From de7953c6eafbbff9fea7c83ffe26dcbfa93311a9 Mon Sep 17 00:00:00 2001
From: Mark van Renswoude <mark@x2software.net>
Date: Sat, 28 Apr 2018 09:51:58 +0200
Subject: [PATCH] Added deleting of codes

Fixed issue with all users seeing all codes and uploads
---
 .gitignore                         |  3 +-
 lib/api/admin.js                   | 32 ++++++++++----
 lib/repository/code.js             | 20 +++++++++
 public/src/App.vue                 |  5 +++
 public/src/locale/en.js            |  3 +-
 public/src/locale/nl.js            |  3 +-
 public/src/route/admin/Codes.vue   | 70 +++++++++++++++++++++++++++---
 public/src/route/admin/Menu.vue    |  4 +-
 public/src/route/admin/Uploads.vue | 22 ++++------
 9 files changed, 128 insertions(+), 34 deletions(-)

diff --git a/.gitignore b/.gitignore
index 493873b..182ac92 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ public/dist/*.js
 public/dist/index.html
 config.js
 *.sublime-workspace
-npm-debug.log
\ No newline at end of file
+npm-debug.log
+/custom/images/logo.png
\ No newline at end of file
diff --git a/lib/api/admin.js b/lib/api/admin.js
index 400f0b9..687fd2f 100644
--- a/lib/api/admin.js
+++ b/lib/api/admin.js
@@ -23,9 +23,9 @@ async function checkAuthorization(req, res, repository, onVerified)
 
     token = req.headers.authorization.split(' ')[1];
   }
-  else if (req.cookies && req.cookies.token)
+  else if (req.cookies && req.cookies.adminToken)
   {
-    token = req.cookies.token;
+    token = req.cookies.adminToken;
   }
   else
   {
@@ -78,7 +78,7 @@ module.exports = (repository) =>
     await checkAuthorization(req, res, repository, async (user) =>
     {
       res.send({
-        userId: user.userId,
+        userId: user.id,
         username: user.username,
         auth: user.auth
       });
@@ -111,7 +111,7 @@ module.exports = (repository) =>
   {
     await checkAuthorization(req, res, repository, async (user) =>
     {
-      var codes = await repository.codes.getCodes(user.hasAuth(AuthTokens.ViewAllCodes) ? null : user.userId);
+      var codes = await repository.codes.getCodes(user.hasAuth(AuthTokens.ViewAllCodes) ? null : user.id);
       var usernames = await repository.users.getNames();
 
       codes.forEach((item) =>
@@ -129,7 +129,7 @@ module.exports = (repository) =>
     await checkAuthorization(req, res, repository, async (user) =>
     {
       var code = await repository.codes.getCode(req.params.code);
-      if (code === null || (code.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllCodes)))
+      if (code === null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes)))
       {
         res.sendStatus(404);
         return;
@@ -153,7 +153,7 @@ module.exports = (repository) =>
       if (postedCode.id)
       {
         var code = await repository.codes.getCode(postedCode.id);
-        if (code === null || (code.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllCodes)))
+        if (code === null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes)))
         {
           res.sendStatus(404);
           return;
@@ -183,6 +183,22 @@ module.exports = (repository) =>
   }));
 
 
+  router.delete('/codes/:id', asyncHandler(async (req, res) =>
+  {
+    await checkAuthorization(req, res, repository, async (user) =>
+    {
+      var code = await repository.codes.getCode(req.params.id);
+      if (code == null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes)))
+      {
+        res.sendStatus(404);
+        return;
+      }
+
+      repository.codes.delete(code.id);
+      res.sendStatus(200);
+    });
+  }));
+
   /*
     Uploads
   */
@@ -190,7 +206,7 @@ module.exports = (repository) =>
   {
     await checkAuthorization(req, res, repository, async (user) =>
     {
-      var files = await repository.uploads.getUploads(user.hasAuth(AuthTokens.ViewAllUploads) ? null : user.userId);
+      var files = await repository.uploads.getUploads(user.hasAuth(AuthTokens.ViewAllUploads) ? null : user.id);
       var usernames = await repository.users.getNames();
       var codedescriptions = await repository.codes.getDescriptions();
 
@@ -210,7 +226,7 @@ module.exports = (repository) =>
     await checkAuthorization(req, res, repository, async (user) =>
     {
       var upload = await repository.uploads.getUpload(req.params.id);
-      if (upload == null || (upload.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllUploads)))
+      if (upload == null || (upload.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllUploads)))
       {
         res.sendStatus(404);
         return;
diff --git a/lib/repository/code.js b/lib/repository/code.js
index 3ca760c..22be78e 100644
--- a/lib/repository/code.js
+++ b/lib/repository/code.js
@@ -194,6 +194,26 @@ class CodeRepository
   {
     return message !== null ? markdown.toHTML(message) : null;
   }
+
+
+  delete(code)
+  {
+    var self = this;
+
+    return new Promise((resolve, reject) =>
+    {
+      self.store.remove({ _id: code }, (err, numRemoved) =>
+      {
+        if (err)
+        {
+          reject(err);
+          return;
+        }
+
+        resolve();
+      });
+    });
+  }
 }
 
 
diff --git a/public/src/App.vue b/public/src/App.vue
index 106d829..13a2a92 100644
--- a/public/src/App.vue
+++ b/public/src/App.vue
@@ -183,4 +183,9 @@ a
   margin-left: 180px;
   margin-bottom: .5rem;
 }
+
+.confirmDelete
+{
+  color: red;
+}
 </style>
\ No newline at end of file
diff --git a/public/src/locale/en.js b/public/src/locale/en.js
index 44613c8..4120537 100644
--- a/public/src/locale/en.js
+++ b/public/src/locale/en.js
@@ -59,7 +59,8 @@ export default {
 
       list: {
         code: 'Code',
-        owner: 'Owner'
+        owner: 'Owner',
+        actions: 'Actions'
       },
 
       detail: {
diff --git a/public/src/locale/nl.js b/public/src/locale/nl.js
index 1a499cc..f164d85 100644
--- a/public/src/locale/nl.js
+++ b/public/src/locale/nl.js
@@ -59,7 +59,8 @@ export default {
 
       list: {
         code: 'Code',
-        owner: 'Eigenaar'
+        owner: 'Eigenaar',
+        actions: 'Acties'
       },
 
       detail: {
diff --git a/public/src/route/admin/Codes.vue b/public/src/route/admin/Codes.vue
index 0836292..57430a7 100644
--- a/public/src/route/admin/Codes.vue
+++ b/public/src/route/admin/Codes.vue
@@ -4,15 +4,22 @@
 
     <div v-if="codes !== null">
       <div class="pure-g list-header">
-        <div class="pure-u-3-4"><span class="text">{{ $t('admin.codes.list.code') }}</span></div>
-        <div class="pure-u-1-4"><span class="text">{{ $t('admin.codes.list.owner') }}</span></div>
+        <div class="pure-u-1-2"><span class="text">{{ $t('admin.codes.list.code') }}</span></div>
+        <div class="pure-u-1-4"><span class="text" v-if="hasAuth('viewAllCodes')">{{ $t('admin.codes.list.owner') }}</span></div>
+        <div class="pure-u-1-4"><span class="text">{{ $t('admin.codes.list.actions') }}</span></div>
       </div>
 
       <div v-for="code in codes" class="list">
         <div class="pure-g row">
-          <div class="pure-u-3-4"><span class="text"><router-link :to="'codes/edit/' + encodeURIComponent(code.id)">{{ code.id }}</router-link></span></div>
-          <div class="pure-u-1-4"><span class="text">{{ code.username }}</span></div>
-          <div class="pure-u-1-1" v-if="code.description"><span class="text description">{{ code.description }}</span></div>
+          <div class="pure-u-1-2">
+            <span class="text code"><router-link :to="'codes/edit/' + encodeURIComponent(code.id)">{{ code.id }}</router-link></span>
+            <span class="text description" v-if="code.description">{{ code.description }}</span>
+          </div>
+          <div class="pure-u-1-4"><span class="text" v-if="hasAuth('viewAllCodes')">{{ code.username }}</span></div>
+          <div class="pure-u-1-4">
+            <button class="pure-button"v-if="confirmDelete == code.id" @click.prevent="cancelDelete"><fa icon="ban"></fa></button>
+            <button class="pure-button" :class="{ confirmDelete: confirmDelete == code.id }" @click.prevent="deleteClick(code.id)"><fa icon="trash-alt"></fa></button>
+          </div>
         </div>
       </div>
 
@@ -35,7 +42,8 @@ export default {
   data()
   {
     return {
-      codes: null
+      codes: null,
+      confirmDelete: null
     };
   },
 
@@ -53,6 +61,54 @@ export default {
       self.codes = _.orderBy(response.data, ['created'], ['desc']);
     })
     .catch((error) => { shared.$emit('apiError', error, this.$router) });
+  },
+
+
+  methods: {
+    hasAuth(token)
+    {
+      return shared.user !== null && shared.user.auth.indexOf(token) > -1;
+    },
+
+
+    deleteClick(codeId)
+    {
+      var self = this;
+
+      if (self.confirmDelete == codeId)
+      {
+        self.confirmDelete = null;
+
+        axios.delete('/admin/codes/' + encodeURIComponent(codeId), {
+          headers: {
+            Authorization: 'Bearer ' + shared.adminToken
+          }})
+          .then((response) =>
+          {
+            var index = _.findIndex(self.codes, (item) => { return item.id == codeId; });
+            if (index > -1)
+              self.codes.splice(index, 1);
+          })
+          .catch((error) => { shared.$emit('apiError', error, this.$router) });
+      }
+      else
+      {
+        self.confirmDelete = codeId;
+      }
+    },
+
+    cancelDelete()
+    {
+      var self = this;
+      self.confirmDelete = null;
+    }
   }
 }
-</script>
\ No newline at end of file
+</script>
+
+<style lang="scss">
+.description
+{
+  display: block;
+}
+</style>
\ No newline at end of file
diff --git a/public/src/route/admin/Menu.vue b/public/src/route/admin/Menu.vue
index 1ab3f23..3d0c0d7 100644
--- a/public/src/route/admin/Menu.vue
+++ b/public/src/route/admin/Menu.vue
@@ -7,7 +7,7 @@
           <menu-link route="/admin/codes" :title="$t('admin.menu.codes')"></menu-link>
           <menu-link route="/admin/users" :title="$t('admin.menu.users')" v-if="hasAuth('manageUsers')"></menu-link>
 
-          <li class="pure-menu-item right">
+          <li class="pure-menu-item logout">
             <a class="pure-menu-link" href="#" @click.prevent="logout">{{ $t('admin.logout') }}</a>
           </li>
         </ul>
@@ -90,7 +90,7 @@ export default {
     }
   }
 
-  .right
+  .logout
   {
     float: right;
   }
diff --git a/public/src/route/admin/Uploads.vue b/public/src/route/admin/Uploads.vue
index f95a4d0..5fae7ad 100644
--- a/public/src/route/admin/Uploads.vue
+++ b/public/src/route/admin/Uploads.vue
@@ -6,7 +6,7 @@
           <div class="pure-g">
             <div class="pure-u-1-1"><span class="text codedescription">{{ upload.codedescription || upload.code }}</span></div>
             <div class="pure-u-1-3"><span class="text">{{ upload.code }}</span></div>
-            <div class="pure-u-1-3"><span class="text">{{ upload.username }}</span></div>
+            <div class="pure-u-1-3"><span class="text" v-if="hasAuth('viewAllUploads')">{{ upload.username }}</span></div>
             <div class="pure-u-1-3 right"><span class="text">{{ upload.created | formatDateTime }}</span></div>
           </div>
         </div>
@@ -14,7 +14,7 @@
         <div class="pure-menu pure-menu-horizontal">
           <ul class="pure-menu-list">
             <li class="pure-menu-item" v-if="confirmDelete == upload.id"><a href="#" class="pure-menu-link" @click.prevent="cancelDelete"><fa icon="ban"></fa> {{ $t('admin.cancel') }}</a></li>
-            <li class="pure-menu-item"><a href="#" class="pure-menu-link" :class="{ confirm: confirmDelete == upload.id }" @click.prevent="deleteClick(upload.id)"><fa icon="trash-alt"></fa> {{ $t('admin.delete') }}</a></li>
+            <li class="pure-menu-item"><a href="#" class="pure-menu-link" :class="{ confirmDelete: confirmDelete == upload.id }" @click.prevent="deleteClick(upload.id)"><fa icon="trash-alt"></fa> {{ $t('admin.delete') }}</a></li>
           </ul>
         </div>
 
@@ -76,6 +76,12 @@ export default {
   },
 
   methods: {
+    hasAuth(token)
+    {
+      return shared.user !== null && shared.user.auth.indexOf(token) > -1;
+    },
+
+
     getFileIconUrl(filename)
     {
       var ext = this.getExtension(filename);
@@ -196,16 +202,4 @@ export default {
 {
   font-weight: bold;
 }
-
-
-.right
-{
-  text-align: right;
-}
-
-
-.confirm
-{
-  color: red;
-}
 </style>
\ No newline at end of file