sprechtl/PomeloNote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'develop' into note-repo

Browse source
This commit is contained in:
j-weissen 2022-10-10 20:25:24 +02:00
commit bbd6f6635d
2 changed files with 25 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
backend/strapi/src/api/note/content-types/note/schema.json
View file

@ -22,7 +22,8 @@
"owners": { "owners": {
"type": "relation", "type": "relation",
"relation": "manyToMany", "relation": "manyToMany",
"target": "plugin::users-permissions.user" "target": "plugin::users-permissions.user",
"mappedBy": "notes"
}, },
"lastViewed": { "lastViewed": {
"type": "datetime", "type": "datetime",

27
backend/strapi/src/api/note/controllers/note.js
View file

@ -1,5 +1,6 @@
'use strict'; 'use strict';
//move to utils! //move to utils!
function getNoteIdFromUrl(url) { function getNoteIdFromUrl(url) {
return Number(url.split("/").at(-1)); return Number(url.split("/").at(-1));
} }
@ -43,7 +44,6 @@ module.exports = createCoreController(noteUid, ({strapi}) => ({
populate: ['owners'], populate: ['owners'],
}); });
const authorized = entry.owners.some(owner => owner.id === userId) const authorized = entry.owners.some(owner => owner.id === userId)
console.log(authorized)
if (authorized) { if (authorized) {
entry = await strapi.entityService.update(noteUid, noteId, { entry = await strapi.entityService.update(noteUid, noteId, {
data: { data: {
@ -68,18 +68,37 @@ module.exports = createCoreController(noteUid, ({strapi}) => ({
populate: ['owners'], populate: ['owners'],
}); });
const authorized = entry.owners.some(owner => owner.id === userId) const authorized = entry.owners.some(owner => owner.id === userId)
let allowed; let allPreviousOwnersKept = false;
if (requestBody.data.hasOwnProperty("owners")) { if (requestBody.data.hasOwnProperty("owners")) {
allowed = entry.owners.every(owner => requestBody.data.owners.includes(owner)); allPreviousOwnersKept = entry.owners.every(owner => requestBody.data.owners.includes(owner));
} }
if (!authorized) { if (!authorized) {
ctx.response.status = 403; ctx.response.status = 403;
} else if (!allowed) { } else if (!allPreviousOwnersKept) {
ctx.response.status = 400; ctx.response.status = 400;
} else { } else {
return super.update(ctx); return super.update(ctx);
} }
}, },
/**
* Creates a new note, automatically sets owners to the user making the request and lastViewed
* @param ctx
* @returns {Promise<ctx>}
*/
async create(ctx) {
const userId = ctx.state.user.id;
const requestBody = ctx.request.body;
const response = await strapi.entityService.create(noteUid, {
data: {
title: requestBody.data.title,
content: requestBody.data.content,
lastViewed: Date.now(),
owners: [userId],
publishedAt: Date.now()
}
});
return response;
},
/** /**
* Deletes user from note owners. If note has no owners anymore, deletes note. * Deletes user from note owners. If note has no owners anymore, deletes note.
* @param ctx * @param ctx