#4 - add support for sharing pages publicly, without login

2021-03-04 11:26:14 -06:00
parent 2f3d94adf3
commit 82605bb697
8 changed files with 139 additions and 15 deletions
--- a/app/routing/middleware/api/UserRoute.middleware.js
+++ b/app/routing/middleware/api/UserRoute.middleware.js
@@ -16,14 +16,14 @@ class UserRoute extends Middleware {
     * It should either call the next function in the stack,
     * or it should handle the response accordingly.
     */
-    async test(req, res, next, args = {}){
+    async test(req, res, next, {allow_public_user = false}){
        const User = this.models.get('auth:User')
        const user_id = req.form.user_id ? req.form.user_id : req.params.user_id

        if ( !user_id ) return res.status(400).message('Midding user_id.').api({})

        const user = await User.findById(user_id)
-        if ( !user ) return res.status(404).message('Unable to find user with that ID.').api({})
+        if ( !user && !allow_public_user ) return res.status(404).message('Unable to find user with that ID.').api({})

        if ( !req.form ) req.form = {}
        req.form.user = user
--- a/app/routing/middleware/auth/ApiRoute.middleware.js
+++ b/app/routing/middleware/auth/ApiRoute.middleware.js
@@ -5,7 +5,7 @@ class ApiRoute extends Middleware {
        return [...super.services, 'models']
    }

-    async test(req, res, next, { allow_public = false }) {
+    async test(req, res, next, { allow_public = true }) {
        // If we have an authenticated session, just continue
        if ( req.is_auth ) {
            return next()
--- a/app/routing/routers/api/v1/sharing.routes.js
+++ b/app/routing/routers/api/v1/sharing.routes.js
@@ -7,17 +7,15 @@ const index = {

    prefix: '/api/v1/share',

-    middleware: [
-        'auth:UserOnly',
-    ],
-
    get: {
        '/page/:PageId/info': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
            'controller::api:v1:Sharing.page_info',
        ],
        '/page/:PageId/link/:level': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_link'}],
            ['middleware::api:PageRoute', {level: 'manage'}],
            'controller::api:v1:Sharing.get_link',
@@ -27,19 +25,34 @@ const index = {
    post: {
        // Share a page with the specified user.
        '/page/:PageId/share': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_level' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
-            'middleware::api:UserRoute',
+            ['middleware::api:UserRoute', { allow_public_user: true }],
            'controller::api:v1:Sharing.share_page',
        ],

        // Unshare a page with the specified user.
        '/page/:PageId/revoke': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_user' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
-            'middleware::api:UserRoute',
+            ['middleware::api:UserRoute', { allow_public_user: true }],
            'controller::api:v1:Sharing.revoke_page',
        ],
+
+        // Check the public user's access to a given resource
+        '/check': [
+            ['middleware::api:RequiredFields', { form: 'sharing.permission_check'}],
+            ['middleware::auth:ApiRoute', { allow_public: true }],
+            'controller::api:v1:Sharing.permission_check',
+        ],
+
+        // Check the public user's access to a given page
+        '/check-page/:PageId/:level': [
+            ['middleware::auth:ApiRoute', { allow_public: true }],
+            'controller::api:v1:Sharing.permission_check_page',
+        ],
    },
 }