#4 - add support for sharing pages publicly, without login

2021-03-04 11:26:14 -06:00
parent 2f3d94adf3
commit 82605bb697
8 changed files with 139 additions and 15 deletions
--- a/app/routing/routers/api/v1/sharing.routes.js
+++ b/app/routing/routers/api/v1/sharing.routes.js
@@ -7,17 +7,15 @@ const index = {

    prefix: '/api/v1/share',

-    middleware: [
-        'auth:UserOnly',
-    ],
-
    get: {
        '/page/:PageId/info': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
            'controller::api:v1:Sharing.page_info',
        ],
        '/page/:PageId/link/:level': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_link'}],
            ['middleware::api:PageRoute', {level: 'manage'}],
            'controller::api:v1:Sharing.get_link',
@@ -27,19 +25,34 @@ const index = {
    post: {
        // Share a page with the specified user.
        '/page/:PageId/share': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_level' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
-            'middleware::api:UserRoute',
+            ['middleware::api:UserRoute', { allow_public_user: true }],
            'controller::api:v1:Sharing.share_page',
        ],

        // Unshare a page with the specified user.
        '/page/:PageId/revoke': [
+            'middleware::auth:UserOnly',
            ['middleware::api:RequiredFields', { form: 'sharing.page_user' }],
            ['middleware::api:PageRoute', {level: 'manage'}],
-            'middleware::api:UserRoute',
+            ['middleware::api:UserRoute', { allow_public_user: true }],
            'controller::api:v1:Sharing.revoke_page',
        ],
+
+        // Check the public user's access to a given resource
+        '/check': [
+            ['middleware::api:RequiredFields', { form: 'sharing.permission_check'}],
+            ['middleware::auth:ApiRoute', { allow_public: true }],
+            'controller::api:v1:Sharing.permission_check',
+        ],
+
+        // Check the public user's access to a given page
+        '/check-page/:PageId/:level': [
+            ['middleware::auth:ApiRoute', { allow_public: true }],
+            'controller::api:v1:Sharing.permission_check_page',
+        ],
    },
 }