mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-23 11:37:02 -04:00
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
This commit is contained in:
Alexandru Văleanu
GitHub
parent
93844efc6c
commit
b3d3015ce7
2 changed files with 68 additions and 4 deletions
|
|
@ -6,20 +6,26 @@
|
|||
import {
|
||||
BadRequestException,
|
||||
Controller,
|
||||
Delete,
|
||||
Headers,
|
||||
HttpCode,
|
||||
InternalServerErrorException,
|
||||
NotFoundException,
|
||||
Param,
|
||||
Post,
|
||||
UnauthorizedException,
|
||||
UploadedFile,
|
||||
UseGuards,
|
||||
UseInterceptors,
|
||||
} from '@nestjs/common';
|
||||
import { FileInterceptor } from '@nestjs/platform-express';
|
||||
import { ApiNoContentResponse } from '@nestjs/swagger';
|
||||
|
||||
import {
|
||||
ClientError,
|
||||
MediaBackendError,
|
||||
NotInDBError,
|
||||
PermissionError,
|
||||
} from '../../../errors/errors';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
|
|
@ -29,7 +35,7 @@ import { MulterFile } from '../../../media/multer-file.interface';
|
|||
import { Note } from '../../../notes/note.entity';
|
||||
import { NotesService } from '../../../notes/notes.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { successfullyDeletedDescription } from '../../utils/descriptions';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
|
|
@ -38,7 +44,6 @@ export class MediaController {
|
|||
constructor(
|
||||
private readonly logger: ConsoleLoggerService,
|
||||
private mediaService: MediaService,
|
||||
private userService: UsersService,
|
||||
private noteService: NotesService,
|
||||
) {
|
||||
this.logger.setContext(MediaController.name);
|
||||
|
|
@ -73,4 +78,46 @@ export class MediaController {
|
|||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@Delete(':filename')
|
||||
@HttpCode(204)
|
||||
@ApiNoContentResponse({ description: successfullyDeletedDescription })
|
||||
async deleteMedia(
|
||||
@RequestUser() user: User,
|
||||
@Param('filename') filename: string,
|
||||
): Promise<void> {
|
||||
const username = user.username;
|
||||
try {
|
||||
this.logger.debug(
|
||||
`Deleting '${filename}' for user '${username}'`,
|
||||
'deleteMedia',
|
||||
);
|
||||
const mediaUpload = await this.mediaService.findUploadByFilename(
|
||||
filename,
|
||||
);
|
||||
if (mediaUpload.user.username !== username) {
|
||||
this.logger.warn(
|
||||
`${username} tried to delete '${filename}', but is not the owner`,
|
||||
'deleteMedia',
|
||||
);
|
||||
throw new PermissionError(
|
||||
`File '${filename}' is not owned by '${username}'`,
|
||||
);
|
||||
}
|
||||
await this.mediaService.deleteFile(mediaUpload);
|
||||
} catch (e) {
|
||||
if (e instanceof PermissionError) {
|
||||
throw new UnauthorizedException(e.message);
|
||||
}
|
||||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof MediaBackendError) {
|
||||
throw new InternalServerErrorException(
|
||||
'There was an error in the media backend',
|
||||
);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue