Added delete endpoint
This commit is contained in:
Tom Moor
@@ -61,4 +61,18 @@ router.post('shares.create', auth(), async ctx => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post('shares.delete', auth(), async ctx => {
|
||||
const { id } = ctx.body;
|
||||
ctx.assertPresent(id, 'id is required');
|
||||
|
||||
const share = await Share.findById(id);
|
||||
authorize(ctx.state.user, 'delete', share);
|
||||
|
||||
await share.destroy();
|
||||
|
||||
ctx.body = {
|
||||
success: true,
|
||||
};
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
import TestServer from 'fetch-test-server';
|
||||
import app from '..';
|
||||
import { flushdb, seed } from '../test/support';
|
||||
import { buildUser } from '../test/factories';
|
||||
import { buildUser, buildShare } from '../test/factories';
|
||||
|
||||
const server = new TestServer(app.callback());
|
||||
|
||||
@@ -11,11 +11,20 @@ afterAll(server.close);
|
||||
|
||||
describe('#shares.list', async () => {
|
||||
it('should return a list of shares', async () => {
|
||||
const { user } = await seed();
|
||||
const { user, document } = await seed();
|
||||
const share = await buildShare({
|
||||
documentId: document.id,
|
||||
teamId: user.teamId,
|
||||
});
|
||||
const res = await server.post('/api/shares.list', {
|
||||
body: { token: user.getJwtToken() },
|
||||
});
|
||||
const body = await res.json();
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
expect(body.data.length).toEqual(1);
|
||||
expect(body.data[0].id).toEqual(share.id);
|
||||
expect(body.data[0].documentTitle).toBe(document.title);
|
||||
});
|
||||
|
||||
it('should require authentication', async () => {
|
||||
|
||||
@@ -4,6 +4,7 @@ import './apiKey';
|
||||
import './collection';
|
||||
import './document';
|
||||
import './integration';
|
||||
import './share';
|
||||
import './user';
|
||||
|
||||
export default policy;
|
||||
|
||||
15
server/policies/share.js
Normal file
15
server/policies/share.js
Normal file
@@ -0,0 +1,15 @@
|
||||
// @flow
|
||||
import policy from './policy';
|
||||
import { Share, User } from '../models';
|
||||
import { AdminRequiredError } from '../errors';
|
||||
|
||||
const { allow } = policy;
|
||||
|
||||
allow(User, ['read'], Share, (user, share) => user.teamId === share.teamId);
|
||||
allow(User, ['update'], Share, (user, share) => false);
|
||||
allow(User, ['delete'], Share, (user, share) => {
|
||||
if (!share || user.teamId !== share.teamId) return false;
|
||||
if (user.id === share.userId) return false;
|
||||
if (user.isAdmin) return true;
|
||||
throw new AdminRequiredError();
|
||||
});
|
||||
@@ -1,9 +1,22 @@
|
||||
// @flow
|
||||
import { Team, User } from '../models';
|
||||
import { Share, Team, User } from '../models';
|
||||
import uuid from 'uuid';
|
||||
|
||||
let count = 0;
|
||||
|
||||
export async function buildShare(overrides: Object = {}) {
|
||||
if (!overrides.teamId) {
|
||||
const team = await buildTeam();
|
||||
overrides.teamId = team.id;
|
||||
}
|
||||
if (!overrides.userId) {
|
||||
const user = await buildUser({ teamId: overrides.teamId });
|
||||
overrides.userId = user.id;
|
||||
}
|
||||
|
||||
return Share.create(overrides);
|
||||
}
|
||||
|
||||
export function buildTeam(overrides: Object = {}) {
|
||||
count++;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user