As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Handle the AlreadyInDB and PermissionsUpdateInconsistent errors and correctly show them to the api user as BadRequest errors.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Fixed toUserDto method of UsersService: If a user has no email an empty string should be returned (like with the photoUrl) instead of null.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This service is necessary as we plan to have functions to create and manipulate groups in the future.
The GroupInfoDto was moved from the file note-permissions.dto.ts to mimic the UserInfoDto.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As discussed in #835 we don't want to have default constructors and prefer .create methods.
Because the created NoteGroupPermission and NoteUserPermission are not saved to the DB by themselves, but are saved via a change to the Note using a Pick<Class, attributes>-style return type is not helpful here as every single time the .create functions are called a full object is required.
The mock calls in the PermissionService test are not needed and break the .create calls so they got removed.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The original idea of the basic-markdown-renderer and the full-markdown-renderer was to reduce the complexity. The basic markdown renderer should just render markdown code and the full markdown renderer should implement all the special hedgedoc stuff like the embeddings.
While developing other aspects of the software I noticed, that it makes more sense to split the markdown-renderer by the view and not by the features. E.g.: The slide markdown renderer must translate <hr> into <sections> for the slides and the document markdown renderer must provide precise scroll positions. But both need e.g. the ability to show a youtube video.
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
split success and fail cases in separate tests for better readability
add the correct user to all notes created by service (instead of api) to make the permissions checks viable.
extracted test content of notes to a global variable.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The permission check also tries to get the note and a non existing note needs to be handled there too.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
