coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2022-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
24d328c4b712097200740eed41318d0017386345
outline/server/api/views.js
Tom Moor 83f32be6f7 Add missing authorization on views endpoints 
Updated ApiKeys authorization to match elsewhere
2018-02-18 10:56:56 -08:00

57 lines
1.2 KiB
JavaScript
Raw Blame History

// @flow
import Router from 'koa-router';
import auth from './middlewares/authentication';
import { presentView } from '../presenters';
import { View, Document } from '../models';
import policy from '../policies';
const { authorize } = policy;
const router = new Router();
router.post('views.list', auth(), async ctx => {
const { id } = ctx.body;
ctx.assertPresent(id, 'id is required');
const user = ctx.state.user;
const document = await Document.findById(id);
authorize(user, 'read', document);
const views = await View.findAll({
where: { documentId: id },
order: [['updatedAt', 'DESC']],
});
let users = [];
let count = 0;
await Promise.all(
views.map(async view => {
count = view.count;
return users.push(await presentView(ctx, view));
})
);
ctx.body = {
data: {
users,
count,
},
};
});
router.post('views.create', auth(), async ctx => {
const { id } = ctx.body;
ctx.assertPresent(id, 'id is required');
const user = ctx.state.user;
const document = await Document.findById(id);
authorize(user, 'read', document);
await View.increment({ documentId: document.id, userId: user.id });
ctx.body = {
success: true,
};
});
export default router;
Reference in New Issue View Git Blame Copy Permalink