Permission check for author editing.
Fixed manifest.json. Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>pull/3/head
parent
e76bb6c493
commit
b3ee9aec10
|
@ -98,6 +98,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
|||
|
||||
return { success: true, data: user };
|
||||
}
|
||||
// TODO: Rename patchUser
|
||||
async function editUser({ requester_id, user_id, user_content }) {
|
||||
let user = await getUser({ user_id: user_id });
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
|
@ -229,6 +230,7 @@ async function getPost({ requester_id, post_id, visibility = "PUBLISHED" } = {},
|
|||
return pageList.slice(0, 5);
|
||||
}
|
||||
}
|
||||
// TODO: Rename patchPost
|
||||
async function editPost({ requester_id, post_id, post_content }) {
|
||||
let user = await getUser({ user_id: requester_id });
|
||||
let post = await getPost({ post_id: post_id });
|
||||
|
@ -324,18 +326,19 @@ async function getBiography({ requester_id, author_id }) {
|
|||
|
||||
return { success: true, data: post };
|
||||
}
|
||||
// TODO: Rename to patchBiography
|
||||
async function updateBiography({ requester_id, author_id, biography_content }) {
|
||||
let user = await getUser({ user_id: requester_id });
|
||||
let biography = await getBiography({ author_id: author_id });
|
||||
|
||||
if (!user.success) return _r(false, user.message || "Author not found");
|
||||
user = user.data;
|
||||
|
||||
if (!biography.success) return _r(false, biography.message || "Post not found");
|
||||
biography = biography.data;
|
||||
|
||||
let can_update = biography.owner.id === user.id || user.role === "ADMIN";
|
||||
if (!can_update) return _r(false, "User not permitted");
|
||||
// Permission check
|
||||
const can_act = permissions.patchBiography(biography_content, user);
|
||||
if (!can_act.success) return _r(false, "User not permitted");
|
||||
|
||||
let formatted = {
|
||||
content: biography_content.content,
|
||||
|
|
|
@ -15,8 +15,12 @@ function patchPost(post_content, user) {
|
|||
// User is not permitted
|
||||
return _r(false, "User is not permitted to preform action.");
|
||||
}
|
||||
function patchBiography(biography, user) {
|
||||
// Biographies are just fancy posts right now.
|
||||
return patchPost(biography, user);
|
||||
}
|
||||
|
||||
function _r(s, m, d) {
|
||||
return { success: s, message: m ? m || "Unknown error" : undefined, data: d };
|
||||
}
|
||||
module.exports = { patchPost };
|
||||
module.exports = { patchPost, patchBiography };
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
"login": "/ejs/login.ejs",
|
||||
"register": "/ejs/register.ejs",
|
||||
"author": "/ejs/author.ejs",
|
||||
"authorEdit": "/ejs/authorEdit.ejs",
|
||||
"post": "/ejs/post.ejs",
|
||||
"postSearch": "/ejs/postSearch.ejs",
|
||||
"postNew": "/ejs/postNew.ejs",
|
||||
|
|
Loading…
Reference in New Issue