vor 1 Jahr · b05d2c816c
--- a/model/access.js
+++ b/model/access.js
@@ -14,7 +14,8 @@ const ACCESS_TO = {
 
				     item: 1,
			
 
				     tag: 2,
			
 
				     meta: 3,
			
 
				-    everything: 4
			
 
				+    everything: 4,
			
 
				+    admin: 5
			
 
				 };
			
 
				 
			
 
				 const ACCESS_GRANT = {
			
--- a/router/api.js
+++ b/router/api.js
@@ -6,7 +6,7 @@ const Security = require('../src/security.js');
 
				 const MediaService = require('../model/mediaService.js');
			
 
				 const MediaFileMetaModel = require('../model/mediaItemMeta.js').MediaFileMetaModel;
			
 
				 const MediaFileTagModel = require('../model/mediaItemTag.js').MediaFileTagModel;
			
 
				-const { AccessModel, ACCESS_TYPE, ACCESS_GRANT } = require('../model/access.js');
			
 
				+const { AccessModel, ACCESS_TYPE, ACCESS_GRANT, ACCESS_TO } = require('../model/access.js');
			
 
				 
			
 
				 function MediaToJson(mediaData) {
			
 
				     if (!mediaData)
			
@@ -37,18 +37,25 @@ module.exports = { register: app => {
 
				             return app.routerUtils.httpResponse(res, 400, "Missing argument");
			
 
				         try {
			
 
				             for (let i of JSON.parse(req.post.linkIds)) {
			
 
				-                if (await app.databaseHelper.findOne(AccessModel, { type: ACCESS_TYPE.link, typeData: i }))
			
 
				-                    Security.addLinkToSession(req, i);
			
 
				+                const access = await app.databaseHelper.findOne(AccessModel, { type: ACCESS_TYPE.link, typeData: i });
			
 
				+                if (access) {
			
 
				+                    Security.addLinkToSession(req, access.id, i);
			
 
				+                    if (access.accessTo == ACCESS_TO.admin)
			
 
				+                        Security.setAdmin(req, true);
			
 
				+                }
			
 
				             }
			
 
				         }
			
 
				         catch (err) {
			
 
				+            console.error(err);
			
 
				             return app.routerUtils.onBadRequest(res);
			
 
				         }
			
 
				         app.routerUtils.jsonResponse(res, req.sessionObj.accessList);
			
 
				     });
			
 
				-    app.router.del("/api/access/:id", (req, res) => {
			
 
				+    app.router.del("/api/access/:id", async (req, res) => {
			
 
				         app.routerUtils.onApiRequest(req, res);
			
 
				-        const result = Security.removeFromSession(req, req.params.id);
			
 
				+        Security.removeFromSession(req, req.params.id);
			
 
				+        const access = await app.databaseHelper.fetch(AccessModel, { id: Object.keys(req.sessionObj.accessList).map(i => req.sessionObj.accessList[i]).filter(x => x.dbId).map(x => x.dbId), accessTo: ACCESS_TO.admin });
			
 
				+        const result = Security.setAdmin(req, !!(access?.length || 0));
			
 
				         app.routerUtils.jsonResponse(res, result);
			
 
				     });
			
 
				     app.router.post("/api/media/:id/tag/del/:tag", async (req, res) => {
			
--- a/src/library.js
+++ b/src/library.js
@@ -5,7 +5,7 @@ const md5Stats = require('craftlabhttpserver/src/md5sum').stats;
 
				 const md5String = require('craftlabhttpserver/src/md5sum.js').string;
			
 
				 const FileTypeManager = require('./fileTypeManager.js');
			
 
				 
			
 
				-const { ACCESS_TO, AccessModel } = require("../model/access.js");
			
 
				+const { AccessModel } = require("../model/access.js");
			
 
				 const CreateConfigLoader = require('../model/configModel.js').ConfigLoader;
			
 
				 const MediaFileModel = require("../model/mediaItem.js").MediaFileModel;
			
 
				 const MediaFileMetaModel = require("../model/mediaItemMeta.js").MediaFileMetaModel;
			
--- a/src/security.js
+++ b/src/security.js
@@ -12,6 +12,7 @@ function getAccessList(cookieObject) {
 
				 }
			
 
				 
			
 
				 function Access() {
			
 
				+    this.dbId = "";
			
 
				 }
			
 
				 Access.prototype.id = function() { return ""; }
			
 
				 
			
@@ -43,11 +44,19 @@ module.exports.createSession = req => {
 
				     req.cookies[module.exports.SESSION_COOKIE] = sessionKey;
			
 
				     return { key: sessionKey, data: sessionInfos.data };
			
 
				 };
			
 
				-module.exports.addLinkToSession = (req, linkId) => {
			
 
				+module.exports.setAdmin = (req, val) => {
			
 
				+    let session = module.exports.getSessionObj(req.cookies);
			
 
				+    if (!session)
			
 
				+        return;
			
 
				+    session.accessList.isAdmin = val;
			
 
				+    return session.accessList;
			
 
				+};
			
 
				+module.exports.addLinkToSession = (req, dbId, linkId) => {
			
 
				     let session = module.exports.getSessionObj(req.cookies);
			
 
				     if (!session)
			
 
				         return;
			
 
				     let accessItem = new LinkAccess(linkId);
			
 
				+    accessItem.dbId = dbId;
			
 
				     session.accessList[accessItem.id()] = accessItem;
			
 
				     return session.accessList;
			
 
				 };
			
--- a/static/public/js/uiAccess.js
+++ b/static/public/js/uiAccess.js
@@ -73,6 +73,7 @@ window.ReloadAccessList = function(accessList) {
 
				     let items = rootNode.querySelectorAll("li.accessItem");
			
 
				     for (let i =0; i < items.length; ++i)
			
 
				         items[i].remove();
			
 
				+    delete accessList.isAdmin;
			
 
				     if (Object.keys(accessList||{}).length) {
			
 
				         let li = document.createElement("li");
			
 
				         li.classList.add("accessItem");