mirror of
https://github.com/filecoin-project/slate.git
synced 2024-12-25 01:52:45 +03:00
fixed check is owner bug
This commit is contained in:
parent
baebf96481
commit
c28b532179
@ -47,6 +47,7 @@ export const error = {
|
||||
|
||||
//File delete
|
||||
SERVER_REMOVE_DATA_NO_IDS: "The file to delete was not specified",
|
||||
SERVER_REMOVE_DATA_NOT_ALLOWED: "You are not the owner of those files",
|
||||
|
||||
//Save copy
|
||||
SERVER_SAVE_COPY_NO_CIDS: "The file to save was not specified",
|
||||
@ -91,6 +92,7 @@ export const error = {
|
||||
"We're having difficulty locating that collection. It may have already been deleted",
|
||||
SERVER_DELETE_SLATE_FAILED:
|
||||
"We're having trouble deleting that collection right now, please try again later",
|
||||
SERVER_DELETE_SLATE_NOT_ALLOWED: "You are not the owner of that slate",
|
||||
|
||||
//Get slate
|
||||
SERVER_GET_SERIALIZED_SLATE_SLATE_NOT_FOUND:
|
||||
@ -119,6 +121,7 @@ export const error = {
|
||||
"You already have a collection with that name. Collection names must be unique",
|
||||
SERVER_UPDATE_SLATE_FAILED: "We are having trouble updating that collection right now",
|
||||
SERVER_UPDATE_SLATE_MAX_BODY_LENGTH: "Descriptions can be a maximum of 2000 characters",
|
||||
SERVER_UPDATE_SLATE_NOT_ALLOWED: "You are not the owner of that slate",
|
||||
|
||||
//Create user
|
||||
SERVER_CREATE_USER_NOT_ALLOWED: "You can only create users while on slate.host",
|
||||
|
@ -166,7 +166,7 @@ export const deleteFiles = async (fileIds = [], noAlert) => {
|
||||
return false;
|
||||
}
|
||||
|
||||
Events.dispatchMessage({ message: "Files successfully deleted!", status: "INFO" });
|
||||
Events.dispatchMessage({ message: "Successfully deleted!", status: "INFO" });
|
||||
|
||||
return response;
|
||||
}
|
||||
|
@ -76,7 +76,13 @@ export default async (req, res) => {
|
||||
}
|
||||
|
||||
// NOTE(martina): get the cids of the corresponding coverImages that are to be deleted
|
||||
const objects = await Data.getFilesByIds({ ids });
|
||||
let objects = await Data.getFilesByIds({ ids });
|
||||
objects = objects.filter((file) => file.ownerId === id);
|
||||
|
||||
if (!objects.length) {
|
||||
return res.status(400).send({ decorator: "SERVER_REMOVE_DATA_NOT_ALLOWED", error: true });
|
||||
}
|
||||
ids = objects.map((file) => file.id);
|
||||
const files = Arrays.filterFiles(objects);
|
||||
let cids = Arrays.mapToCids(files);
|
||||
let coverImageCids = [];
|
||||
@ -131,6 +137,18 @@ export default async (req, res) => {
|
||||
}
|
||||
}
|
||||
|
||||
await Data.deleteFilesByIds({ ownerId: id, ids });
|
||||
|
||||
SearchManager.updateFile(files, "REMOVE");
|
||||
|
||||
ViewerManager.hydratePartial(id, { slates: true, library: true });
|
||||
|
||||
res.status(200).send({
|
||||
decorator: "SERVER_REMOVE_DATA",
|
||||
success: true,
|
||||
bucketItems: items,
|
||||
});
|
||||
|
||||
if (entities.length) {
|
||||
for (let entity of entities) {
|
||||
try {
|
||||
@ -150,16 +168,4 @@ export default async (req, res) => {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
await Data.deleteFilesByIds({ ownerId: id, ids });
|
||||
|
||||
SearchManager.updateFile(files, "REMOVE");
|
||||
|
||||
ViewerManager.hydratePartial(id, { slates: true, library: true });
|
||||
|
||||
return res.status(200).send({
|
||||
decorator: "SERVER_REMOVE_DATA",
|
||||
success: true,
|
||||
bucketItems: items,
|
||||
});
|
||||
};
|
||||
|
@ -14,6 +14,11 @@ export default async (req, res) => {
|
||||
}
|
||||
|
||||
let updates = Array.isArray(req.body.data) ? req.body.data : [req.body.data];
|
||||
let currentFiles = await Data.getFilesByIds({ ids: updates.map((file) => file.id) });
|
||||
let idsToRemove = currentFiles.filter((file) => file.ownerId !== id).map((file) => file.id);
|
||||
if (idsToRemove.length) {
|
||||
updates = updates.filter((file) => !idsToRemove.includes(file.id));
|
||||
}
|
||||
|
||||
let responses = [];
|
||||
for (let update of updates) {
|
||||
|
@ -20,6 +20,10 @@ export default async (req, res) => {
|
||||
return res.status(500).send({ decorator: "SERVER_DELETE_SLATE_SLATE_NOT_FOUND", error: true });
|
||||
}
|
||||
|
||||
if (slate.ownerId !== id) {
|
||||
return res.status(403).send({ decorator: "SERVER_DELETE_SLATE_NOT_ALLOWED", error: true });
|
||||
}
|
||||
|
||||
const deleteResponse = await Data.deleteSlateById({ id: slate.id });
|
||||
|
||||
if (!deleteResponse) {
|
||||
|
@ -30,6 +30,10 @@ export default async (req, res) => {
|
||||
return res.status(500).send({ decorator: "SERVER_UPDATE_SLATE_NOT_FOUND", error: true });
|
||||
}
|
||||
|
||||
if (slate.ownerId !== id) {
|
||||
return res.status(403).send({ decorator: "SERVER_UPDATE_SLATE_NOT_ALLOWED", error: true });
|
||||
}
|
||||
|
||||
if (updates.body && updates.body.length > 2000) {
|
||||
return res.status(400).send({ decorator: "SERVER_UPDATE_SLATE_MAX_BODY_LENGTH", error: true });
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user