add authorization to file routes
This commit is contained in:
parent
51116bf0d0
commit
032169e7bc
3 changed files with 28 additions and 11 deletions
|
@ -9,8 +9,11 @@ import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
|
||||||
// be fixed in mongoose soon
|
// be fixed in mongoose soon
|
||||||
// https://github.com/Automattic/mongoose/issues/4049
|
// https://github.com/Automattic/mongoose/issues/4049
|
||||||
export function createFile(req, res) {
|
export function createFile(req, res) {
|
||||||
Project.findByIdAndUpdate(
|
Project.findOneAndUpdate(
|
||||||
req.params.project_id,
|
{
|
||||||
|
_id: req.params.project_id,
|
||||||
|
user: req.user._id
|
||||||
|
},
|
||||||
{
|
{
|
||||||
$push: {
|
$push: {
|
||||||
files: req.body
|
files: req.body
|
||||||
|
@ -19,9 +22,9 @@ export function createFile(req, res) {
|
||||||
{
|
{
|
||||||
new: true
|
new: true
|
||||||
}, (err, updatedProject) => {
|
}, (err, updatedProject) => {
|
||||||
if (err) {
|
if (err || !updatedProject) {
|
||||||
console.log(err);
|
console.log(err);
|
||||||
res.json({ success: false });
|
res.status(403).send({ success: false, message: 'Project does not exist, or user does not match owner.' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const newFile = updatedProject.files[updatedProject.files.length - 1];
|
const newFile = updatedProject.files[updatedProject.files.length - 1];
|
||||||
|
@ -39,7 +42,9 @@ export function createFile(req, res) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function getAllDescendantIds(files, nodeId) {
|
function getAllDescendantIds(files, nodeId) {
|
||||||
return files.find(file => file.id === nodeId).children
|
const parentFile = files.find(file => file.id === nodeId);
|
||||||
|
if (!parentFile) return [];
|
||||||
|
return parentFile.children
|
||||||
.reduce((acc, childId) => (
|
.reduce((acc, childId) => (
|
||||||
[...acc, childId, ...getAllDescendantIds(files, childId)]
|
[...acc, childId, ...getAllDescendantIds(files, childId)]
|
||||||
), []);
|
), []);
|
||||||
|
@ -75,12 +80,24 @@ function deleteChild(files, parentId, id) {
|
||||||
|
|
||||||
export function deleteFile(req, res) {
|
export function deleteFile(req, res) {
|
||||||
Project.findById(req.params.project_id, (err, project) => {
|
Project.findById(req.params.project_id, (err, project) => {
|
||||||
|
if (!project) {
|
||||||
|
res.status(404).send({ success: false, message: 'Project does not exist.' });
|
||||||
|
}
|
||||||
|
if (!project.user.equals(req.user._id)) {
|
||||||
|
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// make sure file exists for project
|
||||||
|
const fileToDelete = project.files.find(file => file.id === req.params.file_id);
|
||||||
|
if (!fileToDelete) {
|
||||||
|
res.status(404).send({ success: false, message: 'File does not exist in project.' });
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const idsToDelete = getAllDescendantIds(project.files, req.params.file_id);
|
const idsToDelete = getAllDescendantIds(project.files, req.params.file_id);
|
||||||
deleteMany(project.files, [req.params.file_id, ...idsToDelete]);
|
deleteMany(project.files, [req.params.file_id, ...idsToDelete]);
|
||||||
project.files = deleteChild(project.files, req.query.parentId, req.params.file_id);
|
project.files = deleteChild(project.files, req.query.parentId, req.params.file_id);
|
||||||
// project.files.id(req.params.file_id).remove();
|
|
||||||
// const childrenArray = project.files.id(req.query.parentId).children;
|
|
||||||
// project.files.id(req.query.parentId).children = childrenArray.filter(id => id !== req.params.file_id);
|
|
||||||
project.save((innerErr) => {
|
project.save((innerErr) => {
|
||||||
res.json(project.files);
|
res.json(project.files);
|
||||||
});
|
});
|
||||||
|
|
|
@ -11,7 +11,7 @@ const fileSchema = new Schema({
|
||||||
children: { type: [String], default: [] },
|
children: { type: [String], default: [] },
|
||||||
fileType: { type: String, default: 'file' },
|
fileType: { type: String, default: 'file' },
|
||||||
isSelectedFile: { type: Boolean }
|
isSelectedFile: { type: Boolean }
|
||||||
}, { timestamps: true, _id: true });
|
}, { timestamps: true, _id: true, usePushEach: true });
|
||||||
|
|
||||||
fileSchema.virtual('id').get(function getFileId() {
|
fileSchema.virtual('id').get(function getFileId() {
|
||||||
return this._id.toHexString();
|
return this._id.toHexString();
|
||||||
|
@ -28,7 +28,7 @@ const projectSchema = new Schema({
|
||||||
files: { type: [fileSchema] },
|
files: { type: [fileSchema] },
|
||||||
_id: { type: String, default: shortid.generate },
|
_id: { type: String, default: shortid.generate },
|
||||||
slug: { type: String }
|
slug: { type: String }
|
||||||
}, { timestamps: true });
|
}, { timestamps: true, usePushEach: true });
|
||||||
|
|
||||||
projectSchema.virtual('id').get(function getProjectId() {
|
projectSchema.virtual('id').get(function getProjectId() {
|
||||||
return this._id;
|
return this._id;
|
||||||
|
|
|
@ -84,8 +84,8 @@ app.use(passport.initialize());
|
||||||
app.use(passport.session());
|
app.use(passport.session());
|
||||||
app.use('/api', requestsOfTypeJSON(), users);
|
app.use('/api', requestsOfTypeJSON(), users);
|
||||||
app.use('/api', requestsOfTypeJSON(), sessions);
|
app.use('/api', requestsOfTypeJSON(), sessions);
|
||||||
app.use('/api', requestsOfTypeJSON(), projects);
|
|
||||||
app.use('/api', requestsOfTypeJSON(), files);
|
app.use('/api', requestsOfTypeJSON(), files);
|
||||||
|
app.use('/api', requestsOfTypeJSON(), projects);
|
||||||
app.use('/api', requestsOfTypeJSON(), aws);
|
app.use('/api', requestsOfTypeJSON(), aws);
|
||||||
app.use(assetRoutes);
|
app.use(assetRoutes);
|
||||||
// this is supposed to be TEMPORARY -- until i figure out
|
// this is supposed to be TEMPORARY -- until i figure out
|
||||||
|
|
Loading…
Reference in a new issue