Finish cleaning up backend to use data injection MW
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing

This commit is contained in:
Garrett Mills 2020-11-12 21:26:36 -06:00
parent 42b7ccad7f
commit c569840618
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
2 changed files with 59 additions and 60 deletions

View File

@ -13,13 +13,7 @@ class Page extends Controller {
} }
async revert_version(req, res, next) { async revert_version(req, res, next) {
const PageId = req.params.PageId const { page } = req.form
const user = req.user
let page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
const level = await page.access_level_for(req.user) const level = await page.access_level_for(req.user)
if ( !req.body.version_num ) { if ( !req.body.version_num ) {
@ -46,13 +40,7 @@ class Page extends Controller {
async get_page_versions(req, res, next) { async get_page_versions(req, res, next) {
const User = this.models.get('auth:User') const User = this.models.get('auth:User')
const PageId = req.params.PageId const { page } = req.form
const user = req.user
let page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
const versions = page.version_archive.map(version_data => { const versions = page.version_archive.map(version_data => {
return { return {
@ -73,13 +61,9 @@ class Page extends Controller {
} }
async get_page(req, res) { async get_page(req, res) {
const PageId = req.params.PageId
const user = req.user const user = req.user
let { page } = req.form
let page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
const level = await page.access_level_for(req.user) const level = await page.access_level_for(req.user)
const version_num = req.body.version || req.query.version const version_num = req.body.version || req.query.version
@ -100,7 +84,9 @@ class Page extends Controller {
const PageId = req.params.PageId const PageId = req.params.PageId
let page; let page;
if ( PageId ) { if ( req.form.page ) {
page = req.form.page
} else if ( PageId ) {
page = await PageModel.findOne({UUID: PageId}) page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({}) if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny() if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
@ -154,14 +140,7 @@ class Page extends Controller {
} }
async get_nodes(req, res) { async get_nodes(req, res) {
const PageId = req.params.PageId let { page } = req.form
let page;
if ( PageId ) {
page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
}
const version_num = req.body.version || req.query.version const version_num = req.body.version || req.query.version
if ( version_num ) { if ( version_num ) {
@ -184,11 +163,7 @@ class Page extends Controller {
} }
async save_node_to_page(req, res) { async save_node_to_page(req, res) {
const PageId = req.params.PageId const { page } = req.form
const page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
const nodes = await Node.find({PageId: page.UUID}) const nodes = await Node.find({PageId: page.UUID})
const assoc_nodes = {} const assoc_nodes = {}
@ -232,14 +207,7 @@ class Page extends Controller {
} }
async save_nodes(req, res) { async save_nodes(req, res) {
const PageId = req.params.PageId const { page } = req.form
let page;
if ( PageId ) {
page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
}
const nodes = await Node.find({PageId: page.UUID}) const nodes = await Node.find({PageId: page.UUID})
const assoc_nodes = {} const assoc_nodes = {}
@ -402,15 +370,8 @@ class Page extends Controller {
} }
async delete_page(req, res) { async delete_page(req, res) {
const PageId = req.params.PageId const { page } = req.form
let page;
if ( PageId ) {
page = await PageModel.findOne({UUID: PageId})
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
if ( !(await page.is_accessible_by(req.user, 'manage')) ) return req.security.deny()
if ( page.ParentId === '0' ) return req.security.kickout() if ( page.ParentId === '0' ) return req.security.kickout()
}
page.Active = false page.Active = false
page.DeletedAt = new Date page.DeletedAt = new Date

View File

@ -5,34 +5,72 @@ module.exports = exports = {
get: { get: {
// Get the data for the specified page // Get the data for the specified page
'/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page'], '/:PageId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:Page.get_page',
],
// Get the available versions of the given page // Get the available versions of the given page
'/:PageId/versions': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page_versions'], '/:PageId/versions': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:Page.get_page_versions',
],
// Get the nodes present on the specified page // Get the nodes present on the specified page
'/:PageId/nodes': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_nodes'], '/:PageId/nodes': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'view' }],
'controller::api:v1:Page.get_nodes',
],
}, },
post: { post: {
// Save the data for the specified page // Save the data for the specified page
'/:PageId/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_page'], '/:PageId/save': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:Page.save_page',
],
// Revert the page to a previous version // Revert the page to a previous version
'/:PageId/versions/revert': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.revert_version'], '/:PageId/versions/revert': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'manage' }],
'controller::api:v1:Page.revert_version',
],
// Save the node data for the specified page // Save the node data for the specified page
'/:PageId/nodes/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_nodes'], '/:PageId/nodes/save': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:Page.save_nodes',
],
'/:PageId/nodes/save_one': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_node_to_page'], '/:PageId/nodes/save_one': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'update' }],
'controller::api:v1:Page.save_node_to_page',
],
// Create a new page in the personal root // Create a new page in the personal root
'/create': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_top_level'], '/create': [
'middleware::auth:ApiRoute',
'controller::api:v1:Page.create_top_level',
],
// Create a new page as a child of the specified page // Create a new page as a child of the specified page
'/create-child': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_child'], '/create-child': [
'middleware::auth:ApiRoute',
'controller::api:v1:Page.create_child',
],
// Delete the specified page // Delete the specified page
'/delete/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.delete_page'], '/delete/:PageId': [
'middleware::auth:ApiRoute',
['middleware::api:DataInjection', { access_level: 'manage' }],
'controller::api:v1:Page.delete_page',
],
}, },
} }