sprechtl/PomeloNote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bissi besser

Browse source
This commit is contained in:
j-weissen 2022-09-27 07:55:59 +02:00
parent cc44bbaa4e
commit 91cc589617
1 changed files with 23 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
backend/strapi/src/api/note/controllers/note.js
View file

@ -7,10 +7,10 @@ function getNoteIdFromUrl(url) {
/**
* note controller
*/
const noteUid = 'api::note.note';
const {createCoreController} = require('@strapi/strapi').factories;
module.exports = createCoreController('api::note.note', ({strapi}) => ({
module.exports = createCoreController(noteUid, ({strapi}) => ({
/**
* Gives all, to the user related, notes.
* @param ctx
@ -19,7 +19,7 @@ module.exports = createCoreController('api::note.note', ({strapi}) => ({
async find(ctx) {
const userId = ctx.state.user.id;
const entries = await strapi.entityService.findMany('api::note.note', {
const entries = await strapi.entityService.findMany(noteUid, {
populate: ['owners'],
filters: {
owners: {
@ -40,7 +40,7 @@ module.exports = createCoreController('api::note.note', ({strapi}) => ({
async findOne(ctx) {
const noteId = getNoteIdFromUrl(ctx.request.url);
const userId = ctx.state.user.id;
const entry = await strapi.entityService.findOne('api::note.note', noteId, {
const entry = await strapi.entityService.findOne(noteUid, noteId, {
populate: ['owners'],
});
const authorized = entry.owners.some(owner => owner.id === userId)
@ -50,27 +50,40 @@ module.exports = createCoreController('api::note.note', ({strapi}) => ({
ctx.response.status = 403;
}
},
/**
* Updates note. Removing owners is an illegal operation (400)
* @param ctx
* @returns {Promise<string>}
*/
async update(ctx) {
const noteId = getNoteIdFromUrl(ctx.request.url)
const userId = ctx.state.user.id;
const requestBody = ctx.request.body;
const entry = await strapi.entityService.findOne('api::note.note', noteId, {
const entry = await strapi.entityService.findOne(noteUid, noteId, {
populate: ['owners'],
});
const authorized = entry.owners.some(owner => owner.id === userId)
const allowed = !requestBody.data.hasOwnProperty("owners");
let allowed;
if (requestBody.data.hasOwnProperty("owners")) {
allowed = entry.owners.every(owner => requestBody.data.owners.includes(owner));
}
if (!authorized) {
ctx.response.status = 403;
} else if (!allowed) {
ctx.response.status = 400;
} else {
super.update(ctx);
return super.update(ctx);
}
},
/**
* Deletes user from note owners. If note has no owners anymore, deletes note.
* @param ctx
* @returns nothing
*/
async delete(ctx) {
const noteId = getNoteIdFromUrl(ctx.request.url)
const userId = ctx.state.user.id;
const entry = await strapi.entityService.findOne('api::note.note', noteId, {
const entry = await strapi.entityService.findOne(noteUid, noteId, {
populate: ['owners'],
});
const ownersCount = entry.owners.length;
@ -82,11 +95,12 @@ module.exports = createCoreController('api::note.note', ({strapi}) => ({
if (ownersCount === 1) {
super.delete(ctx);
} else {
strapi.entityService.update('api::note.note', noteId, {
strapi.entityService.update(noteUid, noteId, {
data: {
owners: entry.owners.filter(owner => owner.id !== userId)
}
})
}
ctx.response.status = 200;
}
}));