user: load the resource with middleware
This commit is contained in:
Girish Ramakrishnan
@@ -10,7 +10,9 @@ exports = module.exports = {
|
||||
verifyPassword: verifyPassword,
|
||||
createInvite: createInvite,
|
||||
sendInvite: sendInvite,
|
||||
setGroups: setGroups
|
||||
setGroups: setGroups,
|
||||
|
||||
load: load
|
||||
};
|
||||
|
||||
var assert = require('assert'),
|
||||
@@ -20,6 +22,18 @@ var assert = require('assert'),
|
||||
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
||||
users = require('../users.js');
|
||||
|
||||
function load(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
|
||||
users.get(req.params.userId, function (error, result) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
req.resource = result;
|
||||
|
||||
next();
|
||||
});
|
||||
}
|
||||
|
||||
function create(req, res, next) {
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
|
||||
@@ -42,7 +56,7 @@ function create(req, res, next) {
|
||||
}
|
||||
|
||||
function update(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
|
||||
@@ -54,12 +68,12 @@ function update(req, res, next) {
|
||||
if ('admin' in req.body) {
|
||||
if (typeof req.body.admin !== 'boolean') return next(new HttpError(400, 'admin must be a boolean'));
|
||||
// this route is only allowed for admins, so req.user has to be an admin
|
||||
if (req.user.id === req.params.userId && !req.body.admin) return next(new HttpError(409, 'Cannot remove admin flag on self'));
|
||||
if (req.user.id === req.resource.id && !req.body.admin) return next(new HttpError(409, 'Cannot remove admin flag on self'));
|
||||
}
|
||||
|
||||
if ('active' in req.body && typeof req.body.active !== 'boolean') return next(new HttpError(400, 'active must be a boolean'));
|
||||
|
||||
users.update(req.params.userId, req.body, auditSource.fromRequest(req), function (error) {
|
||||
users.update(req.resource, req.body, auditSource.fromRequest(req), function (error) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
@@ -85,22 +99,18 @@ function list(req, res, next) {
|
||||
}
|
||||
|
||||
function get(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
assert.strictEqual(typeof req.user, 'object');
|
||||
|
||||
users.get(req.params.userId, function (error, result) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, users.removePrivateFields(result)));
|
||||
});
|
||||
next(new HttpSuccess(200, users.removePrivateFields(req.resource)));
|
||||
}
|
||||
|
||||
function remove(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
|
||||
if (req.user.id === req.params.userId) return next(new HttpError(409, 'Not allowed to remove yourself.'));
|
||||
if (req.user.id === req.resource.id) return next(new HttpError(409, 'Not allowed to remove yourself.'));
|
||||
|
||||
users.remove(req.params.userId, auditSource.fromRequest(req), function (error) {
|
||||
users.remove(req.resource, auditSource.fromRequest(req), function (error) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
@@ -122,9 +132,9 @@ function verifyPassword(req, res, next) {
|
||||
}
|
||||
|
||||
function createInvite(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
|
||||
users.createInvite(req.params.userId, function (error, result) {
|
||||
users.createInvite(req.resource, function (error, result) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, result));
|
||||
@@ -132,9 +142,9 @@ function createInvite(req, res, next) {
|
||||
}
|
||||
|
||||
function sendInvite(req, res, next) {
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
|
||||
users.sendInvite(req.params.userId, { invitor: req.user }, function (error) {
|
||||
users.sendInvite(req.resource, { invitor: req.user }, function (error) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(200, { }));
|
||||
@@ -143,11 +153,11 @@ function sendInvite(req, res, next) {
|
||||
|
||||
function setGroups(req, res, next) {
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
|
||||
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
|
||||
|
||||
users.setMembership(req.params.userId, req.body.groupIds, function (error) {
|
||||
users.setMembership(req.resource, req.body.groupIds, function (error) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
@@ -156,11 +166,11 @@ function setGroups(req, res, next) {
|
||||
|
||||
function changePassword(req, res, next) {
|
||||
assert.strictEqual(typeof req.body, 'object');
|
||||
assert.strictEqual(typeof req.params.userId, 'string');
|
||||
assert.strictEqual(typeof req.resource, 'object');
|
||||
|
||||
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
|
||||
|
||||
users.setPassword(req.params.userId, req.body.password, function (error) {
|
||||
users.setPassword(req.resource, req.body.password, function (error) {
|
||||
if (error) return next(BoxError.toHttpError(error));
|
||||
|
||||
next(new HttpSuccess(204));
|
||||
|
||||
Reference in New Issue
Block a user