@ -7,6 +7,10 @@ const Project = _flitter.model('v1:Project')
const Out = _flitter . model ( 'v1:Out' )
const Out = _flitter . model ( 'v1:Out' )
const Invite = _flitter . model ( 'v1:Invite' )
const Invite = _flitter . model ( 'v1:Invite' )
const Snippet = _flitter . model ( 'v1:Snippet' )
const Snippet = _flitter . model ( 'v1:Snippet' )
const share _api = {
project : Project ,
snippet : Snippet ,
}
class v1 {
class v1 {
/ *
/ *
@ -199,11 +203,13 @@ class v1 {
}
}
async project _share _show ( req , res , next ) {
async project _share _show ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! project ) return _flitter . error ( res , 404 , { reason : req . params . api + ' not found with the specified ID.'} )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : 'You do not have permission to edit this project .'} )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : 'You do not have permission to edit this '+ req . params . api + ' .'} )
// Find read-only users
// Find read-only users
const read _find = {
const read _find = {
@ -240,34 +246,38 @@ class v1 {
current _owns : ( project . user _id === req . session . auth . uuid )
current _owns : ( project . user _id === req . session . auth . uuid )
}
}
return _flitter . view ( res , 'dash_v1:share' , { user : req . session . auth . user , sharing , project, title : 'Share Project : '+ project . name , show _back : true } )
return _flitter . view ( res , 'dash_v1:share' , { user : req . session . auth . user , sharing , item: project , api : req . params . api , title : 'Share ' + req . params . api + ' : '+ project . name , show _back : true } )
}
}
async project _share _do ( req , res , next ) {
async project _share _do ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : req . params . api + ' not found with the specified ID.' } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this project ."} )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this "+ req . params . api + " ."} )
if ( ! ( project . user _id === target _user . uuid ) && ! ( project . shared _user _ids . includes ( target _user . uuid ) ) ) {
if ( ! ( project . user _id === target _user . uuid ) && ! ( project . shared _user _ids . includes ( target _user . uuid ) ) ) {
project . shared _user _ids . push ( target _user . uuid )
project . shared _user _ids . push ( target _user . uuid )
await project . save ( )
await project . save ( )
}
}
return res . redirect ( '/dash/v1/ project /share/'+ project . id )
return res . redirect ( '/dash/v1/ '+ req . params . api + ' /share/'+ project . id )
}
}
async project _share _edit _do ( req , res , next ) {
async project _share _edit _do ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this project ."} )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this "+ req . params . api + " ."} )
if ( ! ( project . user _id === target _user . uuid ) && ! ( project . edit _user _ids . includes ( target _user . uuid ) ) ) {
if ( ! ( project . user _id === target _user . uuid ) && ! ( project . edit _user _ids . includes ( target _user . uuid ) ) ) {
// check if read access. If so, revoke.
// check if read access. If so, revoke.
@ -279,17 +289,19 @@ class v1 {
await project . save ( )
await project . save ( )
}
}
return res . redirect ( '/dash/v1/ project /share/'+ project . id )
return res . redirect ( '/dash/v1/ '+ req . params . api + ' /share/'+ project . id )
}
}
async project _share _revoke ( req , res , next ) {
async project _share _revoke ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : req . params . api + ' not found with the specified ID.' } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! devbug . permission . project . view ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this project ."} )
if ( ! devbug . permission . project . view ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this "+ req . params . api + " ."} )
const to _dash = project . shared _user _ids . includes ( req . session . auth . uuid )
const to _dash = project . shared _user _ids . includes ( req . session . auth . uuid )
@ -300,17 +312,19 @@ class v1 {
if ( to _dash ) return res . redirect ( '/dash/v1' )
if ( to _dash ) return res . redirect ( '/dash/v1' )
return res . redirect ( '/dash/v1/ project /share/'+ project . id )
return res . redirect ( '/dash/v1/ '+ req . params . api + ' /share/'+ project . id )
}
}
async project _share _revoke _edit ( req , res , next ) {
async project _share _revoke _edit ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : req . params . api + ' not found with the specified ID.' } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! devbug . permission . project . view ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this project ."} )
if ( ! devbug . permission . project . view ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : "You do not have permission to edit this "+ req . params . api + " ."} )
const to _dash = project . edit _user _ids . includes ( req . session . auth . uuid )
const to _dash = project . edit _user _ids . includes ( req . session . auth . uuid )
@ -321,17 +335,19 @@ class v1 {
if ( to _dash ) return res . redirect ( '/dash/v1' )
if ( to _dash ) return res . redirect ( '/dash/v1' )
return res . redirect ( '/dash/v1/ project /share/'+ project . id )
return res . redirect ( '/dash/v1/ '+ req . params . api + ' /share/'+ project . id )
}
}
async project _share _transfer ( req , res , next ) {
async project _share _transfer ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const share _model = share _api [ req . params . api ]
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'Project not found with the specified ID.' } )
if ( ! share _model ) return _flitter . error ( res , 400 , { reason : 'Invalid Share API endpoint.' } )
const project = await share _model . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : req . params . api + ' not found with the specified ID.' } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
const target _user = await _flitter . model ( 'User' ) . findOne ( { uuid : req . params . user } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! target _user ) return _flitter . error ( res , 404 , { reason : 'User not found with the specified ID.' } )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : 'You do not have permission to edit this project .'} )
if ( ! devbug . permission . project . owns ( project , req . session . auth . user ) ) return _flitter . error ( res , 401 , { reason : 'You do not have permission to edit this '+ req . params . api + ' .'} )
project . user _id = target _user . uuid
project . user _id = target _user . uuid
project . shared _user _ids . push ( req . session . auth . uuid )
project . shared _user _ids . push ( req . session . auth . uuid )
@ -404,29 +420,47 @@ class v1 {
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'The specified project does not exist.' } )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'The specified project does not exist.' } )
if ( ! req . body . title || ! req . body . data ) {
if ( ! req . body . title || ! req . body . data ) {
return _flitter . view ( res , 'dash_v1:snippet' , { project , user : req . session . auth . user , title : 'Create Snippet' , show _back : true } ) ;
return _flitter . view ( res , 'dash_v1:snippet' , { project , user : req . session . auth . user , title : 'Create Snippet' , show _back : true } )
}
// check required fields: title, data, mode
let fail = false
if ( ! req . body . title ) fail = 'Snippet title is required.'
else if ( ! req . body . data ) fail = 'Snippet data is required.'
else if ( ! req . body . mode ) fail = 'Snippet mode is required.'
if ( fail ) {
return _flitter . view ( res , 'dash_v1:snippet' , { project , user : req . session . auth . user , title : 'Create Snippet' , show _back : true , errors : [ fail ] } )
}
}
const snippet _data = {
const snippet _data = {
title : req . body . title ,
nam e: req . body . title ,
data : req . body . data ,
data : req . body . data ,
mode : req . body . mode ,
user _id : req . session . auth . uuid ,
user _id : req . session . auth . uuid ,
} ;
project _id : project . id ,
}
console . log ( { snippet _data } )
const snippet = new Snippet ( snippet _data ) ;
const snippet = new Snippet ( snippet _data )
await snippet . save ( ) ;
await snippet . save ( )
return res . redirect ( '/dash/v1/project/snippet/' + req . params . id + '/view/' + snippet . uuid )
return res . redirect ( '/dash/v1/project/snippet/' + req . params . id + '/view/' + snippet . uuid )
}
}
// TODO access checks
async project _snippet _view ( req , res , next ) {
async project _snippet _view ( req , res , next ) {
const project = await Project . findById ( req . params . id )
const project = await Project . findById ( req . params . id )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'The specified project does not exist.' } )
if ( ! project ) return _flitter . error ( res , 404 , { reason : 'The specified project does not exist.' } )
const snippet = await Snippet . findOne ( { uuid : req . params . snippet } )
const snippet = await Snippet . findOne ( { uuid : req . params . snippet } )
if ( ! snippet ) return _flitter . error ( res , 404 , { reason : 'The specified snippet does not exist.' } )
if ( ! snippet ) return _flitter . error ( res , 404 , { reason : 'The specified snippet does not exist.' } )
console . log ( 'snippet mode' , snippet . mode )
return _flitter . view ( res , 'dash_v1:snippet' , { snippet , project , user : req . session . auth . user , title : snippet . title , show _back : true , readonly : true } )
return _flitter . view ( res , 'dash_v1:snippet' , { snippet , project , user : req . session . auth . user , title : 'Snippet: ' + snippet . nam e, show _back : true , readonly : true } )
}
}
}
}