diff --git a/app/controllers/api/v1/Page.controller.js b/app/controllers/api/v1/Page.controller.js index b4de4d2..d9f9193 100644 --- a/app/controllers/api/v1/Page.controller.js +++ b/app/controllers/api/v1/Page.controller.js @@ -13,13 +13,7 @@ class Page extends Controller { } async revert_version(req, res, next) { - const PageId = req.params.PageId - const user = req.user - - let page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - - if ( !(await page.is_accessible_by(user)) ) return req.security.deny() + const { page } = req.form const level = await page.access_level_for(req.user) if ( !req.body.version_num ) { @@ -46,13 +40,7 @@ class Page extends Controller { async get_page_versions(req, res, next) { const User = this.models.get('auth:User') - const PageId = req.params.PageId - const user = req.user - - let page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - - if ( !(await page.is_accessible_by(user)) ) return req.security.deny() + const { page } = req.form const versions = page.version_archive.map(version_data => { return { @@ -73,13 +61,9 @@ class Page extends Controller { } async get_page(req, res) { - const PageId = req.params.PageId const user = req.user + let { page } = req.form - let page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - - if ( !(await page.is_accessible_by(user)) ) return req.security.deny() const level = await page.access_level_for(req.user) const version_num = req.body.version || req.query.version @@ -100,7 +84,9 @@ class Page extends Controller { const PageId = req.params.PageId let page; - if ( PageId ) { + if ( req.form.page ) { + page = req.form.page + } else if ( PageId ) { page = await PageModel.findOne({UUID: PageId}) if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny() @@ -154,14 +140,7 @@ class Page extends Controller { } async get_nodes(req, res) { - const PageId = req.params.PageId - - let page; - if ( PageId ) { - page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny() - } + let { page } = req.form const version_num = req.body.version || req.query.version if ( version_num ) { @@ -184,11 +163,7 @@ class Page extends Controller { } async save_node_to_page(req, res) { - const PageId = req.params.PageId - - const page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny() + const { page } = req.form const nodes = await Node.find({PageId: page.UUID}) const assoc_nodes = {} @@ -232,14 +207,7 @@ class Page extends Controller { } async save_nodes(req, res) { - const PageId = req.params.PageId - - let page; - if ( PageId ) { - page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny() - } + const { page } = req.form const nodes = await Node.find({PageId: page.UUID}) const assoc_nodes = {} @@ -402,15 +370,8 @@ class Page extends Controller { } async delete_page(req, res) { - const PageId = req.params.PageId - - let page; - if ( PageId ) { - page = await PageModel.findOne({UUID: PageId}) - if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) - if ( !(await page.is_accessible_by(req.user, 'manage')) ) return req.security.deny() - if ( page.ParentId === '0' ) return req.security.kickout() - } + const { page } = req.form + if ( page.ParentId === '0' ) return req.security.kickout() page.Active = false page.DeletedAt = new Date diff --git a/app/routing/routers/api/v1/page.routes.js b/app/routing/routers/api/v1/page.routes.js index e74cdd8..cdca034 100644 --- a/app/routing/routers/api/v1/page.routes.js +++ b/app/routing/routers/api/v1/page.routes.js @@ -5,34 +5,72 @@ module.exports = exports = { get: { // Get the data for the specified page - '/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page'], + '/:PageId': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'view' }], + 'controller::api:v1:Page.get_page', + ], // Get the available versions of the given page - '/:PageId/versions': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page_versions'], + '/:PageId/versions': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'view' }], + 'controller::api:v1:Page.get_page_versions', + ], // Get the nodes present on the specified page - '/:PageId/nodes': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_nodes'], + '/:PageId/nodes': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'view' }], + 'controller::api:v1:Page.get_nodes', + ], }, post: { // Save the data for the specified page - '/:PageId/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_page'], + '/:PageId/save': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'update' }], + 'controller::api:v1:Page.save_page', + ], // Revert the page to a previous version - '/:PageId/versions/revert': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.revert_version'], + '/:PageId/versions/revert': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'manage' }], + 'controller::api:v1:Page.revert_version', + ], // Save the node data for the specified page - '/:PageId/nodes/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_nodes'], + '/:PageId/nodes/save': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'update' }], + 'controller::api:v1:Page.save_nodes', + ], - '/:PageId/nodes/save_one': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_node_to_page'], + '/:PageId/nodes/save_one': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'update' }], + 'controller::api:v1:Page.save_node_to_page', + ], // Create a new page in the personal root - '/create': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_top_level'], + '/create': [ + 'middleware::auth:ApiRoute', + 'controller::api:v1:Page.create_top_level', + ], // Create a new page as a child of the specified page - '/create-child': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_child'], + '/create-child': [ + 'middleware::auth:ApiRoute', + 'controller::api:v1:Page.create_child', + ], // Delete the specified page - '/delete/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.delete_page'], + '/delete/:PageId': [ + 'middleware::auth:ApiRoute', + ['middleware::api:DataInjection', { access_level: 'manage' }], + 'controller::api:v1:Page.delete_page', + ], }, }