|
||||||
|
|
||||||
const NodeId = req.params.NodeId
|
|
||||||
|
|
||||||
let node = await Node.findOne({UUID: NodeId})
|
|
||||||
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
|
|
||||||
|
|
||||||
const DatabaseId = req.params.DatabaseId
|
|
||||||
const db = await Database.findOne({UUID: DatabaseId})
|
|
||||||
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
|
|
||||||
// if ( !db.accessible_by(req.user) ) return req.security.deny()
|
|
||||||
|
|
||||||
await DBEntry.deleteMany({DatabaseId: db.UUID})
|
|
||||||
await db.version_save('Deleted', req.user.id)
|
|
||||||
await db.delete()
|
|
||||||
return res.api({})
|
return res.api({})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
110
app/routing/middleware/api/DataInjection.middleware.js
Normal file
110
app/routing/middleware/api/DataInjection.middleware.js
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
const { Middleware } = require('libflitter')
|
||||||
|
|
||||||
|
class DataInjectionMiddleware extends Middleware {
|
||||||
|
static get services() {
|
||||||
|
return [...super.services, 'models']
|
||||||
|
}
|
||||||
|
|
||||||
|
// manage, update, view
|
||||||
|
async test(req, res, next, { access_level = 'view' }) {
|
||||||
|
if ( !req.user ) {
|
||||||
|
return res.status(401)
|
||||||
|
.message('Unauthenticated session.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( !req.form ) req.form = {}
|
||||||
|
|
||||||
|
// Try to load in the page
|
||||||
|
if ( !req.params.PageId ) return next()
|
||||||
|
|
||||||
|
const Page = this.models.get('api:Page')
|
||||||
|
const page = await Page.findOne({ UUID: req.params.PageId })
|
||||||
|
if ( !page ) {
|
||||||
|
return res.status(404)
|
||||||
|
.message('Invalid page ID.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure the user has access to the given page
|
||||||
|
if ( !(await page.is_accessible_by(req.user, access_level)) ) {
|
||||||
|
return res.status(401).api()
|
||||||
|
}
|
||||||
|
|
||||||
|
req.form.page = page
|
||||||
|
|
||||||
|
// Try to load in the node
|
||||||
|
if ( req.params.NodeId ) {
|
||||||
|
const Node = this.models.get('api:Node')
|
||||||
|
const node = await Node.findOne({ UUID: req.params.NodeId })
|
||||||
|
|
||||||
|
if ( !node || !page.NodeIds.includes(node.UUID) ) {
|
||||||
|
return res.status(404)
|
||||||
|
.message('Invalid node ID.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
req.form.node = node
|
||||||
|
}
|
||||||
|
|
||||||
|
// Try to load in the code snippets
|
||||||
|
if ( req.params.CodiumId ) {
|
||||||
|
const Codium = this.models.get('api:Codium')
|
||||||
|
const codium = await Codium.findOne({
|
||||||
|
UUID: req.params.CodiumId,
|
||||||
|
Active: true,
|
||||||
|
PageId: req.params.PageId,
|
||||||
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
||||||
|
})
|
||||||
|
|
||||||
|
if ( !codium ) {
|
||||||
|
return res.status(404)
|
||||||
|
.message('Invalid code snippet ID.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
req.form.codium = codium
|
||||||
|
}
|
||||||
|
|
||||||
|
// Try to load in the database
|
||||||
|
if ( req.params.DatabaseId ) {
|
||||||
|
const Database = this.models.get('api:db:Database')
|
||||||
|
const database = await Database.findOne({
|
||||||
|
UUID: req.params.DatabaseId,
|
||||||
|
Active: true,
|
||||||
|
PageId: req.params.PageId,
|
||||||
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
||||||
|
})
|
||||||
|
|
||||||
|
if ( !database ) {
|
||||||
|
return res.status(404)
|
||||||
|
.message('Invalid database ID.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
req.form.database = database
|
||||||
|
}
|
||||||
|
|
||||||
|
// Try to load in the file group
|
||||||
|
if ( req.params.FilesId ) {
|
||||||
|
const FileGroup = this.models.get('api:FileGroup')
|
||||||
|
const file_group = await FileGroup.findOne({
|
||||||
|
UUID: req.params.FilesId,
|
||||||
|
PageId: req.params.PageId,
|
||||||
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
||||||
|
})
|
||||||
|
|
||||||
|
if ( !file_group ) {
|
||||||
|
return res.status(404)
|
||||||
|
.message('Invalid file group ID.')
|
||||||
|
.api()
|
||||||
|
}
|
||||||
|
|
||||||
|
req.form.file_group = file_group
|
||||||
|
}
|
||||||
|
|
||||||
|
return next()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = exports = DataInjectionMiddleware
|
@ -6,17 +6,33 @@ module.exports = exports = {
|
|||||||
|
|
||||||
get: {
|
get: {
|
||||||
// Get the code ref node config for the specified code editor
|
// Get the code ref node config for the specified code editor
|
||||||
'/:PageId/:NodeId/get/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.get_config'],
|
'/:PageId/:NodeId/get/:CodiumId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:FormCode.get_config',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
post: {
|
post: {
|
||||||
// Create a new code ref config
|
// Create a new code ref config
|
||||||
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.create_new'],
|
'/:PageId/:NodeId/create': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormCode.create_new',
|
||||||
|
],
|
||||||
|
|
||||||
// Set the data for the specified code ref
|
// Set the data for the specified code ref
|
||||||
'/:PageId/:NodeId/set/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.set_values'],
|
'/:PageId/:NodeId/set/:CodiumId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormCode.set_values',
|
||||||
|
],
|
||||||
|
|
||||||
// delete the specified code ref
|
// delete the specified code ref
|
||||||
'/:PageId/:NodeId/delete/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.drop_code'],
|
'/:PageId/:NodeId/delete/:CodiumId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormCode.drop_code',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -6,29 +6,61 @@ module.exports = exports = {
|
|||||||
|
|
||||||
get: {
|
get: {
|
||||||
// Get the database ref node config for the specified database
|
// Get the database ref node config for the specified database
|
||||||
'/:PageId/:NodeId/get/:DatabaseId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_config'],
|
'/:PageId/:NodeId/get/:DatabaseId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:FormDatabase.get_config',
|
||||||
|
],
|
||||||
|
|
||||||
// Get the column config records for the specified database
|
// Get the column config records for the specified database
|
||||||
'/:PageId/:NodeId/get/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_columns' ],
|
'/:PageId/:NodeId/get/:DatabaseId/columns': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:FormDatabase.get_columns',
|
||||||
|
],
|
||||||
|
|
||||||
// Get the row records for the specified database
|
// Get the row records for the specified database
|
||||||
'/:PageId/:NodeId/get/:DatabaseId/data': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_data' ],
|
'/:PageId/:NodeId/get/:DatabaseId/data': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:FormDatabase.get_data',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
post: {
|
post: {
|
||||||
// Create a new database ref config
|
// Create a new database ref config
|
||||||
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.create_new'],
|
'/:PageId/:NodeId/create': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormDatabase.create_new',
|
||||||
|
],
|
||||||
|
|
||||||
// Set the column configs for a database ref
|
// Set the column configs for a database ref
|
||||||
'/:PageId/:NodeId/set/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_columns' ],
|
'/:PageId/:NodeId/set/:DatabaseId/columns': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormDatabase.set_columns',
|
||||||
|
],
|
||||||
|
|
||||||
// Set the database name
|
// Set the database name
|
||||||
'/:PageId/:NodeId/set/:DatabaseId/Name': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_name' ],
|
'/:PageId/:NodeId/set/:DatabaseId/Name': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormDatabase.set_name',
|
||||||
|
],
|
||||||
|
|
||||||
// Delete the specified database ref
|
// Delete the specified database ref
|
||||||
'/:PageId/:NodeId/drop/:DatabaseId': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.drop_database' ],
|
'/:PageId/:NodeId/drop/:DatabaseId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormDatabase.drop_database',
|
||||||
|
],
|
||||||
|
|
||||||
// Set the row data for the specified database ref
|
// Set the row data for the specified database ref
|
||||||
'/:PageId/:NodeId/set/:DatabaseId/data': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_data'],
|
'/:PageId/:NodeId/set/:DatabaseId/data': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:FormDatabase.set_data',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -6,21 +6,42 @@ module.exports = exports = {
|
|||||||
|
|
||||||
get: {
|
get: {
|
||||||
// Get the file ref node config for the specified file ref
|
// Get the file ref node config for the specified file ref
|
||||||
'/:PageId/:NodeId/get/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.get_config'],
|
'/:PageId/:NodeId/get/:FilesId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:File.get_config',
|
||||||
|
],
|
||||||
|
|
||||||
// Download the specified file ID from the specified file ref node
|
// Download the specified file ID from the specified file ref node
|
||||||
'/:PageId/:NodeId/get/:FilesId/:FileId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.download'],
|
'/:PageId/:NodeId/get/:FilesId/:FileId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:File.download',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
post: {
|
post: {
|
||||||
// FIXME - files, not file. Fix in front-end!
|
// FIXME - files, not file. Fix in front-end!
|
||||||
// Upload the file in the 'uploaded_file' key to the specified file ref node
|
// Upload the file in the 'uploaded_file' key to the specified file ref node
|
||||||
'/file/upload/:PageId/:NodeId/:FilesId': ['middleware::auth:ApiRoute', 'middleware::upload:UploadFile', 'controller::api:v1:File.save_upload'],
|
'/file/upload/:PageId/:NodeId/:FilesId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'middleware::upload:UploadFile',
|
||||||
|
'controller::api:v1:File.save_upload',
|
||||||
|
],
|
||||||
|
|
||||||
// Create a new file ref node
|
// Create a new file ref node
|
||||||
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:File.create_config'],
|
'/:PageId/:NodeId/create': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:File.create_config',
|
||||||
|
],
|
||||||
|
|
||||||
// Delete a file ref node and its files
|
// Delete a file ref node and its files
|
||||||
'/:PageId/:NodeId/delete/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.delete_group'],
|
'/:PageId/:NodeId/delete/:FilesId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:File.delete_group',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user