Finish cleaning up backend to use data injection MW
This commit is contained in:
parent
42b7ccad7f
commit
c569840618
GPG Key ID:
D2BF5FBA8298F246
@ -13,13 +13,7 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async revert_version(req, res, next) {
|
async revert_version(req, res, next) {
|
||||||
const PageId = req.params.PageId
|
const { page } = req.form
|
||||||
const user = req.user
|
|
||||||
|
|
||||||
let page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
|
|
||||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
|
||||||
const level = await page.access_level_for(req.user)
|
const level = await page.access_level_for(req.user)
|
||||||
|
|
||||||
if ( !req.body.version_num ) {
|
if ( !req.body.version_num ) {
|
||||||
@ -46,13 +40,7 @@ class Page extends Controller {
|
|||||||
|
|
||||||
async get_page_versions(req, res, next) {
|
async get_page_versions(req, res, next) {
|
||||||
const User = this.models.get('auth:User')
|
const User = this.models.get('auth:User')
|
||||||
const PageId = req.params.PageId
|
const { page } = req.form
|
||||||
const user = req.user
|
|
||||||
|
|
||||||
let page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
|
|
||||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
|
||||||
|
|
||||||
const versions = page.version_archive.map(version_data => {
|
const versions = page.version_archive.map(version_data => {
|
||||||
return {
|
return {
|
||||||
@ -73,13 +61,9 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async get_page(req, res) {
|
async get_page(req, res) {
|
||||||
const PageId = req.params.PageId
|
|
||||||
const user = req.user
|
const user = req.user
|
||||||
|
let { page } = req.form
|
||||||
|
|
||||||
let page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
|
|
||||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
|
||||||
const level = await page.access_level_for(req.user)
|
const level = await page.access_level_for(req.user)
|
||||||
|
|
||||||
const version_num = req.body.version || req.query.version
|
const version_num = req.body.version || req.query.version
|
||||||
@ -100,7 +84,9 @@ class Page extends Controller {
|
|||||||
const PageId = req.params.PageId
|
const PageId = req.params.PageId
|
||||||
|
|
||||||
let page;
|
let page;
|
||||||
if ( PageId ) {
|
if ( req.form.page ) {
|
||||||
|
page = req.form.page
|
||||||
|
} else if ( PageId ) {
|
||||||
page = await PageModel.findOne({UUID: PageId})
|
page = await PageModel.findOne({UUID: PageId})
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
|
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
|
||||||
@ -154,14 +140,7 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async get_nodes(req, res) {
|
async get_nodes(req, res) {
|
||||||
const PageId = req.params.PageId
|
let { page } = req.form
|
||||||
|
|
||||||
let page;
|
|
||||||
if ( PageId ) {
|
|
||||||
page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
|
||||||
}
|
|
||||||
|
|
||||||
const version_num = req.body.version || req.query.version
|
const version_num = req.body.version || req.query.version
|
||||||
if ( version_num ) {
|
if ( version_num ) {
|
||||||
@ -184,11 +163,7 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async save_node_to_page(req, res) {
|
async save_node_to_page(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page } = req.form
|
||||||
|
|
||||||
const page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
|
|
||||||
|
|
||||||
const nodes = await Node.find({PageId: page.UUID})
|
const nodes = await Node.find({PageId: page.UUID})
|
||||||
const assoc_nodes = {}
|
const assoc_nodes = {}
|
||||||
@ -232,14 +207,7 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async save_nodes(req, res) {
|
async save_nodes(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page } = req.form
|
||||||
|
|
||||||
let page;
|
|
||||||
if ( PageId ) {
|
|
||||||
page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
|
||||||
}
|
|
||||||
|
|
||||||
const nodes = await Node.find({PageId: page.UUID})
|
const nodes = await Node.find({PageId: page.UUID})
|
||||||
const assoc_nodes = {}
|
const assoc_nodes = {}
|
||||||
@ -402,15 +370,8 @@ class Page extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async delete_page(req, res) {
|
async delete_page(req, res) {
|
||||||
const PageId = req.params.PageId
|
const { page } = req.form
|
||||||
|
if ( page.ParentId === '0' ) return req.security.kickout()
|
||||||
let page;
|
|
||||||
if ( PageId ) {
|
|
||||||
page = await PageModel.findOne({UUID: PageId})
|
|
||||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
|
||||||
if ( !(await page.is_accessible_by(req.user, 'manage')) ) return req.security.deny()
|
|
||||||
if ( page.ParentId === '0' ) return req.security.kickout()
|
|
||||||
}
|
|
||||||
|
|
||||||
page.Active = false
|
page.Active = false
|
||||||
page.DeletedAt = new Date
|
page.DeletedAt = new Date
|
||||||
|
|||||||
@ -5,34 +5,72 @@ module.exports = exports = {
|
|||||||
|
|
||||||
get: {
|
get: {
|
||||||
// Get the data for the specified page
|
// Get the data for the specified page
|
||||||
'/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page'],
|
'/:PageId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:Page.get_page',
|
||||||
|
],
|
||||||
|
|
||||||
// Get the available versions of the given page
|
// Get the available versions of the given page
|
||||||
'/:PageId/versions': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page_versions'],
|
'/:PageId/versions': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:Page.get_page_versions',
|
||||||
|
],
|
||||||
|
|
||||||
// Get the nodes present on the specified page
|
// Get the nodes present on the specified page
|
||||||
'/:PageId/nodes': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_nodes'],
|
'/:PageId/nodes': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||||
|
'controller::api:v1:Page.get_nodes',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
|
|
||||||
post: {
|
post: {
|
||||||
// Save the data for the specified page
|
// Save the data for the specified page
|
||||||
'/:PageId/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_page'],
|
'/:PageId/save': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:Page.save_page',
|
||||||
|
],
|
||||||
|
|
||||||
// Revert the page to a previous version
|
// Revert the page to a previous version
|
||||||
'/:PageId/versions/revert': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.revert_version'],
|
'/:PageId/versions/revert': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'manage' }],
|
||||||
|
'controller::api:v1:Page.revert_version',
|
||||||
|
],
|
||||||
|
|
||||||
// Save the node data for the specified page
|
// Save the node data for the specified page
|
||||||
'/:PageId/nodes/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_nodes'],
|
'/:PageId/nodes/save': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:Page.save_nodes',
|
||||||
|
],
|
||||||
|
|
||||||
'/:PageId/nodes/save_one': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_node_to_page'],
|
'/:PageId/nodes/save_one': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||||
|
'controller::api:v1:Page.save_node_to_page',
|
||||||
|
],
|
||||||
|
|
||||||
// Create a new page in the personal root
|
// Create a new page in the personal root
|
||||||
'/create': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_top_level'],
|
'/create': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
'controller::api:v1:Page.create_top_level',
|
||||||
|
],
|
||||||
|
|
||||||
// Create a new page as a child of the specified page
|
// Create a new page as a child of the specified page
|
||||||
'/create-child': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_child'],
|
'/create-child': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
'controller::api:v1:Page.create_child',
|
||||||
|
],
|
||||||
|
|
||||||
// Delete the specified page
|
// Delete the specified page
|
||||||
'/delete/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.delete_page'],
|
'/delete/:PageId': [
|
||||||
|
'middleware::auth:ApiRoute',
|
||||||
|
['middleware::api:DataInjection', { access_level: 'manage' }],
|
||||||
|
'controller::api:v1:Page.delete_page',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user