garrettmills/devbug
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

more snippet sharing

Browse Source
This commit is contained in:
glmdev
2019-07-24 09:52:58 -05:00
parent ee1c2c2722
commit 5bff5407a5
6 changed files with 198 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
app/controllers/dash/v1.controller.js
View File

@@ -7,6 +7,10 @@ const Project = _flitter.model('v1:Project')
const Out = _flitter.model('v1:Out')
const Invite = _flitter.model('v1:Invite')
const Snippet = _flitter.model('v1:Snippet')
const share_api = {
project: Project,
snippet: Snippet,
}
class v1 {
/*
@@ -199,11 +203,13 @@ class v1 {
}
async project_share_show(req, res, next){
const project = await Project.findById(req.params.id)
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
if ( !project ) return _flitter.error(res, 404, {reason: req.params.api+' not found with the specified ID.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this '+req.params.api+'.'})
// Find read-only users
const read_find = {
@@ -240,34 +246,38 @@ class v1 {
current_owns: (project.user_id === req.session.auth.uuid)
}
return _flitter.view(res, 'dash_v1:share', { user: req.session.auth.user, sharing, project, title: 'Share Project: '+project.name, show_back: true })
return _flitter.view(res, 'dash_v1:share', { user: req.session.auth.user, sharing, item: project, api: req.params.api, title: 'Share '+req.params.api+': '+project.name, show_back: true })
}
async project_share_do(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: req.params.api+' not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this "+req.params.api+"."})
if ( !(project.user_id === target_user.uuid) && !(project.shared_user_ids.includes(target_user.uuid)) ){
project.shared_user_ids.push(target_user.uuid)
await project.save()
}
return res.redirect('/dash/v1/project/share/'+project.id)
return res.redirect('/dash/v1/'+req.params.api+'/share/'+project.id)
}
async project_share_edit_do(req, res, next){
const project = await Project.findById(req.params.id)
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this "+req.params.api+"."})
if ( !(project.user_id === target_user.uuid) && !(project.edit_user_ids.includes(target_user.uuid)) ){
// check if read access. If so, revoke.
@@ -279,17 +289,19 @@ class v1 {
await project.save()
}
return res.redirect('/dash/v1/project/share/'+project.id)
return res.redirect('/dash/v1/'+req.params.api+'/share/'+project.id)
}
async project_share_revoke(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: req.params.api+' not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this "+req.params.api+"."})
const to_dash = project.shared_user_ids.includes(req.session.auth.uuid)
@@ -300,17 +312,19 @@ class v1 {
if ( to_dash ) return res.redirect('/dash/v1')
return res.redirect('/dash/v1/project/share/'+project.id)
return res.redirect('/dash/v1/'+req.params.api+'/share/'+project.id)
}
async project_share_revoke_edit(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: req.params.api+' not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this "+req.params.api+"."})
const to_dash = project.edit_user_ids.includes(req.session.auth.uuid)
@@ -321,17 +335,19 @@ class v1 {
if ( to_dash ) return res.redirect('/dash/v1')
return res.redirect('/dash/v1/project/share/'+project.id)
return res.redirect('/dash/v1/'+req.params.api+'/share/'+project.id)
}
async project_share_transfer(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const share_model = share_api[req.params.api]
if ( !share_model ) return _flitter.error(res, 400, {reason: 'Invalid Share API endpoint.'})
const project = await share_model.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: req.params.api+' not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this '+req.params.api+'.'})
project.user_id = target_user.uuid
project.shared_user_ids.push(req.session.auth.uuid)
@@ -404,29 +420,47 @@ class v1 {
if ( !project ) return _flitter.error(res, 404, {reason: 'The specified project does not exist.'})
if ( !req.body.title || !req.body.data ){
return _flitter.view(res, 'dash_v1:snippet', {project, user: req.session.auth.user, title: 'Create Snippet', show_back: true});
return _flitter.view(res, 'dash_v1:snippet', {project, user: req.session.auth.user, title: 'Create Snippet', show_back: true})
}
// check required fields: title, data, mode
let fail = false
if ( !req.body.title ) fail = 'Snippet title is required.'
else if ( !req.body.data ) fail = 'Snippet data is required.'
else if ( !req.body.mode ) fail = 'Snippet mode is required.'
if ( fail ){
return _flitter.view(res, 'dash_v1:snippet', {project, user: req.session.auth.user, title: 'Create Snippet', show_back: true, errors:[fail]})
}
const snippet_data = {
title: req.body.title,
name: req.body.title,
data: req.body.data,
mode: req.body.mode,
user_id: req.session.auth.uuid,
};
project_id: project.id,
}
console.log({snippet_data})
const snippet = new Snippet(snippet_data);
await snippet.save();
const snippet = new Snippet(snippet_data)
await snippet.save()
return res.redirect('/dash/v1/project/snippet/'+req.params.id+'/view/'+snippet.uuid)
}
// TODO access checks
async project_snippet_view(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'The specified project does not exist.'})
const snippet = await Snippet.findOne({uuid: req.params.snippet})
if ( !snippet ) return _flitter.error(res, 404, {reason: 'The specified snippet does not exist.'})
console.log('snippet mode', snippet.mode)
return _flitter.view(res, 'dash_v1:snippet', {snippet, project, user: req.session.auth.user, title: snippet.title, show_back: true, readonly: true})
return _flitter.view(res, 'dash_v1:snippet', {snippet, project, user: req.session.auth.user, title: 'Snippet: '+snippet.name, show_back: true, readonly: true})
}
}