mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-14 07:04:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Get user from Session instead of hardcoded value

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
Yannick Bungers 2021-09-23 22:44:34 +02:00 committed by David Mehren
parent 263de45748
commit ad190fcf22
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
7 changed files with 92 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/api/private/notes/notes.controller.ts
View file

@ -14,6 +14,7 @@ import {
Param,
Post,
UnauthorizedException,
UseGuards,
} from '@nestjs/common';
import {
@ -22,6 +23,7 @@ import {
NotInDBError,
} from '../../../errors/errors';
import { HistoryService } from '../../../history/history.service';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service';
@ -34,9 +36,12 @@ import { PermissionsService } from '../../../permissions/permissions.service';
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
import { RevisionDto } from '../../../revisions/revision.dto';
import { RevisionsService } from '../../../revisions/revisions.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service';
import { MarkdownBody } from '../../utils/markdownbody-decorator';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('notes')
export class NotesController {
constructor(
@ -53,10 +58,9 @@ export class NotesController {
@Get(':noteIdOrAlias')
async getNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!');
}
@ -67,10 +71,9 @@ export class NotesController {
@Get(':noteIdOrAlias/media')
async getNotesMedia(
@Param('noteIdOrAlias', GetNotePipe) note: Note,
@RequestUser() user: User,
): Promise<MediaUploadDto[]> {
try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!');
}
@ -86,10 +89,10 @@ export class NotesController {
@Post()
@HttpCode(201)
async createNote(@MarkdownBody() text: string): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
// ToDo: provide user for createNoteDto
async createNote(
@RequestUser() user: User,
@MarkdownBody() text: string,
): Promise<NoteDto> {
if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!');
}
@ -102,11 +105,10 @@ export class NotesController {
@Post(':noteAlias')
@HttpCode(201)
async createNamedNote(
@RequestUser() user: User,
@Param('noteAlias') noteAlias: string,
@MarkdownBody() text: string,
): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!');
}
@ -129,12 +131,11 @@ export class NotesController {
@Delete(':noteIdOrAlias')
@HttpCode(204)
async deleteNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note,
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
): Promise<void> {
try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Deleting note denied!');
}
@ -160,11 +161,10 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions')
async getNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<RevisionMetadataDto[]> {
try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!');
}
@ -185,11 +185,10 @@ export class NotesController {
@Delete(':noteIdOrAlias/revisions')
@HttpCode(204)
async purgeNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias') noteIdOrAlias: string,
): Promise<void> {
try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!');
@ -217,12 +216,11 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions/:revisionId')
async getNoteRevision(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note,
@Param('revisionId') revisionId: number,
): Promise<RevisionDto> {
try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!');
}