Finish cleaning up backend to use data injection MW
This commit is contained in:
parent
42b7ccad7f
commit
c569840618
@ -13,13 +13,7 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async revert_version(req, res, next) {
|
||||
const PageId = req.params.PageId
|
||||
const user = req.user
|
||||
|
||||
let page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
|
||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
||||
const { page } = req.form
|
||||
const level = await page.access_level_for(req.user)
|
||||
|
||||
if ( !req.body.version_num ) {
|
||||
@ -46,13 +40,7 @@ class Page extends Controller {
|
||||
|
||||
async get_page_versions(req, res, next) {
|
||||
const User = this.models.get('auth:User')
|
||||
const PageId = req.params.PageId
|
||||
const user = req.user
|
||||
|
||||
let page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
|
||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
||||
const { page } = req.form
|
||||
|
||||
const versions = page.version_archive.map(version_data => {
|
||||
return {
|
||||
@ -73,13 +61,9 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async get_page(req, res) {
|
||||
const PageId = req.params.PageId
|
||||
const user = req.user
|
||||
let { page } = req.form
|
||||
|
||||
let page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
|
||||
if ( !(await page.is_accessible_by(user)) ) return req.security.deny()
|
||||
const level = await page.access_level_for(req.user)
|
||||
|
||||
const version_num = req.body.version || req.query.version
|
||||
@ -100,7 +84,9 @@ class Page extends Controller {
|
||||
const PageId = req.params.PageId
|
||||
|
||||
let page;
|
||||
if ( PageId ) {
|
||||
if ( req.form.page ) {
|
||||
page = req.form.page
|
||||
} else if ( PageId ) {
|
||||
page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
|
||||
@ -154,14 +140,7 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async get_nodes(req, res) {
|
||||
const PageId = req.params.PageId
|
||||
|
||||
let page;
|
||||
if ( PageId ) {
|
||||
page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
if ( !(await page.is_accessible_by(req.user)) ) return req.security.deny()
|
||||
}
|
||||
let { page } = req.form
|
||||
|
||||
const version_num = req.body.version || req.query.version
|
||||
if ( version_num ) {
|
||||
@ -184,11 +163,7 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async save_node_to_page(req, res) {
|
||||
const PageId = req.params.PageId
|
||||
|
||||
const page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return res.security.deny()
|
||||
const { page } = req.form
|
||||
|
||||
const nodes = await Node.find({PageId: page.UUID})
|
||||
const assoc_nodes = {}
|
||||
@ -232,14 +207,7 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async save_nodes(req, res) {
|
||||
const PageId = req.params.PageId
|
||||
|
||||
let page;
|
||||
if ( PageId ) {
|
||||
page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
if ( !(await page.is_accessible_by(req.user, 'update')) ) return req.security.deny()
|
||||
}
|
||||
const { page } = req.form
|
||||
|
||||
const nodes = await Node.find({PageId: page.UUID})
|
||||
const assoc_nodes = {}
|
||||
@ -402,15 +370,8 @@ class Page extends Controller {
|
||||
}
|
||||
|
||||
async delete_page(req, res) {
|
||||
const PageId = req.params.PageId
|
||||
|
||||
let page;
|
||||
if ( PageId ) {
|
||||
page = await PageModel.findOne({UUID: PageId})
|
||||
if ( !page ) return res.status(404).message('Page not found with that ID.').api({})
|
||||
if ( !(await page.is_accessible_by(req.user, 'manage')) ) return req.security.deny()
|
||||
const { page } = req.form
|
||||
if ( page.ParentId === '0' ) return req.security.kickout()
|
||||
}
|
||||
|
||||
page.Active = false
|
||||
page.DeletedAt = new Date
|
||||
|
@ -5,34 +5,72 @@ module.exports = exports = {
|
||||
|
||||
get: {
|
||||
// Get the data for the specified page
|
||||
'/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page'],
|
||||
'/:PageId': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||
'controller::api:v1:Page.get_page',
|
||||
],
|
||||
|
||||
// Get the available versions of the given page
|
||||
'/:PageId/versions': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_page_versions'],
|
||||
'/:PageId/versions': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||
'controller::api:v1:Page.get_page_versions',
|
||||
],
|
||||
|
||||
// Get the nodes present on the specified page
|
||||
'/:PageId/nodes': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.get_nodes'],
|
||||
'/:PageId/nodes': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'view' }],
|
||||
'controller::api:v1:Page.get_nodes',
|
||||
],
|
||||
},
|
||||
|
||||
post: {
|
||||
// Save the data for the specified page
|
||||
'/:PageId/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_page'],
|
||||
'/:PageId/save': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||
'controller::api:v1:Page.save_page',
|
||||
],
|
||||
|
||||
// Revert the page to a previous version
|
||||
'/:PageId/versions/revert': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.revert_version'],
|
||||
'/:PageId/versions/revert': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'manage' }],
|
||||
'controller::api:v1:Page.revert_version',
|
||||
],
|
||||
|
||||
// Save the node data for the specified page
|
||||
'/:PageId/nodes/save': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_nodes'],
|
||||
'/:PageId/nodes/save': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||
'controller::api:v1:Page.save_nodes',
|
||||
],
|
||||
|
||||
'/:PageId/nodes/save_one': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.save_node_to_page'],
|
||||
'/:PageId/nodes/save_one': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'update' }],
|
||||
'controller::api:v1:Page.save_node_to_page',
|
||||
],
|
||||
|
||||
// Create a new page in the personal root
|
||||
'/create': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_top_level'],
|
||||
'/create': [
|
||||
'middleware::auth:ApiRoute',
|
||||
'controller::api:v1:Page.create_top_level',
|
||||
],
|
||||
|
||||
// Create a new page as a child of the specified page
|
||||
'/create-child': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.create_child'],
|
||||
'/create-child': [
|
||||
'middleware::auth:ApiRoute',
|
||||
'controller::api:v1:Page.create_child',
|
||||
],
|
||||
|
||||
// Delete the specified page
|
||||
'/delete/:PageId': ['middleware::auth:ApiRoute', 'controller::api:v1:Page.delete_page'],
|
||||
'/delete/:PageId': [
|
||||
'middleware::auth:ApiRoute',
|
||||
['middleware::api:DataInjection', { access_level: 'manage' }],
|
||||
'controller::api:v1:Page.delete_page',
|
||||
],
|
||||
},
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user