Refs #24 Update and Revoke user right

router/api.js

@@ -19,6 +19,20 @@ function MediaToJson(mediaData) {
     return mediaData;
 }
 
+function accessToJson(access) {
+    const typeStr = [ "unknown", "ldapAccount", "email", "link", "every one" ][access.type];
+    const accessToStr = [ "unknown", "item", "tag", "meta", "everything", "admin"][access.accessTo];
+    const grantStr = [ "none", "read", "write", "read without meta"][access.grant];
+    return {
+        id: access.id,
+        type: typeStr,
+        typeData: access.typeData,
+        accessTo: accessToStr,
+        accessToData: access.accessToData,
+        grant: grantStr
+    };
+}
+
 module.exports = { register: app => {
     app.router.post("/api/database/reload", (req, res) => {
         app.routerUtils.onApiRequest(req, res);
@@ -58,24 +72,47 @@ module.exports = { register: app => {
         const result = Security.setAdmin(req, !!(access?.length || 0));
         app.routerUtils.jsonResponse(res, result);
     });
+    app.router.post("/api/accessAdmin/create", async (req, res) => {
+        app.routerUtils.onApiRequest(req, res);
+        if (!req.sessionObj?.accessList?.isAdmin || !req.body)
+            return app.routerUtils.onBadRequest(res);
+        // FIXME
+        console.log(req.body);
+        app.routerUtils.jsonResponse(res, {});
+    });
+    app.router.del("/api/accessAdmin/:id", async (req, res) => {
+        app.routerUtils.onApiRequest(req, res);
+        if (!req.sessionObj?.accessList?.isAdmin || !req.params.id)
+            return app.routerUtils.onBadRequest(res);
+        app.databaseHelper.remove(AccessModel, { id: parseInt(req.params.id) });
+        app.routerUtils.jsonResponse(res, {});
+    });
+    app.router.post("/api/accessAdmin/:id", async (req, res) => {
+        app.routerUtils.onApiRequest(req, res);
+        if (!req.sessionObj?.accessList?.isAdmin || !req.params.id || !req.body)
+            return app.routerUtils.onBadRequest(res);
+        const access = (await app.databaseHelper.fetch(AccessModel, { id: parseInt(req.params.id) }))?.[0];
+        if (!access)
+            return app.routerUtils.onBadRequest(res);
+        access.type = parseInt(req.body.typeId);
+        access.typeData = req.body.typeData;
+        access.accessTo = parseInt(req.body.accessToId);
+        access.accessToData = req.body.accessToData;
+        access.grant = parseInt(req.body.grant);
+        try {
+            app.databaseHelper.upsertOne(access);
+        }
+        catch (err) {
+            console.error(err);
+            return app.routerUtils.onBadRequest(res);
+        }
+        app.routerUtils.jsonResponse(res, accessToJson(access));
+    });
     app.router.get("/api/accessAdmin/list", async (req, res) => {
         app.routerUtils.onApiRequest(req, res);
         if (!req.sessionObj?.accessList?.isAdmin)
             return app.routerUtils.onBadRequest(res);
-        const access = await app.databaseHelper.fetch(AccessModel);
-        app.routerUtils.jsonResponse(res, access.map(i => {
-            const typeStr = [ "unknown", "ldapAccount", "email", "link", "every one" ][i.type];
-            const accessToStr = [ "unknown", "item", "tag", "meta", "everything", "admin"][i.accessTo];
-            const grantStr = [ "none", "read", "write", "read without meta"][i.grant];
-            return {
-                id: i.id,
-                type: typeStr,
-                typeData: i.typeData,
-                accessTo: accessToStr,
-                accessToData: i.accessToData,
-                grant: grantStr
-            };
-        }));
+        app.routerUtils.jsonResponse(res, (await app.databaseHelper.fetch(AccessModel)).map(accessToJson));
     });
     app.router.post("/api/media/:id/tag/del/:tag", async (req, res) => {
         app.routerUtils.onApiRequest(req, res);
@@ -124,7 +161,13 @@ module.exports = { register: app => {
         await Promise.all(data.map(x => MediaService.updateVersionInDb(app, x.fixedSum)));
 
         let tag = data.map(x => new MediaFileTagModel(x.fixedSum, requestedTag, false));
-        await app.databaseHelper.insertMultipleSameTable(tag);
+        try {
+            await app.databaseHelper.insertMultipleSameTable(tag);
+        }
+        catch (err) {
+            console.error(err);
+            return app.routerUtils.onBadRequest(res);
+        }
         const allMedias = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
         app.routerUtils.jsonResponse(res, Object.keys(allMedias).map(x => allMedias[x]).map(x => MediaToJson(x)));
     });
@@ -151,7 +194,13 @@ module.exports = { register: app => {
         } else {
             let newMediaItemMedia = data.map(x => new MediaFileMetaModel(x.fixedSum, req.params.key, req.body.value, false));
             await app.databaseHelper.remove(MediaFileMetaModel, { md5sum: data.map(x => x.fixedSum), key: req.params.key, fromFile: 0 });
-            await app.databaseHelper.insertMultipleSameTable(newMediaItemMedia);
+            try {
+                await app.databaseHelper.insertMultipleSameTable(newMediaItemMedia);
+            }
+            catch (err) {
+                console.error(err);
+                return app.routerUtils.onBadRequest(res);
+            }
         }
         const allMedias = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList);
         app.routerUtils.jsonResponse(res, Object.keys(allMedias).map(x => allMedias[x]).map(x => MediaToJson(x)));

static/public/js/uiShare.js

@@ -58,11 +58,30 @@ function getData() {
 }
 
 function updateData(data) {
-    console.log("request to update", data.objectify());
+    return new Promise(ok => {
+        $.ajax({
+            url: `/api/accessAdmin/${data.dbId}`,
+            type: "POST",
+            data: data,
+            success: allData => {
+                ok(true);
+            },
+            error: err => ok(false),
+        });
+    });
 }
 
 function revokeData(dbId) {
-    console.log("Request to revoke", dbId);
+    return new Promise(ok => {
+        $.ajax({
+            url: `/api/accessAdmin/${dbId}`,
+            type: "DELETE",
+            success: allData => {
+                ok(true);
+            },
+            error: err => ok(false),
+        });
+    });
 }
 
 async function buildTypeDepandentDiv(htmlElement, data) {
@@ -88,9 +107,9 @@ async function buildTypeDepandentDiv(htmlElement, data) {
         htmlElement.appendChild(input);
     }
     if (htmlElement.children.length) {
-        input.addEventListener("change", () => {
+        input.addEventListener("change", async () => {
             data.accessToData = input.value;
-            updateData(data);
+            await updateData(data);
         });
     }
 }
@@ -139,7 +158,7 @@ async function buildShareItem(data) {
             let li = document.createElement("li");
             let a = document.createElement("a");
             a.className = "dropdown-item bi";
-            if (i === data.grant)
+            if (i === data.accessToId)
                 a.classList.add("active");
             a.href="#";
             a.classList.add(TYPE_ICON[i]);
@@ -162,7 +181,7 @@ async function buildShareItem(data) {
                 else
                     grantDiv.classList.remove("hidden");
                 await buildTypeDepandentDiv(typeDepandentDiv, dbData[dataIdx]);
-                updateData(dbData[dataIdx]);
+                await updateData(dbData[dataIdx]);
             });
             li.appendChild(a);
             dropdownMenu.appendChild(li);
@@ -211,7 +230,7 @@ async function buildShareItem(data) {
             dropdownMenu.classList.remove("show");
             dropdownMenu.querySelectorAll(".active").forEach(i => i.classList.remove("active"));
             a.classList.add("active");
-            updateData(dbData[dataIdx]);
+            await updateData(dbData[dataIdx]);
         });
         li.appendChild(a);
         dropdownMenu.appendChild(li);
@@ -229,8 +248,12 @@ async function buildShareItem(data) {
     deleteButton.textContent = "Revoke";
     deleteButtonRow.appendChild(deleteButtonDiv);
     deleteButtonDiv.appendChild(deleteButton);
-    deleteButton.addEventListener("click", () => {
-        revokeData(data.dbId);
+    deleteButton.addEventListener("click", async () => {
+        revokeData(data.dbId).then(success => {
+            if (success) {
+                container.remove();
+            }
+        });
     });
 
     header.appendChild(headerButton);