egutierrez/linkwarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

critical bug fixed + improvements

Browse Source
This commit is contained in:
Daniel
2023-06-25 01:24:35 +03:30
parent fa71d9ba86
commit 0ddd9079bf
13 changed files with 167 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/api/controllers/collections/deleteCollection.ts
+6 -2
View File
@@ -1,6 +1,6 @@
import { prisma } from "@/lib/api/db";
import getPermission from "@/lib/api/getPermission";
import { UsersAndCollections } from "@prisma/client";
import { Collection, UsersAndCollections } from "@prisma/client";
import fs from "fs";
export default async function deleteCollection(
@@ -12,7 +12,11 @@ export default async function deleteCollection(
if (!collectionId)
return { response: "Please choose a valid collection.", status: 401 };
const collectionIsAccessible = await getPermission(userId, collectionId);
const collectionIsAccessible = (await getPermission(userId, collectionId)) as
| (Collection & {
members: UsersAndCollections[];
})
| null;
const memberHasAccess = collectionIsAccessible?.members.some(
(e: UsersAndCollections) => e.userId === userId
lib/api/controllers/collections/updateCollection.ts
+9 -1
View File
@@ -1,6 +1,7 @@
import { prisma } from "@/lib/api/db";
import { CollectionIncludingMembersAndLinkCount } from "@/types/global";
import getPermission from "@/lib/api/getPermission";
import { Collection, UsersAndCollections } from "@prisma/client";
export default async function updateCollection(
collection: CollectionIncludingMembersAndLinkCount,
@@ -9,7 +10,14 @@ export default async function updateCollection(
if (!collection.id)
return { response: "Please choose a valid collection.", status: 401 };
const collectionIsAccessible = await getPermission(userId, collection.id);
const collectionIsAccessible = (await getPermission(
userId,
collection.id
)) as
| (Collection & {
members: UsersAndCollections[];
})
| null;
if (!(collectionIsAccessible?.ownerId === userId))
return { response: "Collection is not accessible.", status: 401 };
lib/api/controllers/links/deleteLink.ts
+9 -2
View File
@@ -1,7 +1,7 @@
import { prisma } from "@/lib/api/db";
import { LinkIncludingShortenedCollectionAndTags } from "@/types/global";
import fs from "fs";
import { Link, UsersAndCollections } from "@prisma/client";
import { Collection, Link, UsersAndCollections } from "@prisma/client";
import getPermission from "@/lib/api/getPermission";
export default async function deleteLink(
@@ -11,7 +11,14 @@ export default async function deleteLink(
if (!link || !link.collectionId)
return { response: "Please choose a valid link.", status: 401 };
const collectionIsAccessible = await getPermission(userId, link.collectionId);
const collectionIsAccessible = (await getPermission(
userId,
link.collectionId
)) as
| (Collection & {
members: UsersAndCollections[];
})
| null;
const memberHasAccess = collectionIsAccessible?.members.some(
(e: UsersAndCollections) => e.userId === userId && e.canDelete
lib/api/controllers/links/postLink.ts
+9 -5
View File
@@ -2,7 +2,7 @@ import { prisma } from "@/lib/api/db";
import { LinkIncludingShortenedCollectionAndTags } from "@/types/global";
import getTitle from "../../getTitle";
import archive from "../../archive";
import { Link, UsersAndCollections } from "@prisma/client";
import { Collection, Link, UsersAndCollections } from "@prisma/client";
import getPermission from "@/lib/api/getPermission";
import { existsSync, mkdirSync } from "fs";
@@ -13,16 +13,20 @@ export default async function postLink(
link.collection.name = link.collection.name.trim();
if (!link.name) {
return { response: "Please enter a valid name for the link.", status: 401 };
return { response: "Please enter a valid name for the link.", status: 400 };
} else if (!link.collection.name) {
return { response: "Please enter a valid collection name.", status: 401 };
return { response: "Please enter a valid collection.", status: 400 };
}
if (link.collection.id) {
const collectionIsAccessible = await getPermission(
const collectionIsAccessible = (await getPermission(
userId,
link.collection.id
);
)) as
| (Collection & {
members: UsersAndCollections[];
})
| null;
const memberHasAccess = collectionIsAccessible?.members.some(
(e: UsersAndCollections) => e.userId === userId && e.canCreate
lib/api/controllers/links/updateLink.ts
+84 -65
View File
@@ -1,84 +1,103 @@
import { prisma } from "@/lib/api/db";
import { LinkIncludingShortenedCollectionAndTags } from "@/types/global";
import { UsersAndCollections } from "@prisma/client";
import { Collection, Link, UsersAndCollections } from "@prisma/client";
import getPermission from "@/lib/api/getPermission";
export default async function updateLink(
link: LinkIncludingShortenedCollectionAndTags,
userId: number
) {
if (!link) return { response: "Please choose a valid link.", status: 401 };
if (!link || !link.collection.id)
return {
response: "Please choose a valid link and collection.",
status: 401,
};
if (link.collection.id) {
const collectionIsAccessible = await getPermission(
userId,
link.collection.id
);
const targetLink = (await getPermission(
userId,
link.collection.id,
link.id
)) as
| (Link & {
collection: Collection & {
members: UsersAndCollections[];
};
})
| null;
const memberHasAccess = collectionIsAccessible?.members.some(
(e: UsersAndCollections) => e.userId === userId && e.canCreate
);
const memberHasAccess = targetLink?.collection.members.some(
(e: UsersAndCollections) => e.userId === userId && e.canUpdate
);
if (!(collectionIsAccessible?.ownerId === userId || memberHasAccess))
return { response: "Collection is not accessible.", status: 401 };
} else {
link.collection.ownerId = userId;
}
const isCollectionOwner =
targetLink?.collection.ownerId === link.collection.ownerId &&
link.collection.ownerId === userId &&
targetLink?.collection.ownerId === userId;
const updatedLink = await prisma.link.update({
where: {
id: link.id,
},
data: {
name: link.name,
description: link.description,
collection: {
connectOrCreate: {
where: {
name_ownerId: {
ownerId: link.collection.ownerId,
name: link.collection.name,
},
},
create: {
name: link.collection.name,
ownerId: userId,
},
},
// Makes sure collection members (non-owners) cannot move a link to/from a collection.
if (!isCollectionOwner)
return {
response: "You can't move a link to/from a collection you don't own.",
status: 401,
};
else if (targetLink?.collection.ownerId !== userId && !memberHasAccess)
return {
response: "Collection is not accessible.",
status: 401,
};
else {
const updatedLink = await prisma.link.update({
where: {
id: link.id,
},
tags: {
set: [],
connectOrCreate: link.tags.map((tag) => ({
where: {
name_ownerId: {
name: tag.name,
ownerId: link.collection.ownerId,
},
},
create: {
name: tag.name,
owner: {
connect: {
id: link.collection.ownerId,
data: {
name: link.name,
description: link.description,
collection:
targetLink?.collection.ownerId === link.collection.ownerId &&
link.collection.ownerId === userId
? {
connect: {
id: link.collection.id,
},
}
: undefined,
tags: {
set: [],
connectOrCreate: link.tags.map((tag) => ({
where: {
name_ownerId: {
name: tag.name,
ownerId: link.collection.ownerId,
},
},
},
})),
create: {
name: tag.name,
owner: {
connect: {
id: link.collection.ownerId,
},
},
},
})),
},
pinnedBy:
link?.pinnedBy && link.pinnedBy[0]
? { connect: { id: userId } }
: { disconnect: { id: userId } },
},
pinnedBy:
link?.pinnedBy && link.pinnedBy[0]
? { connect: { id: userId } }
: { disconnect: { id: userId } },
},
include: {
tags: true,
collection: true,
pinnedBy: {
where: { id: userId },
select: { id: true },
include: {
tags: true,
collection: true,
pinnedBy: isCollectionOwner
? {
where: { id: userId },
select: { id: true },
}
: undefined,
},
},
});
});
return { response: updatedLink, status: 200 };
return { response: updatedLink, status: 200 };
}
}