From de7953c6eafbbff9fea7c83ffe26dcbfa93311a9 Mon Sep 17 00:00:00 2001 From: Mark van Renswoude Date: Sat, 28 Apr 2018 09:51:58 +0200 Subject: [PATCH] Added deleting of codes Fixed issue with all users seeing all codes and uploads --- .gitignore | 3 +- lib/api/admin.js | 32 ++++++++++---- lib/repository/code.js | 20 +++++++++ public/src/App.vue | 5 +++ public/src/locale/en.js | 3 +- public/src/locale/nl.js | 3 +- public/src/route/admin/Codes.vue | 70 +++++++++++++++++++++++++++--- public/src/route/admin/Menu.vue | 4 +- public/src/route/admin/Uploads.vue | 22 ++++------ 9 files changed, 128 insertions(+), 34 deletions(-) diff --git a/.gitignore b/.gitignore index 493873b..182ac92 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ public/dist/*.js public/dist/index.html config.js *.sublime-workspace -npm-debug.log \ No newline at end of file +npm-debug.log +/custom/images/logo.png \ No newline at end of file diff --git a/lib/api/admin.js b/lib/api/admin.js index 400f0b9..687fd2f 100644 --- a/lib/api/admin.js +++ b/lib/api/admin.js @@ -23,9 +23,9 @@ async function checkAuthorization(req, res, repository, onVerified) token = req.headers.authorization.split(' ')[1]; } - else if (req.cookies && req.cookies.token) + else if (req.cookies && req.cookies.adminToken) { - token = req.cookies.token; + token = req.cookies.adminToken; } else { @@ -78,7 +78,7 @@ module.exports = (repository) => await checkAuthorization(req, res, repository, async (user) => { res.send({ - userId: user.userId, + userId: user.id, username: user.username, auth: user.auth }); @@ -111,7 +111,7 @@ module.exports = (repository) => { await checkAuthorization(req, res, repository, async (user) => { - var codes = await repository.codes.getCodes(user.hasAuth(AuthTokens.ViewAllCodes) ? null : user.userId); + var codes = await repository.codes.getCodes(user.hasAuth(AuthTokens.ViewAllCodes) ? null : user.id); var usernames = await repository.users.getNames(); codes.forEach((item) => @@ -129,7 +129,7 @@ module.exports = (repository) => await checkAuthorization(req, res, repository, async (user) => { var code = await repository.codes.getCode(req.params.code); - if (code === null || (code.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllCodes))) + if (code === null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes))) { res.sendStatus(404); return; @@ -153,7 +153,7 @@ module.exports = (repository) => if (postedCode.id) { var code = await repository.codes.getCode(postedCode.id); - if (code === null || (code.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllCodes))) + if (code === null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes))) { res.sendStatus(404); return; @@ -183,6 +183,22 @@ module.exports = (repository) => })); + router.delete('/codes/:id', asyncHandler(async (req, res) => + { + await checkAuthorization(req, res, repository, async (user) => + { + var code = await repository.codes.getCode(req.params.id); + if (code == null || (code.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllCodes))) + { + res.sendStatus(404); + return; + } + + repository.codes.delete(code.id); + res.sendStatus(200); + }); + })); + /* Uploads */ @@ -190,7 +206,7 @@ module.exports = (repository) => { await checkAuthorization(req, res, repository, async (user) => { - var files = await repository.uploads.getUploads(user.hasAuth(AuthTokens.ViewAllUploads) ? null : user.userId); + var files = await repository.uploads.getUploads(user.hasAuth(AuthTokens.ViewAllUploads) ? null : user.id); var usernames = await repository.users.getNames(); var codedescriptions = await repository.codes.getDescriptions(); @@ -210,7 +226,7 @@ module.exports = (repository) => await checkAuthorization(req, res, repository, async (user) => { var upload = await repository.uploads.getUpload(req.params.id); - if (upload == null || (upload.userId !== user.userId && !user.hasAuth(AuthTokens.ViewAllUploads))) + if (upload == null || (upload.userId !== user.id && !user.hasAuth(AuthTokens.ViewAllUploads))) { res.sendStatus(404); return; diff --git a/lib/repository/code.js b/lib/repository/code.js index 3ca760c..22be78e 100644 --- a/lib/repository/code.js +++ b/lib/repository/code.js @@ -194,6 +194,26 @@ class CodeRepository { return message !== null ? markdown.toHTML(message) : null; } + + + delete(code) + { + var self = this; + + return new Promise((resolve, reject) => + { + self.store.remove({ _id: code }, (err, numRemoved) => + { + if (err) + { + reject(err); + return; + } + + resolve(); + }); + }); + } } diff --git a/public/src/App.vue b/public/src/App.vue index 106d829..13a2a92 100644 --- a/public/src/App.vue +++ b/public/src/App.vue @@ -183,4 +183,9 @@ a margin-left: 180px; margin-bottom: .5rem; } + +.confirmDelete +{ + color: red; +} \ No newline at end of file diff --git a/public/src/locale/en.js b/public/src/locale/en.js index 44613c8..4120537 100644 --- a/public/src/locale/en.js +++ b/public/src/locale/en.js @@ -59,7 +59,8 @@ export default { list: { code: 'Code', - owner: 'Owner' + owner: 'Owner', + actions: 'Actions' }, detail: { diff --git a/public/src/locale/nl.js b/public/src/locale/nl.js index 1a499cc..f164d85 100644 --- a/public/src/locale/nl.js +++ b/public/src/locale/nl.js @@ -59,7 +59,8 @@ export default { list: { code: 'Code', - owner: 'Eigenaar' + owner: 'Eigenaar', + actions: 'Acties' }, detail: { diff --git a/public/src/route/admin/Codes.vue b/public/src/route/admin/Codes.vue index 0836292..57430a7 100644 --- a/public/src/route/admin/Codes.vue +++ b/public/src/route/admin/Codes.vue @@ -4,15 +4,22 @@
-
{{ $t('admin.codes.list.code') }}
-
{{ $t('admin.codes.list.owner') }}
+
{{ $t('admin.codes.list.code') }}
+
{{ $t('admin.codes.list.owner') }}
+
{{ $t('admin.codes.list.actions') }}
-
{{ code.id }}
-
{{ code.username }}
-
{{ code.description }}
+
+ {{ code.id }} + {{ code.description }} +
+
{{ code.username }}
+
+ + +
@@ -35,7 +42,8 @@ export default { data() { return { - codes: null + codes: null, + confirmDelete: null }; }, @@ -53,6 +61,54 @@ export default { self.codes = _.orderBy(response.data, ['created'], ['desc']); }) .catch((error) => { shared.$emit('apiError', error, this.$router) }); + }, + + + methods: { + hasAuth(token) + { + return shared.user !== null && shared.user.auth.indexOf(token) > -1; + }, + + + deleteClick(codeId) + { + var self = this; + + if (self.confirmDelete == codeId) + { + self.confirmDelete = null; + + axios.delete('/admin/codes/' + encodeURIComponent(codeId), { + headers: { + Authorization: 'Bearer ' + shared.adminToken + }}) + .then((response) => + { + var index = _.findIndex(self.codes, (item) => { return item.id == codeId; }); + if (index > -1) + self.codes.splice(index, 1); + }) + .catch((error) => { shared.$emit('apiError', error, this.$router) }); + } + else + { + self.confirmDelete = codeId; + } + }, + + cancelDelete() + { + var self = this; + self.confirmDelete = null; + } } } - \ No newline at end of file + + + \ No newline at end of file diff --git a/public/src/route/admin/Menu.vue b/public/src/route/admin/Menu.vue index 1ab3f23..3d0c0d7 100644 --- a/public/src/route/admin/Menu.vue +++ b/public/src/route/admin/Menu.vue @@ -7,7 +7,7 @@ -
  • +
  • {{ $t('admin.logout') }}
  • @@ -90,7 +90,7 @@ export default { } } - .right + .logout { float: right; } diff --git a/public/src/route/admin/Uploads.vue b/public/src/route/admin/Uploads.vue index f95a4d0..5fae7ad 100644 --- a/public/src/route/admin/Uploads.vue +++ b/public/src/route/admin/Uploads.vue @@ -6,7 +6,7 @@
    {{ upload.codedescription || upload.code }}
    {{ upload.code }}
    -
    {{ upload.username }}
    +
    {{ upload.username }}
    {{ upload.created | formatDateTime }}
    @@ -14,7 +14,7 @@
    @@ -76,6 +76,12 @@ export default { }, methods: { + hasAuth(token) + { + return shared.user !== null && shared.user.auth.indexOf(token) > -1; + }, + + getFileIconUrl(filename) { var ext = this.getExtension(filename); @@ -196,16 +202,4 @@ export default { { font-weight: bold; } - - -.right -{ - text-align: right; -} - - -.confirm -{ - color: red; -} \ No newline at end of file