renamed support.file to support.attachement

BenoitRanque · Mar 22, 2019 · 6f742be · 6f742be
1 parent eb6ca77
commit 6f742be
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 26 deletions.
diff --git a/business-logic/.gitignore b/business-logic/.gitignore
@@ -5,4 +5,5 @@ dist
 node_modules
 .idea
 .vscode
-*.log
+*.log
+files
diff --git a/business-logic/files/0adf277f-0091-4740-91db-89cac6a5e0ac b/business-logic/files/0adf277f-0091-4740-91db-89cac6a5e0ac
diff --git a/business-logic/src/upload/index.js b/business-logic/src/upload/index.js
@@ -14,18 +14,17 @@ const FILE_OWNER_ROLES = ['admin']
 // roles that can read or write any file
 const FILE_ADMIN_ROLES = ['admin']
 
-
 app.use(corser.create({
   requestHeaders: corser.simpleRequestHeaders.concat(['Authorization'])
 }))
 
-app.use((req, res, next) => {
-  console.log('hi')
-  next()
-})
+app.use(requireSessionMiddleware)
+
+app.use(requireRoleMiddleware([...FILE_OWNER_ROLES, ...FILE_ADMIN_ROLES]))
+
 app.use(throttle(1024 * 128)) // throttling bandwidth
 
-app.post('/', requireSessionMiddleware, requireRoleMiddleware([...FILE_OWNER_ROLES, ...FILE_ADMIN_ROLES]), (req, res) => {
+app.post('/', (req, res) => {
   const owner_id = getAccountId(req)
   const form = new formidable.IncomingForm()
   const folder = '/usr/app/files'
@@ -66,18 +65,18 @@ app.post('/', requireSessionMiddleware, requireRoleMiddleware([...FILE_OWNER_ROL
       }
       // map files to promise array
       const result = await Promise.all(Object.values(files).map(async file => {
-        const file_id = uuid()
-        const path = `${form.uploadDir}/${file_id}`
+        const attachement_id = uuid()
+        const path = `${form.uploadDir}/${attachement_id}`
 
         fs.renameSync(file.path, path);
 
-        const queryString = `INSERT INTO support.file (file_id, path, name, type, size, owner_id) VALUES ($1, $2, $3, $4, $5, $6) RETURNING *`
+        const queryString = `INSERT INTO support.attachement (attachement_id, path, name, type, size, owner_id) VALUES ($1, $2, $3, $4, $5, $6) RETURNING *`
         const { name, type, size } = file
 
-        await req.db.query(queryString, [ file_id, path, name, type, size, owner_id ])
+        await req.db.query(queryString, [ attachement_id, path, name, type, size, owner_id ])
         // const { rows: [ { created_at } ] } = await req.db.query(queryString, [ file_id, path, name, type, size, owner_id ])
 
-        return { file_id, name }
+        return { id: attachement_id, name }
       }))
 
       res.status(200).json(result)
@@ -93,17 +92,17 @@ app.get('/', async (req, res) => {
   if (!req.query.id) {
     return res.status(400).send('Malformed Query: id query parameter is required') // TODO: send propper error code (bad request)
   }
+
   // if user is file admin, do not check ownership
-  // const queryString = getRoles(req).some(role => FILE_ADMIN_ROLES.includes(role))
-  //     ? `SELECT * FROM support.file WHERE file_id = $1`
-  //     : `SELECT * FROM support.file WHERE file_id = $1 AND owner_id = $2`
-  //
-  // const { rows: [ file ] } = await db.query(queryString, [ req.query.id, getAccountId(req) ])
-
-  // temporary permission bypass
-  const queryString = `SELECT * FROM support.file WHERE file_id = $1`
-
-  const { rows: [ file ] } = await req.db.query(queryString, [ req.query.id ])
+  const isFileAdmin = getRoles(req).some(role => FILE_ADMIN_ROLES.includes(role))
+  const queryString = isFileAdmin
+    ? `SELECT * FROM support.attachement WHERE attachement_id = $1`
+    : `SELECT * FROM support.attachement WHERE attachement_id = $1 AND owner_id = $2`
+  const parameters = isFileAdmin
+    ? [ req.query.id ]
+    : [ req.query.id, isFileAdmin ? null : getAccountId(req) ]
+
+  const { rows: [ file ] } = await req.db.query(queryString, parameters)
 
   if (!file) {
     return res.status(404).send(`File Not Found: Could not find file ${req.query.id}`) // TODO: send propper error code (bad request)

diff --git a/postgres/schema.psql b/postgres/schema.psql
@@ -284,8 +284,8 @@ CREATE TRIGGER support_ticket_assignation_set_created_at BEFORE INSERT ON suppor
 CREATE TRIGGER support_ticket_assignation_set_updated_at BEFORE UPDATE ON support.ticket_assignation
     FOR EACH ROW EXECUTE FUNCTION set_updated_at();
 
-CREATE TABLE support.file (
-    file_id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+CREATE TABLE support.attachement (
+    attachement_id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
     path TEXT NOT NULL,
     name TEXT NOT NULL,
     type TEXT NOT null,
@@ -296,9 +296,9 @@ CREATE TABLE support.file (
     created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(),
     updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now()
 );
-CREATE TRIGGER support_file_set_created_at BEFORE INSERT ON support.file
+CREATE TRIGGER support_attachement_set_created_at BEFORE INSERT ON support.attachement
     FOR EACH ROW EXECUTE FUNCTION set_created_at();
-CREATE TRIGGER support_file_set_updated_at BEFORE UPDATE ON support.file
+CREATE TRIGGER support_attachement_set_updated_at BEFORE UPDATE ON support.attachement
     FOR EACH ROW EXECUTE FUNCTION set_updated_at();
 
 -- CREATE VIEW support.ticket_thread AS
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,4 +5,5 @@ dist @@
     node_modules
     .idea
     .vscode
-    *.log
+    *.log
+    files