Alamantus
/
Readlebee
mirror of https://gitlab.com/Alamantus/Readlebee.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update shelf rename endpoint

This commit is contained in:
Robbie Antenesse 2020-02-08 12:39:10 -07:00
parent 7d20609cdf
commit f16aa470d8
2 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
server/controllers/shelf.js
View File

@ -1,9 +1,17 @@
const fetch = require('node-fetch'); const fetch = require('node-fetch');
class ShelfController { class ShelfController {
constructor (sequelizeModels) { constructor (sequelizeModels, language) { // Language needs to be passed with every request involving books.
this.model = sequelizeModels.Shelf; this.models = sequelizeModels;
this.itemModel = sequelizeModels.ShelfItem; this.lang = language;
}
static userOwnsShelf(user, shelf) {
return typeof user !== 'undefined' && user.id === shelf.userId;
}
static shelfCanBeModified(shelf) {
return shelf.isDeletable === true;
} }
static newShelfNameIsValid (name, existingNames = []) { static newShelfNameIsValid (name, existingNames = []) {
@ -32,7 +40,7 @@ class ShelfController {
async createDefaultShelves (user) { async createDefaultShelves (user) {
try { try {
const defaultShelvesCreated = await this.model.bulkCreate([ const defaultShelvesCreated = await this.models.Shelf.bulkCreate([
{ {
userId: user.id, userId: user.id,
name: 'Reading', name: 'Reading',
@ -82,17 +90,9 @@ class ShelfController {
} }
} }
async renameShelf (userId, id, name) { async renameShelf (user, shelf, name) {
try { try {
return await this.model.update({ return await shelf.update({ name });
name,
}, {
where: {
id,
userId,
isDeletable: true, // You can only rename shelves not created by the system
}
});
} catch(error) { } catch(error) {
return { return {
error, error,
@ -186,10 +186,10 @@ class ShelfController {
return shelf; return shelf;
} }
async userCanViewShelf (user, shelf) { async userCanViewShelf (user, shelf) {
// This needs work when permissions are added. // This needs work when permissions are added.
const userOwnsShelf = typeof user !== 'undefined' && user.id === shelf.userId; const userOwnsShelf = ShelfController.userOwnsShelf(user, shelf);
console.log('owned?', userOwnsShelf); console.log('owned?', userOwnsShelf);
console.log('isPublic?', shelf.isPublic); console.log('isPublic?', shelf.isPublic);
return userOwnsShelf || shelf.isPublic; return userOwnsShelf || shelf.isPublic;

20
server/routes/shelf.js
View File

@ -104,7 +104,7 @@ async function routes(fastify, options) {
fastify.post('/api/shelf/rename', async (request, reply) => { fastify.post('/api/shelf/rename', async (request, reply) => {
if (!request.isLoggedInUser) { if (!request.isLoggedInUser) {
return reply.code(400).send({ return reply.code(401).send({
error: true, error: true,
message: 'api.not_logged_in', message: 'api.not_logged_in',
}); });
@ -136,9 +136,25 @@ async function routes(fastify, options) {
return reply.code(400).send(shelfNameIsValid); return reply.code(400).send(shelfNameIsValid);
} }
const shelf = await fastify.models.Shelf.findByPk(request.body.shelfId);
if (!ShelfController.userOwnsShelf(request.user, shelf)) {
return reply.code(403).send({
error: true,
message: 'api.shelf.not_owner',
});
}
if (!ShelfController.shelfCanBeModified(shelf)) {
return reply.code(403).send({
error: true,
message: 'api.shelf.not_editable',
});
}
const shelfController = new ShelfController(fastify.models); const shelfController = new ShelfController(fastify.models);
const newShelf = shelfController.renameShelf(request.user, request.body.shelfId, request.body.shelfName); const newShelf = shelfController.renameShelf(request.user, shelf, request.body.shelfName);
if (typeof newShelf.error !== 'undefined' && newShelf.error !== false) { if (typeof newShelf.error !== 'undefined' && newShelf.error !== false) {
newShelf.message = 'api.shelf.rename.fail'; newShelf.message = 'api.shelf.rename.fail';
return reply.code(400).send(newShelf); return reply.code(400).send(newShelf);