|
|
|
@ -3,6 +3,7 @@ const bodyParser = require('body-parser')
|
|
|
|
|
const parseJSON = bodyParser.json()
|
|
|
|
|
const b64 = require('base64-async')
|
|
|
|
|
const db = require('../db')
|
|
|
|
|
const ensureAdmin = require('./middleware/ensureAdmin')
|
|
|
|
|
|
|
|
|
|
const validate = require('./middleware/validators')
|
|
|
|
|
|
|
|
|
@ -15,11 +16,7 @@ const upload = require('multer')({
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.get('/', async (req, res) => {
|
|
|
|
|
const showUnpublished =
|
|
|
|
|
// Only respect query parameter if user is admin
|
|
|
|
|
(req.user && req.user.is_admin)
|
|
|
|
|
? req.query.showUnpublished
|
|
|
|
|
: false
|
|
|
|
|
const showUnpublished = (req.user?.is_admin && req.query.showUnpublished) || false
|
|
|
|
|
|
|
|
|
|
const items = await db.item.findAll(showUnpublished)
|
|
|
|
|
|
|
|
|
@ -35,7 +32,7 @@ const itemValidators = [
|
|
|
|
|
validate.handleApiError
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
router.post('/', parseJSON, itemValidators, async (req, res) => {
|
|
|
|
|
router.post('/', ensureAdmin, parseJSON, itemValidators, async (req, res) => {
|
|
|
|
|
const item = await db.item.create(
|
|
|
|
|
req.body.name,
|
|
|
|
|
req.body.urlslug,
|
|
|
|
@ -56,7 +53,7 @@ router.get('/by-slug/:slug', async (req, res) => {
|
|
|
|
|
res.json(item)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.post('/:uuid', parseJSON, itemValidators, async (req, res) => {
|
|
|
|
|
router.post('/:uuid', ensureAdmin, parseJSON, itemValidators, async (req, res) => {
|
|
|
|
|
const item = await db.item.update(
|
|
|
|
|
req.params.uuid,
|
|
|
|
|
req.body.name,
|
|
|
|
@ -69,7 +66,7 @@ router.post('/:uuid', parseJSON, itemValidators, async (req, res) => {
|
|
|
|
|
res.json(item)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.post('/:uuid/images', upload.single('image'), bodyParser.json({limit: '5MB'}), async (req, res) => {
|
|
|
|
|
router.post('/:uuid/images', ensureAdmin, upload.single('image'), bodyParser.json({limit: '5MB'}), async (req, res) => {
|
|
|
|
|
// Handle either image upload body or JSON body
|
|
|
|
|
try {
|
|
|
|
|
if(req.file)
|
|
|
|
@ -84,12 +81,12 @@ router.post('/:uuid/images', upload.single('image'), bodyParser.json({limit: '5M
|
|
|
|
|
res.json(await db.item.findById(req.params.uuid))
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.post('/:uuid/publish', async (req, res) => {
|
|
|
|
|
router.post('/:uuid/publish', ensureAdmin, async (req, res) => {
|
|
|
|
|
const item = await db.item.publish(req.params.uuid)
|
|
|
|
|
res.json(item)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
router.post('/:uuid/unpublish', async (req, res) => {
|
|
|
|
|
router.post('/:uuid/unpublish', ensureAdmin, async (req, res) => {
|
|
|
|
|
const item = await db.item.unpublish(req.params.uuid)
|
|
|
|
|
res.json(item)
|
|
|
|
|
})
|
|
|
|
|