add authorization to file routes
This commit is contained in:
parent
51116bf0d0
commit
032169e7bc
3 changed files with 28 additions and 11 deletions
|
@ -9,8 +9,11 @@ import { deleteObjectsFromS3, getObjectKey } from './aws.controller';
|
|||
// be fixed in mongoose soon
|
||||
// https://github.com/Automattic/mongoose/issues/4049
|
||||
export function createFile(req, res) {
|
||||
Project.findByIdAndUpdate(
|
||||
req.params.project_id,
|
||||
Project.findOneAndUpdate(
|
||||
{
|
||||
_id: req.params.project_id,
|
||||
user: req.user._id
|
||||
},
|
||||
{
|
||||
$push: {
|
||||
files: req.body
|
||||
|
@ -19,9 +22,9 @@ export function createFile(req, res) {
|
|||
{
|
||||
new: true
|
||||
}, (err, updatedProject) => {
|
||||
if (err) {
|
||||
if (err || !updatedProject) {
|
||||
console.log(err);
|
||||
res.json({ success: false });
|
||||
res.status(403).send({ success: false, message: 'Project does not exist, or user does not match owner.' });
|
||||
return;
|
||||
}
|
||||
const newFile = updatedProject.files[updatedProject.files.length - 1];
|
||||
|
@ -39,7 +42,9 @@ export function createFile(req, res) {
|
|||
}
|
||||
|
||||
function getAllDescendantIds(files, nodeId) {
|
||||
return files.find(file => file.id === nodeId).children
|
||||
const parentFile = files.find(file => file.id === nodeId);
|
||||
if (!parentFile) return [];
|
||||
return parentFile.children
|
||||
.reduce((acc, childId) => (
|
||||
[...acc, childId, ...getAllDescendantIds(files, childId)]
|
||||
), []);
|
||||
|
@ -75,12 +80,24 @@ function deleteChild(files, parentId, id) {
|
|||
|
||||
export function deleteFile(req, res) {
|
||||
Project.findById(req.params.project_id, (err, project) => {
|
||||
if (!project) {
|
||||
res.status(404).send({ success: false, message: 'Project does not exist.' });
|
||||
}
|
||||
if (!project.user.equals(req.user._id)) {
|
||||
res.status(403).send({ success: false, message: 'Session does not match owner of project.' });
|
||||
return;
|
||||
}
|
||||
|
||||
// make sure file exists for project
|
||||
const fileToDelete = project.files.find(file => file.id === req.params.file_id);
|
||||
if (!fileToDelete) {
|
||||
res.status(404).send({ success: false, message: 'File does not exist in project.' });
|
||||
return;
|
||||
}
|
||||
|
||||
const idsToDelete = getAllDescendantIds(project.files, req.params.file_id);
|
||||
deleteMany(project.files, [req.params.file_id, ...idsToDelete]);
|
||||
project.files = deleteChild(project.files, req.query.parentId, req.params.file_id);
|
||||
// project.files.id(req.params.file_id).remove();
|
||||
// const childrenArray = project.files.id(req.query.parentId).children;
|
||||
// project.files.id(req.query.parentId).children = childrenArray.filter(id => id !== req.params.file_id);
|
||||
project.save((innerErr) => {
|
||||
res.json(project.files);
|
||||
});
|
||||
|
|
|
@ -11,7 +11,7 @@ const fileSchema = new Schema({
|
|||
children: { type: [String], default: [] },
|
||||
fileType: { type: String, default: 'file' },
|
||||
isSelectedFile: { type: Boolean }
|
||||
}, { timestamps: true, _id: true });
|
||||
}, { timestamps: true, _id: true, usePushEach: true });
|
||||
|
||||
fileSchema.virtual('id').get(function getFileId() {
|
||||
return this._id.toHexString();
|
||||
|
@ -28,7 +28,7 @@ const projectSchema = new Schema({
|
|||
files: { type: [fileSchema] },
|
||||
_id: { type: String, default: shortid.generate },
|
||||
slug: { type: String }
|
||||
}, { timestamps: true });
|
||||
}, { timestamps: true, usePushEach: true });
|
||||
|
||||
projectSchema.virtual('id').get(function getProjectId() {
|
||||
return this._id;
|
||||
|
|
|
@ -84,8 +84,8 @@ app.use(passport.initialize());
|
|||
app.use(passport.session());
|
||||
app.use('/api', requestsOfTypeJSON(), users);
|
||||
app.use('/api', requestsOfTypeJSON(), sessions);
|
||||
app.use('/api', requestsOfTypeJSON(), projects);
|
||||
app.use('/api', requestsOfTypeJSON(), files);
|
||||
app.use('/api', requestsOfTypeJSON(), projects);
|
||||
app.use('/api', requestsOfTypeJSON(), aws);
|
||||
app.use(assetRoutes);
|
||||
// this is supposed to be TEMPORARY -- until i figure out
|
||||
|
|
Loading…
Reference in a new issue