From 641bbdffb8a8db6e37c04a59343ee18e2186bdee Mon Sep 17 00:00:00 2001 From: OldHawk Date: Tue, 13 Jun 2017 14:31:39 +0800 Subject: [PATCH] feat(invitations): add invitation server routes, policy,controller js file. --- .../invitations.server.controller.js | 50 +++++++++++++++++++ .../policies/invitations.server.policy.js | 49 ++++++++++++++++++ .../routes/invitations.server.routes.js | 13 +++++ 3 files changed, 112 insertions(+) create mode 100644 modules/invitations/server/controllers/invitations.server.controller.js create mode 100644 modules/invitations/server/policies/invitations.server.policy.js create mode 100644 modules/invitations/server/routes/invitations.server.routes.js diff --git a/modules/invitations/server/controllers/invitations.server.controller.js b/modules/invitations/server/controllers/invitations.server.controller.js new file mode 100644 index 00000000..bd9dddc8 --- /dev/null +++ b/modules/invitations/server/controllers/invitations.server.controller.js @@ -0,0 +1,50 @@ +'use strict'; + +/** + * Module dependencies + */ +var path = require('path'), + config = require(path.resolve('./config/config')), + mongoose = require('mongoose'), + errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')), + User = mongoose.model('User'), + Invitation = mongoose.model('Invitation'), + async = require('async'); + +/** + * create a Invitation + * @param req + * @param res + */ +exports.create = function (req, res) { + var invitation = new Invitation(); + invitation.expiresat = Date.now() + config.meanTorrentConfig.invite.expires; + invitation.user = req.user; + + invitation.save(function (err) { + if (err) { + return res.status(422).send({ + message: errorHandler.getErrorMessage(err) + }); + } else { + res.json(invitation); + } + }); +}; + + +/** + * List of Invitations + */ +exports.list = function (req, res) { + Invitation.find().sort('-created').populate('user', 'displayName').exec(function (err, invitations) { + if (err) { + return res.status(422).send({ + message: errorHandler.getErrorMessage(err) + }); + } else { + res.json(invitations); + } + }); +}; + diff --git a/modules/invitations/server/policies/invitations.server.policy.js b/modules/invitations/server/policies/invitations.server.policy.js new file mode 100644 index 00000000..d0efba0f --- /dev/null +++ b/modules/invitations/server/policies/invitations.server.policy.js @@ -0,0 +1,49 @@ +'use strict'; + +/** + * Module dependencies + */ +var acl = require('acl'); + +// Using the memory backend +acl = new acl(new acl.memoryBackend()); + +/** + * Invoke Articles Permissions + */ +exports.invokeRolesPolicies = function () { + acl.allow( + [ + { + roles: ['admin', 'oper', 'user'], + allows: [ + {resources: '/api/invitations', permissions: '*'} + ] + } + ] + ); +}; + +/** + * Check If Articles Policy Allows + */ +exports.isAllowed = function (req, res, next) { + var roles = (req.user) ? req.user.roles : ['guest']; + + // Check for user roles + acl.areAnyRolesAllowed(roles, req.route.path, req.method.toLowerCase(), function (err, isAllowed) { + if (err) { + // An authorization error occurred + return res.status(500).send('Unexpected authorization error'); + } else { + if (isAllowed) { + // Access granted! Invoke next middleware + return next(); + } else { + return res.status(403).json({ + message: 'User is not authorized' + }); + } + } + }); +}; diff --git a/modules/invitations/server/routes/invitations.server.routes.js b/modules/invitations/server/routes/invitations.server.routes.js new file mode 100644 index 00000000..06fab0d9 --- /dev/null +++ b/modules/invitations/server/routes/invitations.server.routes.js @@ -0,0 +1,13 @@ +'use strict'; + +/** + * Module dependencies + */ +var invitationsPolicy = require('../policies/invitations.server.policy'), + invitations = require('../controllers/invitations.server.controller'); + +module.exports = function (app) { + app.route('/api/invitations').all(invitationsPolicy.isAllowed) + .get(invitations.list) + .post(invitations.create); +};