Refactor to accommodate authentication, transaction and pagination states together (#4636)
* fix: refactor to accommodate authentication, transaction and pagination together into ctx.state * feat: allow passing response type to APIContext
This commit is contained in:
Apoorv Mishra
GitHub
@@ -10,12 +10,13 @@ import {
|
||||
presentUser,
|
||||
presentGroupMembership,
|
||||
} from "@server/presenters";
|
||||
import { APIContext } from "@server/types";
|
||||
import { assertPresent, assertUuid, assertSort } from "@server/validation";
|
||||
import pagination from "./middlewares/pagination";
|
||||
|
||||
const router = new Router();
|
||||
|
||||
router.post("groups.list", auth(), pagination(), async (ctx) => {
|
||||
router.post("groups.list", auth(), pagination(), async (ctx: APIContext) => {
|
||||
let { direction } = ctx.request.body;
|
||||
const { sort = "updatedAt" } = ctx.request.body;
|
||||
if (direction !== "ASC") {
|
||||
@@ -23,7 +24,7 @@ router.post("groups.list", auth(), pagination(), async (ctx) => {
|
||||
}
|
||||
|
||||
assertSort(sort, Group);
|
||||
const { user } = ctx.state;
|
||||
const { user } = ctx.state.auth;
|
||||
const groups = await Group.findAll({
|
||||
where: {
|
||||
teamId: user.teamId,
|
||||
@@ -52,11 +53,11 @@ router.post("groups.list", auth(), pagination(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.info", auth(), async (ctx) => {
|
||||
router.post("groups.info", auth(), async (ctx: APIContext) => {
|
||||
const { id } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const { user } = ctx.state.auth;
|
||||
const group = await Group.findByPk(id);
|
||||
authorize(user, "read", group);
|
||||
|
||||
@@ -66,11 +67,11 @@ router.post("groups.info", auth(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.create", auth(), async (ctx) => {
|
||||
router.post("groups.create", auth(), async (ctx: APIContext) => {
|
||||
const { name } = ctx.request.body;
|
||||
assertPresent(name, "name is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const { user } = ctx.state.auth;
|
||||
authorize(user, "createGroup", user.team);
|
||||
const g = await Group.create({
|
||||
name,
|
||||
@@ -98,12 +99,12 @@ router.post("groups.create", auth(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.update", auth(), async (ctx) => {
|
||||
router.post("groups.update", auth(), async (ctx: APIContext) => {
|
||||
const { id, name } = ctx.request.body;
|
||||
assertPresent(name, "name is required");
|
||||
assertUuid(id, "id is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const { user } = ctx.state.auth;
|
||||
const group = await Group.findByPk(id);
|
||||
authorize(user, "update", group);
|
||||
|
||||
@@ -129,11 +130,11 @@ router.post("groups.update", auth(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.delete", auth(), async (ctx) => {
|
||||
router.post("groups.delete", auth(), async (ctx: APIContext) => {
|
||||
const { id } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const { user } = ctx.state.auth;
|
||||
const group = await Group.findByPk(id);
|
||||
authorize(user, "delete", group);
|
||||
|
||||
@@ -154,61 +155,68 @@ router.post("groups.delete", auth(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.memberships", auth(), pagination(), async (ctx) => {
|
||||
const { id, query } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
router.post(
|
||||
"groups.memberships",
|
||||
auth(),
|
||||
pagination(),
|
||||
async (ctx: APIContext) => {
|
||||
const { id, query } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const group = await Group.findByPk(id);
|
||||
authorize(user, "read", group);
|
||||
let userWhere;
|
||||
const { user } = ctx.state.auth;
|
||||
const group = await Group.findByPk(id);
|
||||
authorize(user, "read", group);
|
||||
let userWhere;
|
||||
|
||||
if (query) {
|
||||
userWhere = {
|
||||
name: {
|
||||
[Op.iLike]: `%${query}%`,
|
||||
if (query) {
|
||||
userWhere = {
|
||||
name: {
|
||||
[Op.iLike]: `%${query}%`,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
const memberships = await GroupUser.findAll({
|
||||
where: {
|
||||
groupId: id,
|
||||
},
|
||||
order: [["createdAt", "DESC"]],
|
||||
offset: ctx.state.pagination.offset,
|
||||
limit: ctx.state.pagination.limit,
|
||||
include: [
|
||||
{
|
||||
model: User,
|
||||
as: "user",
|
||||
where: userWhere,
|
||||
required: true,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
pagination: ctx.state.pagination,
|
||||
data: {
|
||||
groupMemberships: memberships.map((membership) =>
|
||||
presentGroupMembership(membership, { includeUser: true })
|
||||
),
|
||||
users: memberships.map((membership) => presentUser(membership.user)),
|
||||
},
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
const memberships = await GroupUser.findAll({
|
||||
where: {
|
||||
groupId: id,
|
||||
},
|
||||
order: [["createdAt", "DESC"]],
|
||||
offset: ctx.state.pagination.offset,
|
||||
limit: ctx.state.pagination.limit,
|
||||
include: [
|
||||
{
|
||||
model: User,
|
||||
as: "user",
|
||||
where: userWhere,
|
||||
required: true,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
ctx.body = {
|
||||
pagination: ctx.state.pagination,
|
||||
data: {
|
||||
groupMemberships: memberships.map((membership) =>
|
||||
presentGroupMembership(membership, { includeUser: true })
|
||||
),
|
||||
users: memberships.map((membership) => presentUser(membership.user)),
|
||||
},
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.add_user", auth(), async (ctx) => {
|
||||
router.post("groups.add_user", auth(), async (ctx: APIContext) => {
|
||||
const { id, userId } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
assertUuid(userId, "userId is required");
|
||||
|
||||
const actor = ctx.state.auth.user;
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "read", user);
|
||||
authorize(actor, "read", user);
|
||||
|
||||
let group = await Group.findByPk(id);
|
||||
authorize(ctx.state.user, "update", group);
|
||||
authorize(actor, "update", group);
|
||||
|
||||
let membership = await GroupUser.findOne({
|
||||
where: {
|
||||
@@ -220,7 +228,7 @@ router.post("groups.add_user", auth(), async (ctx) => {
|
||||
if (!membership) {
|
||||
await group.$add("user", user, {
|
||||
through: {
|
||||
createdById: ctx.state.user.id,
|
||||
createdById: actor.id,
|
||||
},
|
||||
});
|
||||
// reload to get default scope
|
||||
@@ -240,7 +248,7 @@ router.post("groups.add_user", auth(), async (ctx) => {
|
||||
userId,
|
||||
teamId: user.teamId,
|
||||
modelId: group.id,
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
data: {
|
||||
name: user.name,
|
||||
},
|
||||
@@ -259,16 +267,18 @@ router.post("groups.add_user", auth(), async (ctx) => {
|
||||
};
|
||||
});
|
||||
|
||||
router.post("groups.remove_user", auth(), async (ctx) => {
|
||||
router.post("groups.remove_user", auth(), async (ctx: APIContext) => {
|
||||
const { id, userId } = ctx.request.body;
|
||||
assertUuid(id, "id is required");
|
||||
assertUuid(userId, "userId is required");
|
||||
|
||||
const actor = ctx.state.auth.user;
|
||||
|
||||
let group = await Group.findByPk(id);
|
||||
authorize(ctx.state.user, "update", group);
|
||||
authorize(actor, "update", group);
|
||||
|
||||
const user = await User.findByPk(userId);
|
||||
authorize(ctx.state.user, "read", user);
|
||||
authorize(actor, "read", user);
|
||||
|
||||
await group.$remove("user", user);
|
||||
await Event.create({
|
||||
@@ -276,7 +286,7 @@ router.post("groups.remove_user", auth(), async (ctx) => {
|
||||
userId,
|
||||
modelId: group.id,
|
||||
teamId: user.teamId,
|
||||
actorId: ctx.state.user.id,
|
||||
actorId: actor.id,
|
||||
data: {
|
||||
name: user.name,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user