diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2017-12-15 11:24:00 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2017-12-15 11:24:00 +0100 |
| commit | 148bdaec5aaf66b885d7070894b81dfd76df2d5c (patch) | |
| tree | d60aec3ac20db83fbda10632c92e0e3901fbdb52 /bucky | |
| parent | 6c601a35b1d79bfe5b53c3c6177420c9d90fbba9 (diff) | |
delete files
Diffstat (limited to 'bucky')
| -rw-r--r-- | bucky/app/api.js | 18 | ||||
| -rw-r--r-- | bucky/app/bucky.js | 30 | ||||
| -rw-r--r-- | bucky/db/index.js | 3 |
3 files changed, 46 insertions, 5 deletions
diff --git a/bucky/app/api.js b/bucky/app/api.js index 5635ce9..ff17626 100644 --- a/bucky/app/api.js +++ b/bucky/app/api.js @@ -121,15 +121,16 @@ function route (app){ bucky.ensureFilesForThread, bucky.destroyThread, function(req, res){ - res.sendStatus(200) + res.send({ status: 'ok' }) }) /* comments */ - + + // one endpoint handles comments + files app.post("/api/thread/:id/comment", middleware.ensureAuthenticated, bucky.ensureThread, - // ensure thread privacy + bucky.checkThreadPrivacy, multer.array("files"), bucky.verifyFilesOrComment, bucky.createOptionalFiles, @@ -164,7 +165,16 @@ function route (app){ bucky.checkCommentPrivacy, bucky.destroyComment, function(req, res){ - res.sendStatus(200) + res.send({ status: 'ok' }) + }) + // delete a file + app.delete("/api/file/:id", + middleware.ensureAuthenticated, + bucky.ensureFile, + bucky.checkFilePrivacy, + bucky.destroyFile, + function(req, res){ + res.send({ status: 'ok' }) }) /* search */ diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js index 295a813..dbb980d 100644 --- a/bucky/app/bucky.js +++ b/bucky/app/bucky.js @@ -371,7 +371,23 @@ var bucky = module.exports = { }, /* FILES */ - + + ensureFile: function (req, res, next){ + var id = req.params.id.replace(/\D/g, "") + if (! id) { + return res.sendStatus(404) + } + db.getFileById(id).then(function(file){ + console.log(file) + if (file) { + res.file = file + next() + } + else { + res.sendStatus(404) + } + }) + }, createOptionalFiles: function(req, res, next){ if (! req.files || ! req.files.length) { return next() @@ -418,6 +434,11 @@ var bucky = module.exports = { console.log(err) }) }, + destroyFile: function(req,res,next){ + var filePromises = db.destroyFiles([res.file]) + Promise.all(filePromises).then( () => next() ) + .catch(err => { console.error(err); next() }) + }, /* PROFILE / USER */ @@ -499,6 +520,13 @@ var bucky = module.exports = { } next() }, + checkFilePrivacy: function(req, res, next) { + console.log(res.file) + if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) { + return res.sendStatus(500) + } + next() + }, checkMessagePrivacy: function(req, res, next) { var username = req.user.get('username') if (username !== res.message.get('sender') && username !== res.message.get('recipient')) { diff --git a/bucky/db/index.js b/bucky/db/index.js index 20628bb..e26124a 100644 --- a/bucky/db/index.js +++ b/bucky/db/index.js @@ -132,6 +132,9 @@ db.getUserThreadIds = function(user_id){ /* FILES */ +db.getFileById = function(id){ + return (new File({'id': id})).fetch() +} db.getFilesForThread = function (id){ return File.query("where", "thread", "=", id).fetchAll() } |