Create data injection middleware and start centralizing lookups
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing

This commit is contained in:
Garrett Mills 2020-11-11 13:54:20 -06:00
parent 9df5f2d5f4
commit 42b7ccad7f
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
7 changed files with 250 additions and 290 deletions

View File

@ -15,16 +15,7 @@ class File extends Controller {
}
async create_config(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const { page, node } = req.form
const group = new FileGroup({
NodeId: node.UUID,
@ -47,70 +38,30 @@ class File extends Controller {
}
async get_config(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const group = await FileGroup.findOne({UUID: req.params.FilesId})
if ( !group ) return res.status(404).message('Invalid file group.').api({})
// if ( !group.accessible_by(req.user) ) return req.security.deny()
const { page, node, file_group } = req.form
const File = this.models.get('upload::File')
const files = await File.find({_id: {$in: group.FileIds.map(x => ObjectId(x))}})
group.files = files
file_group.files = await File.find({_id: {$in: file_group.FileIds.map(x => ObjectId(x))}})
return res.api(group)
return res.api(file_group)
}
async save_upload(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const group = await FileGroup.findOne({UUID: req.params.FilesId})
if ( !group ) return res.status(404).message('Invalid file group.').api({})
// if ( !group.accessible_by(req.user) ) return req.security.deny()
const { page, node, file_group } = req.form
let file_name = ''
if ( req.uploads.uploaded_file ) {
group.FileIds.push(req.uploads.uploaded_file.id)
file_group.FileIds.push(req.uploads.uploaded_file.id)
}
await group.version_save(`Added file${file_name ? ' "'+file_name+'"' : ''}`, req.user.id)
await file_group.version_save(`Added file${file_name ? ' "'+file_name+'"' : ''}`, req.user.id)
return res.redirect(req.body.redirectTo ? req.body.redirectTo : '/')
}
async download(req, res) {
const PageId = req.params.PageId
const { page, node, file_group } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const group = await FileGroup.findOne({UUID: req.params.FilesId})
if ( !group ) return res.status(404).message('Invalid file group.').api({})
// if ( !group.accessible_by(req.user) ) return req.security.deny()
if ( !group.FileIds.includes(req.params.FileId) ) {
if ( !file_group.FileIds.includes(req.params.FileId) ) {
return req.security.deny()
}
@ -122,22 +73,9 @@ class File extends Controller {
}
async delete_group(req, res) {
const PageId = req.params.PageId
const { page, node, file_group } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const group = await FileGroup.findOne({UUID: req.params.FilesId})
if ( !group ) return res.status(404).message('Invalid file group.').api({})
// if ( !group.accessible_by(req.user) ) return req.security.deny()
await group.delete()
await file_group.delete()
return res.api({})
}
}

View File

@ -1,7 +1,5 @@
const Controller = require('libflitter/controller/Controller')
const Codium = require('../../../models/api/Codium.model')
const Page = require('../../../models/api/Page.model')
const Node = require('../../../models/api/Node.model')
/*
* FormCode Controller
@ -11,16 +9,7 @@ const Node = require('../../../models/api/Node.model')
class FormCode extends Controller {
async create_new(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const { page, node } = req.form
const code = new Codium({
NodeId: node.UUID,
@ -48,63 +37,25 @@ class FormCode extends Controller {
}
async get_config(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const code = await Codium.findOne({UUID: req.params.CodiumId})
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
return res.api(code)
return res.api(req.form.codium)
}
async set_values(req, res) {
const PageId = req.params.PageId
const { page, node, codium } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const code = await Codium.findOne({UUID: req.params.CodiumId})
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
code.code = req.body.code
code.Language = req.body.Language
code.NodeId = node.UUID
code.PageId = page.UUID
await code.version_save(`Updated in page "${page.Name}"`, req.user.id)
return res.api(code)
codium.code = req.body.code
codium.Language = req.body.Language
codium.NodeId = node.UUID
codium.PageId = page.UUID
await codium.version_save(`Updated in page "${page.Name}"`, req.user.id)
return res.api(codium)
}
async drop_code(req, res) {
const PageId = req.params.PageId
const { codium } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const code = await Codium.findOne({UUID: req.params.CodiumId})
if ( !code ) return res.status(404).message('Unable to find code with that ID.').api({})
code.Active = false
await code.version_save(`Deleted`, req.user.id)
codium.Active = false
await codium.version_save(`Deleted`, req.user.id)
return res.api({})
}
}

View File

@ -1,6 +1,4 @@
const Controller = require('libflitter/controller/Controller')
const Page = require('../../../models/api/Page.model')
const Node = require('../../../models/api/Node.model')
const Database = require('../../../models/api/db/Database.model')
const ColumnDef = require('../../../models/api/db/ColumnDef.model')
const DBEntry = require('../../../models/api/db/DBEntry.model')
@ -13,16 +11,7 @@ const DBEntry = require('../../../models/api/db/DBEntry.model')
class FormDatabase extends Controller {
async create_new(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const { page, node } = req.form
const db = new Database({
Name: req.body.name || req.body.Name || 'New Database',
@ -46,43 +35,16 @@ class FormDatabase extends Controller {
}
async get_config(req, res) {
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user) ) return req.security.deny()
return res.api(db)
return res.api(database)
}
async get_columns(req, res) {
const PageId = req.params.PageId
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
const { page, node, database } = req.form
const columns = []
for ( const col_id of db.ColumnIds ) {
for ( const col_id of database.ColumnIds ) {
const rec = await ColumnDef.findOne({UUID: col_id})
if ( rec ) {
rec.additionalData = rec.data()
@ -92,7 +54,7 @@ class FormDatabase extends Controller {
// Fallback for backwards compat
if ( columns.length < 1 ) {
return res.api((await ColumnDef.find({DatabaseId: db.UUID})).map(x => {
return res.api((await ColumnDef.find({DatabaseId: database.UUID})).map(x => {
x.additionalData = x.data()
return x
}))
@ -108,50 +70,22 @@ class FormDatabase extends Controller {
.api()
}
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user, 'update') ) return req.security.deny()
if ( req.body.Name !== db.Name ) {
db.Name = req.body.Name
await db.version_save(`Changed database name to "${req.body.Name}"`, req.user.id)
if ( req.body.Name !== database.Name ) {
database.Name = req.body.Name
await database.version_save(`Changed database name to "${req.body.Name}"`, req.user.id)
} else {
await db.save()
await database.save()
}
return res.api(db)
return res.api(database)
}
async set_columns(req, res) {
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user, 'update') ) return req.security.deny()
const existing_columns = await ColumnDef.find({ DatabaseId: db.UUID })
const existing_columns = await ColumnDef.find({ DatabaseId: database.UUID })
const assoc_columns = []
existing_columns.forEach(col => assoc_columns[col.UUID] = col)
@ -160,7 +94,7 @@ class FormDatabase extends Controller {
if ( col.UUID && assoc_columns[col.UUID] ) {
assoc_columns[col.UUID].headerName = col.headerName
assoc_columns[col.UUID].field = col.field
assoc_columns[col.UUID].DatabaseId = db.UUID
assoc_columns[col.UUID].DatabaseId = database.UUID
assoc_columns[col.UUID].Type = col.Type
assoc_columns[col.UUID].additionalData = JSON.stringify(col.additionalData)
await assoc_columns[col.UUID].version_save(`Updated in page "${page.Name}"`, req.user.id)
@ -169,7 +103,7 @@ class FormDatabase extends Controller {
const new_col = new ColumnDef({
headerName: col.headerName,
field: col.field,
DatabaseId: db.UUID,
DatabaseId: database.UUID,
Type: col.Type,
additionalData: JSON.stringify(col.additionalData),
})
@ -193,62 +127,34 @@ class FormDatabase extends Controller {
}
const new_cols = update_columns.map(x => x.UUID)
const no_updates = (new_cols.length === db.ColumnIds.length) && (new_cols.every(val => db.ColumnIds.includes(val)));
const no_updates = (new_cols.length === database.ColumnIds.length) && (new_cols.every(val => database.ColumnIds.includes(val)));
if ( !no_updates ) {
db.ColumnIds = new_cols
await db.version_save('Updated columns', req.user.id)
database.ColumnIds = new_cols
await database.version_save('Updated columns', req.user.id)
} else {
await db.save()
await database.save()
}
return res.api(update_columns)
}
async get_data(req, res) {
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user) ) return req.security.deny()
const entries = await DBEntry.find({DatabaseId: db.UUID})
const entries = await DBEntry.find({DatabaseId: database.UUID})
entries.forEach(entry => entry.RowData.UUID = entry.UUID)
return res.api(entries)
}
async set_data(req, res) {
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user) ) return req.security.deny()
await DBEntry.deleteMany({DatabaseId: db.UUID})
await DBEntry.deleteMany({DatabaseId: database.UUID})
const new_recs = []
for ( const rec of req.body ) {
const data = {DatabaseId: db.UUID}
const data = {DatabaseId: database.UUID}
if ( rec.UUID ) data.UUID = rec.UUID
delete rec.UUID
data.RowData = rec
@ -259,30 +165,16 @@ class FormDatabase extends Controller {
new_recs.push(dbe)
}
await db.version_save('Updated data', req.user.id)
return res.api(await this._set_indices(db, new_recs))
await database.version_save('Updated data', req.user.id)
return res.api(await this._set_indices(database, new_recs))
}
async drop_database(req, res) {
const PageId = req.params.PageId
const { page, node, database } = req.form
let page = await Page.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
const NodeId = req.params.NodeId
let node = await Node.findOne({UUID: NodeId})
if ( !node ) return res.status(404).message('Node not found with that ID.').api({})
const DatabaseId = req.params.DatabaseId
const db = await Database.findOne({UUID: DatabaseId})
if ( !db ) return res.status(404).message('Database not found with that ID.').api({})
// if ( !db.accessible_by(req.user) ) return req.security.deny()
await DBEntry.deleteMany({DatabaseId: db.UUID})
await db.version_save('Deleted', req.user.id)
await db.delete()
await DBEntry.deleteMany({DatabaseId: database.UUID})
await database.version_save('Deleted', req.user.id)
await database.delete()
return res.api({})
}

View File

@ -0,0 +1,110 @@
const { Middleware } = require('libflitter')
class DataInjectionMiddleware extends Middleware {
static get services() {
return [...super.services, 'models']
}
// manage, update, view
async test(req, res, next, { access_level = 'view' }) {
if ( !req.user ) {
return res.status(401)
.message('Unauthenticated session.')
.api()
}
if ( !req.form ) req.form = {}
// Try to load in the page
if ( !req.params.PageId ) return next()
const Page = this.models.get('api:Page')
const page = await Page.findOne({ UUID: req.params.PageId })
if ( !page ) {
return res.status(404)
.message('Invalid page ID.')
.api()
}
// Make sure the user has access to the given page
if ( !(await page.is_accessible_by(req.user, access_level)) ) {
return res.status(401).api()
}
req.form.page = page
// Try to load in the node
if ( req.params.NodeId ) {
const Node = this.models.get('api:Node')
const node = await Node.findOne({ UUID: req.params.NodeId })
if ( !node || !page.NodeIds.includes(node.UUID) ) {
return res.status(404)
.message('Invalid node ID.')
.api()
}
req.form.node = node
}
// Try to load in the code snippets
if ( req.params.CodiumId ) {
const Codium = this.models.get('api:Codium')
const codium = await Codium.findOne({
UUID: req.params.CodiumId,
Active: true,
PageId: req.params.PageId,
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
})
if ( !codium ) {
return res.status(404)
.message('Invalid code snippet ID.')
.api()
}
req.form.codium = codium
}
// Try to load in the database
if ( req.params.DatabaseId ) {
const Database = this.models.get('api:db:Database')
const database = await Database.findOne({
UUID: req.params.DatabaseId,
Active: true,
PageId: req.params.PageId,
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
})
if ( !database ) {
return res.status(404)
.message('Invalid database ID.')
.api()
}
req.form.database = database
}
// Try to load in the file group
if ( req.params.FilesId ) {
const FileGroup = this.models.get('api:FileGroup')
const file_group = await FileGroup.findOne({
UUID: req.params.FilesId,
PageId: req.params.PageId,
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
})
if ( !file_group ) {
return res.status(404)
.message('Invalid file group ID.')
.api()
}
req.form.file_group = file_group
}
return next()
}
}
module.exports = exports = DataInjectionMiddleware

View File

@ -6,17 +6,33 @@ module.exports = exports = {
get: {
// Get the code ref node config for the specified code editor
'/:PageId/:NodeId/get/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.get_config'],
'/:PageId/:NodeId/get/:CodiumId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:FormCode.get_config',
],
},
post: {
// Create a new code ref config
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.create_new'],
'/:PageId/:NodeId/create': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormCode.create_new',
],
// Set the data for the specified code ref
'/:PageId/:NodeId/set/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.set_values'],
'/:PageId/:NodeId/set/:CodiumId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormCode.set_values',
],
// delete the specified code ref
'/:PageId/:NodeId/delete/:CodiumId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormCode.drop_code'],
'/:PageId/:NodeId/delete/:CodiumId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormCode.drop_code',
],
},
}

View File

@ -6,29 +6,61 @@ module.exports = exports = {
get: {
// Get the database ref node config for the specified database
'/:PageId/:NodeId/get/:DatabaseId': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_config'],
'/:PageId/:NodeId/get/:DatabaseId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:FormDatabase.get_config',
],
// Get the column config records for the specified database
'/:PageId/:NodeId/get/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_columns' ],
'/:PageId/:NodeId/get/:DatabaseId/columns': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:FormDatabase.get_columns',
],
// Get the row records for the specified database
'/:PageId/:NodeId/get/:DatabaseId/data': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.get_data' ],
'/:PageId/:NodeId/get/:DatabaseId/data': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:FormDatabase.get_data',
],
},
post: {
// Create a new database ref config
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.create_new'],
'/:PageId/:NodeId/create': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormDatabase.create_new',
],
// Set the column configs for a database ref
'/:PageId/:NodeId/set/:DatabaseId/columns': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_columns' ],
'/:PageId/:NodeId/set/:DatabaseId/columns': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormDatabase.set_columns',
],
// Set the database name
'/:PageId/:NodeId/set/:DatabaseId/Name': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_name' ],
'/:PageId/:NodeId/set/:DatabaseId/Name': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormDatabase.set_name',
],
// Delete the specified database ref
'/:PageId/:NodeId/drop/:DatabaseId': [ 'middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.drop_database' ],
'/:PageId/:NodeId/drop/:DatabaseId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormDatabase.drop_database',
],
// Set the row data for the specified database ref
'/:PageId/:NodeId/set/:DatabaseId/data': ['middleware::auth:ApiRoute', 'controller::api:v1:FormDatabase.set_data'],
'/:PageId/:NodeId/set/:DatabaseId/data': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:FormDatabase.set_data',
],
},
}

View File

@ -6,21 +6,42 @@ module.exports = exports = {
get: {
// Get the file ref node config for the specified file ref
'/:PageId/:NodeId/get/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.get_config'],
'/:PageId/:NodeId/get/:FilesId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:File.get_config',
],
// Download the specified file ID from the specified file ref node
'/:PageId/:NodeId/get/:FilesId/:FileId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.download'],
'/:PageId/:NodeId/get/:FilesId/:FileId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:File.download',
],
},
post: {
// FIXME - files, not file. Fix in front-end!
// Upload the file in the 'uploaded_file' key to the specified file ref node
'/file/upload/:PageId/:NodeId/:FilesId': ['middleware::auth:ApiRoute', 'middleware::upload:UploadFile', 'controller::api:v1:File.save_upload'],
'/file/upload/:PageId/:NodeId/:FilesId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'middleware::upload:UploadFile',
'controller::api:v1:File.save_upload',
],
// Create a new file ref node
'/:PageId/:NodeId/create': ['middleware::auth:ApiRoute', 'controller::api:v1:File.create_config'],
'/:PageId/:NodeId/create': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:File.create_config',
],
// Delete a file ref node and its files
'/:PageId/:NodeId/delete/:FilesId': ['middleware::auth:ApiRoute', 'controller::api:v1:File.delete_group'],
'/:PageId/:NodeId/delete/:FilesId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:File.delete_group',
],
},
}