2017-08-29 15:37:17 +00:00
|
|
|
// @flow
|
2016-05-07 18:52:08 +00:00
|
|
|
import Router from 'koa-router';
|
2018-05-28 18:36:37 +00:00
|
|
|
import auth from '../middlewares/authentication';
|
2016-05-07 18:52:08 +00:00
|
|
|
import pagination from './middlewares/pagination';
|
2019-01-05 21:37:33 +00:00
|
|
|
import { presentCollection, presentUser } from '../presenters';
|
|
|
|
import { Collection, CollectionUser, Team, User } from '../models';
|
|
|
|
import { ValidationError, InvalidRequestError } from '../errors';
|
2018-06-21 04:33:21 +00:00
|
|
|
import { exportCollection, exportCollections } from '../logistics';
|
2018-02-18 09:14:51 +00:00
|
|
|
import policy from '../policies';
|
2019-04-18 02:11:23 +00:00
|
|
|
import events from '../events';
|
2016-05-07 18:52:08 +00:00
|
|
|
|
2018-02-18 09:14:51 +00:00
|
|
|
const { authorize } = policy;
|
2016-05-07 18:52:08 +00:00
|
|
|
const router = new Router();
|
|
|
|
|
2017-04-27 04:47:03 +00:00
|
|
|
router.post('collections.create', auth(), async ctx => {
|
2017-10-30 06:22:46 +00:00
|
|
|
const { name, color, description, type } = ctx.body;
|
2019-01-05 21:37:33 +00:00
|
|
|
const isPrivate = ctx.body.private;
|
|
|
|
|
2016-07-22 05:06:30 +00:00
|
|
|
ctx.assertPresent(name, 'name is required');
|
2017-10-30 06:22:46 +00:00
|
|
|
if (color)
|
|
|
|
ctx.assertHexColor(color, 'Invalid hex value (please use format #FFFFFF)');
|
2016-07-22 05:06:30 +00:00
|
|
|
|
|
|
|
const user = ctx.state.user;
|
2018-02-18 19:08:43 +00:00
|
|
|
authorize(user, 'create', Collection);
|
2016-07-22 05:06:30 +00:00
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
const collection = await Collection.create({
|
2016-07-22 05:06:30 +00:00
|
|
|
name,
|
|
|
|
description,
|
2017-10-30 06:22:46 +00:00
|
|
|
color,
|
2016-07-22 05:06:30 +00:00
|
|
|
type: type || 'atlas',
|
|
|
|
teamId: user.teamId,
|
2016-07-26 07:05:10 +00:00
|
|
|
creatorId: user.id,
|
2019-01-05 21:37:33 +00:00
|
|
|
private: isPrivate,
|
2016-07-22 05:06:30 +00:00
|
|
|
});
|
|
|
|
|
2019-04-18 02:11:23 +00:00
|
|
|
events.add({
|
|
|
|
name: 'collections.create',
|
|
|
|
modelId: collection.id,
|
|
|
|
teamId: collection.teamId,
|
|
|
|
actorId: user.id,
|
|
|
|
});
|
|
|
|
|
2016-07-22 05:06:30 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: await presentCollection(collection),
|
2017-08-29 15:37:17 +00:00
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2018-02-18 09:14:51 +00:00
|
|
|
router.post('collections.info', auth(), async ctx => {
|
|
|
|
const { id } = ctx.body;
|
2019-01-05 21:37:33 +00:00
|
|
|
ctx.assertUuid(id, 'id is required');
|
2018-02-18 09:14:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2018-02-18 09:14:51 +00:00
|
|
|
authorize(ctx.state.user, 'read', collection);
|
|
|
|
|
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: await presentCollection(collection),
|
2018-02-18 09:14:51 +00:00
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2019-01-05 21:37:33 +00:00
|
|
|
router.post('collections.add_user', auth(), async ctx => {
|
|
|
|
const { id, userId, permission = 'read_write' } = ctx.body;
|
|
|
|
ctx.assertUuid(id, 'id is required');
|
|
|
|
ctx.assertUuid(userId, 'userId is required');
|
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(ctx.state.user, 'update', collection);
|
|
|
|
|
|
|
|
if (!collection.private) {
|
|
|
|
throw new InvalidRequestError('Collection must be private to add users');
|
|
|
|
}
|
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(ctx.state.user, 'read', user);
|
|
|
|
|
|
|
|
await CollectionUser.create({
|
|
|
|
collectionId: id,
|
|
|
|
userId,
|
|
|
|
permission,
|
|
|
|
createdById: ctx.state.user.id,
|
|
|
|
});
|
|
|
|
|
2019-04-18 02:11:23 +00:00
|
|
|
events.add({
|
|
|
|
name: 'collections.add_user',
|
|
|
|
modelId: userId,
|
|
|
|
collectionId: collection.id,
|
|
|
|
teamId: collection.teamId,
|
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
});
|
|
|
|
|
2019-01-05 21:37:33 +00:00
|
|
|
ctx.body = {
|
|
|
|
success: true,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
router.post('collections.remove_user', auth(), async ctx => {
|
|
|
|
const { id, userId } = ctx.body;
|
|
|
|
ctx.assertUuid(id, 'id is required');
|
|
|
|
ctx.assertUuid(userId, 'userId is required');
|
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(ctx.state.user, 'update', collection);
|
|
|
|
|
|
|
|
if (!collection.private) {
|
|
|
|
throw new InvalidRequestError('Collection must be private to remove users');
|
|
|
|
}
|
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(ctx.state.user, 'read', user);
|
|
|
|
|
|
|
|
await collection.removeUser(user);
|
|
|
|
|
2019-04-18 02:11:23 +00:00
|
|
|
events.add({
|
|
|
|
name: 'collections.remove_user',
|
|
|
|
modelId: userId,
|
|
|
|
collectionId: collection.id,
|
|
|
|
teamId: collection.teamId,
|
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
});
|
|
|
|
|
2019-01-05 21:37:33 +00:00
|
|
|
ctx.body = {
|
|
|
|
success: true,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
router.post('collections.users', auth(), async ctx => {
|
|
|
|
const { id } = ctx.body;
|
|
|
|
ctx.assertUuid(id, 'id is required');
|
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(ctx.state.user, 'read', collection);
|
|
|
|
|
|
|
|
const users = await collection.getUsers();
|
|
|
|
|
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: users.map(presentUser),
|
2019-01-05 21:37:33 +00:00
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2018-06-21 04:33:21 +00:00
|
|
|
router.post('collections.export', auth(), async ctx => {
|
|
|
|
const { id } = ctx.body;
|
2019-01-05 21:37:33 +00:00
|
|
|
ctx.assertUuid(id, 'id is required');
|
2018-06-21 04:33:21 +00:00
|
|
|
|
|
|
|
const user = ctx.state.user;
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2018-06-21 04:33:21 +00:00
|
|
|
authorize(user, 'export', collection);
|
|
|
|
|
|
|
|
// async operation to create zip archive and email user
|
|
|
|
exportCollection(id, user.email);
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
success: true,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
router.post('collections.exportAll', auth(), async ctx => {
|
|
|
|
const user = ctx.state.user;
|
2019-06-23 22:49:45 +00:00
|
|
|
const team = await Team.findByPk(user.teamId);
|
2018-06-21 04:33:21 +00:00
|
|
|
authorize(user, 'export', team);
|
|
|
|
|
|
|
|
// async operation to create zip archive and email user
|
|
|
|
exportCollections(user.teamId, user.email);
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
success: true,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
router.post('collections.update', auth(), async ctx => {
|
2018-11-18 09:13:28 +00:00
|
|
|
const { id, name, description, color } = ctx.body;
|
2019-01-05 21:37:33 +00:00
|
|
|
const isPrivate = ctx.body.private;
|
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
ctx.assertPresent(name, 'name is required');
|
2017-10-30 06:22:46 +00:00
|
|
|
if (color)
|
|
|
|
ctx.assertHexColor(color, 'Invalid hex value (please use format #FFFFFF)');
|
2017-08-29 15:37:17 +00:00
|
|
|
|
2019-01-05 21:37:33 +00:00
|
|
|
const user = ctx.state.user;
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2019-01-05 21:37:33 +00:00
|
|
|
authorize(user, 'update', collection);
|
|
|
|
|
|
|
|
if (isPrivate && !collection.private) {
|
|
|
|
await CollectionUser.findOrCreate({
|
|
|
|
where: {
|
|
|
|
collectionId: collection.id,
|
|
|
|
userId: user.id,
|
|
|
|
},
|
|
|
|
defaults: {
|
|
|
|
permission: 'read_write',
|
|
|
|
createdById: user.id,
|
|
|
|
},
|
|
|
|
});
|
|
|
|
}
|
2018-02-18 09:14:51 +00:00
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
collection.name = name;
|
2018-11-18 09:13:28 +00:00
|
|
|
collection.description = description;
|
2017-10-30 06:22:46 +00:00
|
|
|
collection.color = color;
|
2019-01-05 21:37:33 +00:00
|
|
|
collection.private = isPrivate;
|
2017-08-29 15:37:17 +00:00
|
|
|
await collection.save();
|
|
|
|
|
2019-04-18 02:11:23 +00:00
|
|
|
events.add({
|
|
|
|
name: 'collections.update',
|
|
|
|
modelId: collection.id,
|
|
|
|
teamId: collection.teamId,
|
|
|
|
actorId: user.id,
|
|
|
|
});
|
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: presentCollection(collection),
|
2016-07-22 05:06:30 +00:00
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2017-04-27 04:47:03 +00:00
|
|
|
router.post('collections.list', auth(), pagination(), async ctx => {
|
2016-06-20 07:18:03 +00:00
|
|
|
const user = ctx.state.user;
|
2019-01-05 21:37:33 +00:00
|
|
|
|
|
|
|
const collectionIds = await user.collectionIds();
|
|
|
|
let collections = await Collection.findAll({
|
2016-05-07 18:52:08 +00:00
|
|
|
where: {
|
2016-06-20 07:18:03 +00:00
|
|
|
teamId: user.teamId,
|
2019-01-05 21:37:33 +00:00
|
|
|
id: collectionIds,
|
2016-05-07 18:52:08 +00:00
|
|
|
},
|
2017-04-27 04:47:03 +00:00
|
|
|
order: [['updatedAt', 'DESC']],
|
2016-05-07 18:52:08 +00:00
|
|
|
offset: ctx.state.pagination.offset,
|
|
|
|
limit: ctx.state.pagination.limit,
|
|
|
|
});
|
|
|
|
|
2017-07-07 05:02:55 +00:00
|
|
|
const data = await Promise.all(
|
2019-04-18 02:11:23 +00:00
|
|
|
collections.map(async collection => await presentCollection(collection))
|
2017-04-27 04:47:03 +00:00
|
|
|
);
|
2016-05-20 07:33:52 +00:00
|
|
|
|
2016-05-07 18:52:08 +00:00
|
|
|
ctx.body = {
|
|
|
|
pagination: ctx.state.pagination,
|
2016-07-26 06:01:14 +00:00
|
|
|
data,
|
2016-05-07 18:52:08 +00:00
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
router.post('collections.delete', auth(), async ctx => {
|
|
|
|
const { id } = ctx.body;
|
2019-04-18 02:11:23 +00:00
|
|
|
const user = ctx.state.user;
|
2019-01-05 21:37:33 +00:00
|
|
|
ctx.assertUuid(id, 'id is required');
|
2017-08-29 15:37:17 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const collection = await Collection.findByPk(id);
|
2019-04-18 02:11:23 +00:00
|
|
|
authorize(user, 'delete', collection);
|
2017-08-29 15:37:17 +00:00
|
|
|
|
2018-02-18 09:14:51 +00:00
|
|
|
const total = await Collection.count();
|
2018-02-20 07:31:18 +00:00
|
|
|
if (total === 1) throw new ValidationError('Cannot delete last collection');
|
2017-08-29 15:37:17 +00:00
|
|
|
|
2018-02-20 07:31:18 +00:00
|
|
|
await collection.destroy();
|
2017-08-29 15:37:17 +00:00
|
|
|
|
2019-04-18 02:11:23 +00:00
|
|
|
events.add({
|
|
|
|
name: 'collections.delete',
|
|
|
|
modelId: collection.id,
|
|
|
|
teamId: collection.teamId,
|
|
|
|
actorId: user.id,
|
|
|
|
});
|
|
|
|
|
2017-08-29 15:37:17 +00:00
|
|
|
ctx.body = {
|
|
|
|
success: true,
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
2016-06-22 07:01:57 +00:00
|
|
|
export default router;
|