mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-14 15:14:56 -04:00
refactor: move permissions service calls into permissions guard
This commit removes all previous calls to the permissions service at the beginning of the controller methods to the permissions guard. This should make the code a bit cleaner and remove boilerplate code. Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares
David Mehren
parent
3b92226bab
commit
3e4abb561d
2 changed files with 44 additions and 76 deletions
|
|
@ -13,7 +13,6 @@ import {
|
||||||
NotFoundException,
|
NotFoundException,
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
UnauthorizedException,
|
|
||||||
UseGuards,
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
|
|
||||||
|
|
@ -31,7 +30,8 @@ import { NoteDto } from '../../../notes/note.dto';
|
||||||
import { Note } from '../../../notes/note.entity';
|
import { Note } from '../../../notes/note.entity';
|
||||||
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
|
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
|
||||||
import { NotesService } from '../../../notes/notes.service';
|
import { NotesService } from '../../../notes/notes.service';
|
||||||
import { PermissionsService } from '../../../permissions/permissions.service';
|
import { Permissions } from '../../../permissions/permissions.decorator';
|
||||||
|
import { Permission } from '../../../permissions/permissions.enum';
|
||||||
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
||||||
import { RevisionDto } from '../../../revisions/revision.dto';
|
import { RevisionDto } from '../../../revisions/revision.dto';
|
||||||
import { RevisionsService } from '../../../revisions/revisions.service';
|
import { RevisionsService } from '../../../revisions/revisions.service';
|
||||||
|
|
@ -39,6 +39,7 @@ import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { UsersService } from '../../../users/users.service';
|
||||||
import { GetNotePipe } from '../../utils/get-note.pipe';
|
import { GetNotePipe } from '../../utils/get-note.pipe';
|
||||||
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
||||||
|
import { PermissionsGuard } from '../../utils/permissions.guard';
|
||||||
import { RequestUser } from '../../utils/request-user.decorator';
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
@UseGuards(SessionGuard)
|
@UseGuards(SessionGuard)
|
||||||
|
|
@ -47,7 +48,6 @@ export class NotesController {
|
||||||
constructor(
|
constructor(
|
||||||
private readonly logger: ConsoleLoggerService,
|
private readonly logger: ConsoleLoggerService,
|
||||||
private noteService: NotesService,
|
private noteService: NotesService,
|
||||||
private permissionsService: PermissionsService,
|
|
||||||
private historyService: HistoryService,
|
private historyService: HistoryService,
|
||||||
private userService: UsersService,
|
private userService: UsersService,
|
||||||
private mediaService: MediaService,
|
private mediaService: MediaService,
|
||||||
|
|
@ -57,38 +57,34 @@ export class NotesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get(':noteIdOrAlias')
|
@Get(':noteIdOrAlias')
|
||||||
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async getNote(
|
async getNote(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
await this.historyService.updateHistoryEntryTimestamp(note, user);
|
await this.historyService.updateHistoryEntryTimestamp(note, user);
|
||||||
return await this.noteService.toNoteDto(note);
|
return await this.noteService.toNoteDto(note);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get(':noteIdOrAlias/media')
|
@Get(':noteIdOrAlias/media')
|
||||||
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async getNotesMedia(
|
async getNotesMedia(
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@RequestUser() user: User,
|
|
||||||
): Promise<MediaUploadDto[]> {
|
): Promise<MediaUploadDto[]> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
const media = await this.mediaService.listUploadsByNote(note);
|
const media = await this.mediaService.listUploadsByNote(note);
|
||||||
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Post()
|
@Post()
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
|
@Permissions(Permission.CREATE)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async createNote(
|
async createNote(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug('Got raw markdown:\n' + text);
|
this.logger.debug('Got raw markdown:\n' + text);
|
||||||
return await this.noteService.toNoteDto(
|
return await this.noteService.toNoteDto(
|
||||||
await this.noteService.createNote(text, user),
|
await this.noteService.createNote(text, user),
|
||||||
|
|
@ -97,14 +93,13 @@ export class NotesController {
|
||||||
|
|
||||||
@Post(':noteAlias')
|
@Post(':noteAlias')
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
|
@Permissions(Permission.CREATE)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async createNamedNote(
|
async createNamedNote(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteAlias') noteAlias: string,
|
@Param('noteAlias') noteAlias: string,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug('Got raw markdown:\n' + text, 'createNamedNote');
|
this.logger.debug('Got raw markdown:\n' + text, 'createNamedNote');
|
||||||
try {
|
try {
|
||||||
return await this.noteService.toNoteDto(
|
return await this.noteService.toNoteDto(
|
||||||
|
|
@ -123,14 +118,13 @@ export class NotesController {
|
||||||
|
|
||||||
@Delete(':noteIdOrAlias')
|
@Delete(':noteIdOrAlias')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
|
@Permissions(Permission.OWNER)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async deleteNote(
|
async deleteNote(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
|
||||||
throw new UnauthorizedException('Deleting note denied!');
|
|
||||||
}
|
|
||||||
const mediaUploads = await this.mediaService.listUploadsByNote(note);
|
const mediaUploads = await this.mediaService.listUploadsByNote(note);
|
||||||
for (const mediaUpload of mediaUploads) {
|
for (const mediaUpload of mediaUploads) {
|
||||||
if (!noteMediaDeletionDto.keepMedia) {
|
if (!noteMediaDeletionDto.keepMedia) {
|
||||||
|
|
@ -146,13 +140,12 @@ export class NotesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get(':noteIdOrAlias/revisions')
|
@Get(':noteIdOrAlias/revisions')
|
||||||
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async getNoteRevisions(
|
async getNoteRevisions(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<RevisionMetadataDto[]> {
|
): Promise<RevisionMetadataDto[]> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
const revisions = await this.revisionsService.getAllRevisions(note);
|
const revisions = await this.revisionsService.getAllRevisions(note);
|
||||||
return await Promise.all(
|
return await Promise.all(
|
||||||
revisions.map((revision) =>
|
revisions.map((revision) =>
|
||||||
|
|
@ -163,13 +156,12 @@ export class NotesController {
|
||||||
|
|
||||||
@Delete(':noteIdOrAlias/revisions')
|
@Delete(':noteIdOrAlias/revisions')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async purgeNoteRevisions(
|
async purgeNoteRevisions(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug(
|
this.logger.debug(
|
||||||
'Purging history of note: ' + note.id,
|
'Purging history of note: ' + note.id,
|
||||||
'purgeNoteRevisions',
|
'purgeNoteRevisions',
|
||||||
|
|
@ -183,15 +175,14 @@ export class NotesController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Get(':noteIdOrAlias/revisions/:revisionId')
|
@Get(':noteIdOrAlias/revisions/:revisionId')
|
||||||
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(PermissionsGuard)
|
||||||
async getNoteRevision(
|
async getNoteRevision(
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Param('revisionId') revisionId: number,
|
@Param('revisionId') revisionId: number,
|
||||||
): Promise<RevisionDto> {
|
): Promise<RevisionDto> {
|
||||||
try {
|
try {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
return this.revisionsService.toRevisionDto(
|
return this.revisionsService.toRevisionDto(
|
||||||
await this.revisionsService.getRevision(note, revisionId),
|
await this.revisionsService.getRevision(note, revisionId),
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@ import {
|
||||||
Param,
|
Param,
|
||||||
Post,
|
Post,
|
||||||
Put,
|
Put,
|
||||||
UnauthorizedException,
|
|
||||||
UseGuards,
|
UseGuards,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import {
|
import {
|
||||||
|
|
@ -48,7 +47,8 @@ import { NoteDto } from '../../../notes/note.dto';
|
||||||
import { Note } from '../../../notes/note.entity';
|
import { Note } from '../../../notes/note.entity';
|
||||||
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
|
import { NoteMediaDeletionDto } from '../../../notes/note.media-deletion.dto';
|
||||||
import { NotesService } from '../../../notes/notes.service';
|
import { NotesService } from '../../../notes/notes.service';
|
||||||
import { PermissionsService } from '../../../permissions/permissions.service';
|
import { Permissions } from '../../../permissions/permissions.decorator';
|
||||||
|
import { Permission } from '../../../permissions/permissions.enum';
|
||||||
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
||||||
import { RevisionDto } from '../../../revisions/revision.dto';
|
import { RevisionDto } from '../../../revisions/revision.dto';
|
||||||
import { RevisionsService } from '../../../revisions/revisions.service';
|
import { RevisionsService } from '../../../revisions/revisions.service';
|
||||||
|
|
@ -61,6 +61,7 @@ import {
|
||||||
import { FullApi } from '../../utils/fullapi-decorator';
|
import { FullApi } from '../../utils/fullapi-decorator';
|
||||||
import { GetNotePipe } from '../../utils/get-note.pipe';
|
import { GetNotePipe } from '../../utils/get-note.pipe';
|
||||||
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
||||||
|
import { PermissionsGuard } from '../../utils/permissions.guard';
|
||||||
import { RequestUser } from '../../utils/request-user.decorator';
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
@ApiTags('notes')
|
@ApiTags('notes')
|
||||||
|
|
@ -71,14 +72,14 @@ export class NotesController {
|
||||||
private readonly logger: ConsoleLoggerService,
|
private readonly logger: ConsoleLoggerService,
|
||||||
private noteService: NotesService,
|
private noteService: NotesService,
|
||||||
private revisionsService: RevisionsService,
|
private revisionsService: RevisionsService,
|
||||||
private permissionsService: PermissionsService,
|
|
||||||
private historyService: HistoryService,
|
private historyService: HistoryService,
|
||||||
private mediaService: MediaService,
|
private mediaService: MediaService,
|
||||||
) {
|
) {
|
||||||
this.logger.setContext(NotesController.name);
|
this.logger.setContext(NotesController.name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.CREATE)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Post()
|
@Post()
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
|
@ApiUnauthorizedResponse({ description: unauthorizedDescription })
|
||||||
|
|
@ -87,17 +88,14 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
// ToDo: provide user for createNoteDto
|
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug('Got raw markdown:\n' + text);
|
this.logger.debug('Got raw markdown:\n' + text);
|
||||||
return await this.noteService.toNoteDto(
|
return await this.noteService.toNoteDto(
|
||||||
await this.noteService.createNote(text, user),
|
await this.noteService.createNote(text, user),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias')
|
@Get(':noteIdOrAlias')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'Get information about the newly created note',
|
description: 'Get information about the newly created note',
|
||||||
|
|
@ -108,14 +106,12 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
await this.historyService.updateHistoryEntryTimestamp(note, user);
|
await this.historyService.updateHistoryEntryTimestamp(note, user);
|
||||||
return await this.noteService.toNoteDto(note);
|
return await this.noteService.toNoteDto(note);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.CREATE)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Post(':noteAlias')
|
@Post(':noteAlias')
|
||||||
@HttpCode(201)
|
@HttpCode(201)
|
||||||
@ApiCreatedResponse({
|
@ApiCreatedResponse({
|
||||||
|
|
@ -129,9 +125,6 @@ export class NotesController {
|
||||||
@Param('noteAlias') noteAlias: string,
|
@Param('noteAlias') noteAlias: string,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayCreate(user)) {
|
|
||||||
throw new UnauthorizedException('Creating note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug('Got raw markdown:\n' + text, 'createNamedNote');
|
this.logger.debug('Got raw markdown:\n' + text, 'createNamedNote');
|
||||||
try {
|
try {
|
||||||
return await this.noteService.toNoteDto(
|
return await this.noteService.toNoteDto(
|
||||||
|
|
@ -148,7 +141,8 @@ export class NotesController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.OWNER)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Delete(':noteIdOrAlias')
|
@Delete(':noteIdOrAlias')
|
||||||
@HttpCode(204)
|
@HttpCode(204)
|
||||||
@ApiNoContentResponse({ description: successfullyDeletedDescription })
|
@ApiNoContentResponse({ description: successfullyDeletedDescription })
|
||||||
|
|
@ -158,9 +152,6 @@ export class NotesController {
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
|
||||||
throw new UnauthorizedException('Deleting note denied!');
|
|
||||||
}
|
|
||||||
const mediaUploads = await this.mediaService.listUploadsByNote(note);
|
const mediaUploads = await this.mediaService.listUploadsByNote(note);
|
||||||
for (const mediaUpload of mediaUploads) {
|
for (const mediaUpload of mediaUploads) {
|
||||||
if (!noteMediaDeletionDto.keepMedia) {
|
if (!noteMediaDeletionDto.keepMedia) {
|
||||||
|
|
@ -175,7 +166,8 @@ export class NotesController {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.WRITE)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Put(':noteIdOrAlias')
|
@Put(':noteIdOrAlias')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'The new, changed note',
|
description: 'The new, changed note',
|
||||||
|
|
@ -187,16 +179,14 @@ export class NotesController {
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@MarkdownBody() text: string,
|
@MarkdownBody() text: string,
|
||||||
): Promise<NoteDto> {
|
): Promise<NoteDto> {
|
||||||
if (!this.permissionsService.mayWrite(user, note)) {
|
|
||||||
throw new UnauthorizedException('Updating note denied!');
|
|
||||||
}
|
|
||||||
this.logger.debug('Got raw markdown:\n' + text, 'updateNote');
|
this.logger.debug('Got raw markdown:\n' + text, 'updateNote');
|
||||||
return await this.noteService.toNoteDto(
|
return await this.noteService.toNoteDto(
|
||||||
await this.noteService.updateNote(note, text),
|
await this.noteService.updateNote(note, text),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias/content')
|
@Get(':noteIdOrAlias/content')
|
||||||
@ApiProduces('text/markdown')
|
@ApiProduces('text/markdown')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
|
|
@ -208,13 +198,11 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
return await this.noteService.getNoteContent(note);
|
return await this.noteService.getNoteContent(note);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias/metadata')
|
@Get(':noteIdOrAlias/metadata')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'The metadata of the note',
|
description: 'The metadata of the note',
|
||||||
|
|
@ -225,13 +213,11 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<NoteMetadataDto> {
|
): Promise<NoteMetadataDto> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
return await this.noteService.toNoteMetadataDto(note);
|
return await this.noteService.toNoteMetadataDto(note);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.OWNER)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Put(':noteIdOrAlias/metadata/permissions')
|
@Put(':noteIdOrAlias/metadata/permissions')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'The updated permissions of the note',
|
description: 'The updated permissions of the note',
|
||||||
|
|
@ -243,15 +229,13 @@ export class NotesController {
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Body() updateDto: NotePermissionsUpdateDto,
|
@Body() updateDto: NotePermissionsUpdateDto,
|
||||||
): Promise<NotePermissionsDto> {
|
): Promise<NotePermissionsDto> {
|
||||||
if (!this.permissionsService.isOwner(user, note)) {
|
|
||||||
throw new UnauthorizedException('Updating note denied!');
|
|
||||||
}
|
|
||||||
return this.noteService.toNotePermissionsDto(
|
return this.noteService.toNotePermissionsDto(
|
||||||
await this.noteService.updateNotePermissions(note, updateDto),
|
await this.noteService.updateNotePermissions(note, updateDto),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias/revisions')
|
@Get(':noteIdOrAlias/revisions')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'Revisions of the note',
|
description: 'Revisions of the note',
|
||||||
|
|
@ -263,9 +247,6 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<RevisionMetadataDto[]> {
|
): Promise<RevisionMetadataDto[]> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
const revisions = await this.revisionsService.getAllRevisions(note);
|
const revisions = await this.revisionsService.getAllRevisions(note);
|
||||||
return await Promise.all(
|
return await Promise.all(
|
||||||
revisions.map((revision) =>
|
revisions.map((revision) =>
|
||||||
|
|
@ -274,7 +255,8 @@ export class NotesController {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias/revisions/:revisionId')
|
@Get(':noteIdOrAlias/revisions/:revisionId')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'Revision of the note for the given id or alias',
|
description: 'Revision of the note for the given id or alias',
|
||||||
|
|
@ -286,9 +268,6 @@ export class NotesController {
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
@Param('revisionId') revisionId: number,
|
@Param('revisionId') revisionId: number,
|
||||||
): Promise<RevisionDto> {
|
): Promise<RevisionDto> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
try {
|
try {
|
||||||
return this.revisionsService.toRevisionDto(
|
return this.revisionsService.toRevisionDto(
|
||||||
await this.revisionsService.getRevision(note, revisionId),
|
await this.revisionsService.getRevision(note, revisionId),
|
||||||
|
|
@ -301,7 +280,8 @@ export class NotesController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@UseGuards(TokenAuthGuard)
|
@Permissions(Permission.READ)
|
||||||
|
@UseGuards(TokenAuthGuard, PermissionsGuard)
|
||||||
@Get(':noteIdOrAlias/media')
|
@Get(':noteIdOrAlias/media')
|
||||||
@ApiOkResponse({
|
@ApiOkResponse({
|
||||||
description: 'All media uploads of the note',
|
description: 'All media uploads of the note',
|
||||||
|
|
@ -313,9 +293,6 @@ export class NotesController {
|
||||||
@RequestUser() user: User,
|
@RequestUser() user: User,
|
||||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||||
): Promise<MediaUploadDto[]> {
|
): Promise<MediaUploadDto[]> {
|
||||||
if (!this.permissionsService.mayRead(user, note)) {
|
|
||||||
throw new UnauthorizedException('Reading note denied!');
|
|
||||||
}
|
|
||||||
const media = await this.mediaService.listUploadsByNote(note);
|
const media = await this.mediaService.listUploadsByNote(note);
|
||||||
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue