backend/app/controllers/api/v1/Sharing.controller.js

const Controller = require('libflitter/controller/Controller')

/*
 * Sharing Controller
 * -------------------------------------------------------------
 * Put some description here!
 */
class Sharing extends Controller {
    static get services() {
        return [...super.services, 'models']
    }

    async share_page(req, res) {
        const level = req.form.level
        await req.form.page.share_with(req.form.user, level)
        return res.api({})
    }

    async revoke_page(req, res) {
        await req.form.page.unshare_with(req.form.user)
        return res.api({})
    }

    async page_info(req, res) {
         const data = {
            view: (await req.form.page.view_users).map(x => {
                return {username: x.uid, id: x.id, level: 'view'}
            }),
            update: (await req.form.page.update_users).map(x => {
                return {username: x.uid, id: x.id, level: 'update'}
            }),
            manage: (await req.form.page.manage_users).map(x => {
                return {username: x.uid, id: x.id, level: 'manage'}
            }),
        }

        return res.api(data)
    }

    async get_link(req, res) {
        const KeyAction = this.models.get('auth:KeyAction')
        const in_1_week = new Date
        in_1_week.setDate(in_1_week.getDate() + 7)

        const action = new KeyAction({
            handler: 'controller::api:v1:Sharing.accept_link',
            expires: in_1_week,
            auto_login: false,
            no_auto_logout: true, // THIS IS FINE. It's because the MW requires a traditional sign-in.
        })

        await action.save()
        action.data_set('level', req.form.level)
        action.data_set('PageId', req.form.page.UUID)
        await action.save()

        return res.api({ link: action.auth_url() })
    }

    async accept_link(req, res) {
        if ( !req.user ) return req.security.kickout()
        const Page = this.models.get('api:Page')
        const PageId = req.key_action.data_get('PageId')
        const level = req.key_action.data_get('level')

        const page = await Page.findOne({UUID: PageId})
        await page.share_with(req.user, level)

        return res.redirect(`/i/editor;id=${PageId}`)
    }

}

module.exports = exports = Sharing