From 5eb409e46e712cbf90c185f13523717e81bf6dd2 Mon Sep 17 00:00:00 2001 From: Robbie Antenesse Date: Sat, 4 Jan 2020 19:34:26 -0700 Subject: [PATCH] Add shelf get by id endpoint --- server/controllers/shelf.js | 23 +++++++++++++++++++++ server/routes/shelf.js | 40 +++++++++++++++++++++++++++---------- 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/server/controllers/shelf.js b/server/controllers/shelf.js index 0475ff8..f76abc2 100644 --- a/server/controllers/shelf.js +++ b/server/controllers/shelf.js @@ -109,6 +109,29 @@ class ShelfController { } return shelf.updatedAt; } + + async getShelfById(shelfId) { + if (isNaN(parse(shelfId))) { + return { + error: 'Shelf ID Provided is not a number.', + }; + } + const shelf = await this.shelfModel.findByPk(shelfId); + + if (shelf === null) { + return { + error: `Shelf with ID ${shelfId} not found.`, + }; + } + + shelf.updatedAt = this.getLastUpdatedTimestamp(shelf); + return shelf; + } + + async userCanViewShelf (user, shelf) { + // This needs work when permissions are added. + return user.id === shelf.userId || shelf.isPublic; + } } module.exports = ShelfController; \ No newline at end of file diff --git a/server/routes/shelf.js b/server/routes/shelf.js index 7dcfaa9..f1095a9 100644 --- a/server/routes/shelf.js +++ b/server/routes/shelf.js @@ -27,6 +27,32 @@ async function routes(fastify, options) { }); }); + fastify.get('/api/shelf/get', async (request, reply) => { + if (typeof request.body.shelf === 'undefined') { + return reply.code(400).send({ + error: true, + message: 'api.shelf.get.missing_id', + }); + } + + const shelfController = new ShelfController(fastify.models.Shelf, fastify.models.ShelfItem); + const shelf = shelfController.getShelfById(request.body.shelf); + if (typeof shelf.error !== 'undefined') { + shelf.message = 'api.shelf.get.nonexistent_shelf'; + return reply.code(400).send(shelf); + } + + const userCanViewShelf = shelfController.userCanViewShelf(request.user, shelf); + if (userCanViewShelf !== true) { + return reply.code(400).send({ + error: true, + message: 'api.shelf.get.access_denied', // Should potentially be nonexistent shelf message instead? + }); + } + + return reply.send(shelf); + }); + fastify.post('/api/shelf/create', async (request, reply) => { if (!request.isLoggedInUser) { return reply.code(400).send({ @@ -35,12 +61,6 @@ async function routes(fastify, options) { }); } - if (typeof request.body.shelfName === 'undefined') { - return reply.code(400).send({ - error: true, - message: 'api.shelf.create.missing_name', - }); - } request.body.shelfName = request.body.shelfName.trim(); const userShelves = await request.user.getShelves({ @@ -54,9 +74,9 @@ async function routes(fastify, options) { return reply.code(400).send(shelfNameIsValid); } - const shelf = new ShelfController(fastify.models.Shelf, fastify.models.ShelfItem); + const shelfController = new ShelfController(fastify.models.Shelf, fastify.models.ShelfItem); - const newShelf = shelf.createShelf(request.user, request.body.shelfName); + const newShelf = shelfController.createShelf(request.user, request.body.shelfName); if (typeof newShelf.error !== 'undefined' && newShelf.error !== false) { newShelf.message = 'api.shelf.create.fail'; return reply.code(400).send(newShelf); @@ -102,9 +122,9 @@ async function routes(fastify, options) { return reply.code(400).send(shelfNameIsValid); } - const shelf = new ShelfController(fastify.models.Shelf, fastify.models.ShelfItem); + const shelfController = new ShelfController(fastify.models.Shelf, fastify.models.ShelfItem); - const newShelf = shelf.renameShelf(request.user, request.body.shelfId, request.body.shelfName); + const newShelf = shelfController.renameShelf(request.user, request.body.shelfId, request.body.shelfName); if (typeof newShelf.error !== 'undefined' && newShelf.error !== false) { newShelf.message = 'api.shelf.rename.fail'; return reply.code(400).send(newShelf);