github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 01:36:29 -05:00
Code Issues Projects Releases Packages Wiki Activity

fix(backend): fix permission routes in NotesController

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2023-03-24 18:22:34 +01:00 committed by Yannick Bungers
parent 9ed4e1ef08
commit e01628cfb0
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
backend/src/api/private/notes/notes.controller.ts
View file

@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file) * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
* *
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
@ -17,7 +17,6 @@ import {
} from '@nestjs/common'; } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
import { TokenAuthGuard } from '../../../auth/token.strategy';
import { NotInDBError } from '../../../errors/errors'; import { NotInDBError } from '../../../errors/errors';
import { GroupsService } from '../../../groups/groups.service'; import { GroupsService } from '../../../groups/groups.service';
import { HistoryService } from '../../../history/history.service'; import { HistoryService } from '../../../history/history.service';
@ -197,9 +196,11 @@ export class NotesController {
); );
} }
@Put(':noteIdOrAlias/metadata/permissions/users/:userName')
@OpenApi(200, 403, 404)
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@Permissions(Permission.OWNER) @Permissions(Permission.OWNER)
@UseGuards(TokenAuthGuard, PermissionsGuard) @UseGuards(PermissionsGuard)
async setUserPermission( async setUserPermission(
@RequestUser() user: User, @RequestUser() user: User,
@RequestNote() note: Note, @RequestNote() note: Note,
@ -217,7 +218,7 @@ export class NotesController {
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@Permissions(Permission.OWNER) @Permissions(Permission.OWNER)
@UseGuards(TokenAuthGuard, PermissionsGuard) @UseGuards(PermissionsGuard)
@Delete(':noteIdOrAlias/metadata/permissions/users/:userName') @Delete(':noteIdOrAlias/metadata/permissions/users/:userName')
async removeUserPermission( async removeUserPermission(
@RequestUser() user: User, @RequestUser() user: User,
@ -243,7 +244,7 @@ export class NotesController {
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@Permissions(Permission.OWNER) @Permissions(Permission.OWNER)
@UseGuards(TokenAuthGuard, PermissionsGuard) @UseGuards(PermissionsGuard)
@Put(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Put(':noteIdOrAlias/metadata/permissions/groups/:groupName')
async setGroupPermission( async setGroupPermission(
@RequestUser() user: User, @RequestUser() user: User,
@ -262,7 +263,7 @@ export class NotesController {
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@Permissions(Permission.OWNER) @Permissions(Permission.OWNER)
@UseGuards(TokenAuthGuard, PermissionsGuard) @UseGuards(PermissionsGuard)
@Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName') @Delete(':noteIdOrAlias/metadata/permissions/groups/:groupName')
async removeGroupPermission( async removeGroupPermission(
@RequestUser() user: User, @RequestUser() user: User,
@ -279,7 +280,7 @@ export class NotesController {
@UseInterceptors(GetNoteInterceptor) @UseInterceptors(GetNoteInterceptor)
@Permissions(Permission.OWNER) @Permissions(Permission.OWNER)
@UseGuards(TokenAuthGuard, PermissionsGuard) @UseGuards(PermissionsGuard)
@Put(':noteIdOrAlias/metadata/permissions/owner') @Put(':noteIdOrAlias/metadata/permissions/owner')
async changeOwner( async changeOwner(
@RequestUser() user: User, @RequestUser() user: User,