garrettmills/devbug
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cyclic structure resolution & edit sharing

Browse Source
This commit is contained in:
Garrett Mills
2019-07-10 14:10:36 -05:00
parent 2dafb07cea
commit a078b768da
11 changed files with 395 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
app/controllers/dash/v1.controller.js
View File

@@ -15,15 +15,26 @@ class v1 {
const projects = await Project.find({ archived: false, user_id: req.session.auth.uuid })
let find = {
let view_find = {
shared_user_ids: {
$elemMatch: {
$eq: req.session.auth.uuid
}
}
}
let edit_find = {
edit_user_ids: {
$elemMatch: {
$eq: req.session.auth.uuid
}
}
}
const shared_projects = await Project.find(find)
const shared_projects = {
view: await Project.find(view_find),
edit: await Project.find(edit_find),
}
/*
* Return the main view.
@@ -45,7 +56,7 @@ class v1 {
}
// check access perms
if ( !(project.user_id === req.session.auth.uuid) ){
if ( !devbug.permission.project.edit(project, req.session.auth.user) ){
return _flitter.error(res, 401, {reason: 'You do not have permissions to edit this project.'})
}
@@ -63,8 +74,8 @@ class v1 {
}
// check access perms
if ( !(project.user_id === req.session.auth.uuid) ){
return _flitter.error(res, 401, {reason: 'Project not found with the specified ID.'})
if ( !devbug.permission.project.edit(project, req.session.auth.user) ){
return _flitter.error(res, 401, {reason: 'You do not have permissions to edit this project.'})
}
project.name = req.body.name
@@ -102,7 +113,7 @@ class v1 {
const outs = await Out.find({ project_id: project.id }).sort('-created')
if ( !(project.user_id === req.session.auth.uuid) && !(project.shared_user_ids.includes(req.session.auth.uuid)) ){
if ( !devbug.permission.project.view(project, req.session.auth.user) ){
return _flitter.error(res, 401, {reason: 'You do not have permission to view this project.'})
}
@@ -119,6 +130,7 @@ class v1 {
let pretty
try {
pretty = JSON.stringify(JSON.parse(out.data), null, 4)
console.log('Pretty out: ', pretty)
}
catch (e){
return _flitter.error(res, 500, {reason: 'Unable to parse output data. Data contains invalid JSON.'})
@@ -126,11 +138,10 @@ class v1 {
const project = await Project.findById(out.project_id)
if ( !project || (!(project.user_id === req.session.auth.uuid) && !(project.shared_user_ids.includes(req.session.auth.uuid))) ){
if ( !project || (!devbug.permission.project.view(project, req.session.auth.user)) ){
return _flitter.error(res, 401, {reason: 'You do not have permission to view this project.'})
}
// TODO permission access check
return _flitter.view(res, 'dash_v1:out', {project, user: req.session.auth.user, out, prettyd:pretty, show_back: true, title: out.brief, title_small: true });
}
@@ -138,7 +149,7 @@ class v1 {
const out = await Out.findById(req.params.id)
const project = await Project.findById(req.params.project)
if ( !project || ( !(project.user_id === req.session.auth.uuid) ) ){
if ( !project || ( !devbug.permission.project.edit(project, req.session.auth.user) ) ){
return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
}
@@ -155,7 +166,7 @@ class v1 {
return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
}
if ( !(project.user_id === req.session.auth.uuid) ){
if ( !devbug.permission.project.owns(project, req.session.auth.user) ){
return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
}
@@ -165,7 +176,7 @@ class v1 {
async project_delete_do(req, res, next){
const project = await Project.findById(req.params.id)
if ( project && ( !(project.user_id === req.session.auth.uuid) ) ){
if ( project && ( !devbug.permission.project.owns(project, req.session.auth.user) ) ){
return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
}
@@ -191,24 +202,44 @@ class v1 {
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
if ( !(project.user_id === req.session.auth.uuid) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
let find = {
uuid: { $nin: [] }
// Find read-only users
const read_find = {
uuid: { $in: [] }
}
read_find.uuid.$in = read_find.uuid.$in.concat(project.shared_user_ids)
const read = await _flitter.model('User').find(read_find)
// Find edit users
const edit_find = {
uuid: { $in : [] }
}
edit_find.uuid.$in = edit_find.uuid.$in.concat(project.edit_user_ids)
const edit = await _flitter.model('User').find(edit_find)
// Find other users
const other_find = {
uuid: { $nin: [ project.user_id ] }
}
other_find.uuid.$nin = other_find.uuid.$nin.concat(project.edit_user_ids).concat(project.shared_user_ids)
const other = await _flitter.model('User').find(other_find)
// Get the owner user
const owner = await _flitter.model('User').findOne({ uuid: project.user_id })
const sharing = {
read,
edit,
other,
owner,
current_owns: (project.user_id === req.session.auth.uuid)
}
find.uuid.$nin.push(req.session.auth.uuid)
find.uuid.$nin = find.uuid.$nin.concat(project.shared_user_ids)
const to_share = await _flitter.model('User').find(find)
find = {
uuid: { $in: find.uuid.$nin }
}
const shared = await _flitter.model('User').find(find)
return _flitter.view(res, 'dash_v1:share', { user: req.session.auth.user, sharing: { to_share, shared }, project, title: 'Share Project: '+project.name, show_back: true })
return _flitter.view(res, 'dash_v1:share', { user: req.session.auth.user, sharing, project, title: 'Share Project: '+project.name, show_back: true })
}
async project_share_do(req, res, next){
@@ -218,7 +249,7 @@ class v1 {
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !(project.user_id === req.session.auth.uuid) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !(project.user_id === target_user.uuid) && !(project.shared_user_ids.includes(target_user.uuid)) ){
project.shared_user_ids.push(target_user.uuid)
@@ -227,6 +258,28 @@ class v1 {
return res.redirect('/dash/v1/project/share/'+project.id)
}
async project_share_edit_do(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !(project.user_id === target_user.uuid) && !(project.edit_user_ids.includes(target_user.uuid)) ){
// check if read access. If so, revoke.
if ( project.shared_user_ids.includes(target_user.uuid) ){
project.shared_user_ids.splice(project.shared_user_ids.indexOf(target_user.uuid), 1)
}
project.edit_user_ids.push(target_user.uuid)
await project.save()
}
return res.redirect('/dash/v1/project/share/'+project.id)
}
async project_share_revoke(req, res, next){
const project = await Project.findById(req.params.id)
@@ -235,7 +288,7 @@ class v1 {
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !(project.user_id === req.session.auth.uuid || project.shared_user_ids.includes(req.session.auth.uuid)) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
const to_dash = project.shared_user_ids.includes(req.session.auth.uuid)
@@ -248,6 +301,27 @@ class v1 {
return res.redirect('/dash/v1/project/share/'+project.id)
}
async project_share_revoke_edit(req, res, next){
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !devbug.permission.project.view(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: "You do not have permission to edit this project."})
const to_dash = project.edit_user_ids.includes(req.session.auth.uuid)
if ( !(target_user.uuid === project.user_id) && (project.edit_user_ids.includes(target_user.uuid)) ){
project.edit_user_ids.splice(project.edit_user_ids.indexOf(target_user.uuid), 1)
await project.save()
}
if ( to_dash ) return res.redirect('/dash/v1')
return res.redirect('/dash/v1/project/share/'+project.id)
}
async project_share_transfer(req, res, next){
const project = await Project.findById(req.params.id)
@@ -256,14 +330,18 @@ class v1 {
const target_user = await _flitter.model('User').findOne({uuid: req.params.user})
if ( !target_user ) return _flitter.error(res, 404, {reason: 'User not found with the specified ID.'})
if ( !project.user_id === req.session.auth.uuid ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
project.user_id = target_user.uuid
project.shared_user_ids.push(req.session.auth.uuid)
if ( project.shared_user_ids.includes(req.session.auth.uuid) ){
if ( project.shared_user_ids.includes(target_user.uuid) ){
project.shared_user_ids.splice(project.shared_user_ids.indexOf(target_user.uuid), 1)
}
if ( project.edit_user_ids.includes(target_user.uuid) ){
project.edit_user_ids.splice(project.edit_user_ids.indexOf(target_user.uuid), 1)
}
await project.save()
@@ -274,7 +352,7 @@ class v1 {
const project = await Project.findById(req.params.id)
if ( !project ) return _flitter.error(res, 404, {reason: 'Project not found with the specified ID.'})
if ( !project.user_id === req.session.auth.uuid ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
if ( !devbug.permission.project.owns(project, req.session.auth.user) ) return _flitter.error(res, 401, {reason: 'You do not have permission to edit this project.'})
let share_data = {
project_id: project.id,