backend/app/controllers/api/v1/Sharing.controller.js

121 lines
3.8 KiB
JavaScript

const Controller = require('libflitter/controller/Controller')
/*
* Sharing Controller
* -------------------------------------------------------------
* Put some description here!
*/
class Sharing extends Controller {
static get services() {
return [...super.services, 'models']
}
async share_page(req, res) {
const level = req.form.level
if ( req.query.public ) {
await req.form.page.share_public(req.user, level)
} else if ( req.form.user ) {
await req.form.page.share_with(req.form.user, level)
}
return res.api({})
}
async revoke_page(req, res) {
if ( req.query.public ) {
await req.form.page.unshare_public(req.user)
} else if ( req.form.user ) {
await req.form.page.unshare_with(req.form.user)
}
return res.api({})
}
async page_info(req, res) {
const PublicUserPermission = this.models.get('auth:PublicUserPermission')
const data = {
view: (await req.form.page.view_users).map(x => {
return {username: x.uid, id: x.id, level: 'view'}
}),
update: (await req.form.page.update_users).map(x => {
return {username: x.uid, id: x.id, level: 'update'}
}),
manage: (await req.form.page.manage_users).map(x => {
return {username: x.uid, id: x.id, level: 'manage'}
}),
}
const public_user_can = async perm => PublicUserPermission.can(`page:${req.form.page.UUID}:${perm}`)
if ( await public_user_can('manage') ) {
data.manage.push({ username: '(Public Users)', public: true, id: '0', level: 'manage' })
} else if ( await public_user_can('update') ) {
data.update.push({ username: '(Public Users)', public: true, id: '0', level: 'update' })
} else if ( await public_user_can('view') ) {
data.view.push({ username: '(Public Users)', public: true, id: '0', level: 'view' })
}
return res.api(data)
}
async get_link(req, res) {
if ( req.query.public ) {
await req.form.page.share_public(req.user, req.form.level)
return res.api({})
}
const KeyAction = this.models.get('auth:KeyAction')
const in_1_week = new Date
in_1_week.setDate(in_1_week.getDate() + 7)
const action = new KeyAction({
handler: 'controller::api:v1:Sharing.accept_link',
expires: in_1_week,
auto_login: false,
no_auto_logout: true, // THIS IS FINE. It's because the MW requires a traditional sign-in.
})
await action.save()
action.data_set('level', req.form.level)
action.data_set('PageId', req.form.page.UUID)
await action.save()
return res.api({ link: action.auth_url() })
}
async permission_check(req, res) {
return res.api({
check: await req.user.can(req.form.permission),
})
}
async permission_check_page(req, res) {
const Page = this.models.get('api:Page')
const page = await Page.findOne({
UUID: req.params.PageId,
Active: true,
})
return res.api({
check: page && (await page.is_accessible_by(req.user, req.params.level)),
})
}
async accept_link(req, res) {
if ( !req.user ) return req.security.kickout()
const Page = this.models.get('api:Page')
const PageId = req.key_action.data_get('PageId')
const level = req.key_action.data_get('level')
const page = await Page.findOne({UUID: PageId})
await page.share_with(req.user, level)
return res.redirect(`/i/editor;id=${PageId}`)
}
}
module.exports = exports = Sharing