UNPKG

@opengis/fastify-table

Version:

core-plugins

85 lines (84 loc) 3.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import config from "../../../../config.js"; import isFileExists from "../../../plugins/file/isFileExists.js"; import logChanges from "../../../plugins/crud/funcs/utils/logChanges.js"; import pgClients from "../../../plugins/pg/pgClients.js"; const isAdmin = (req) => process.env.NODE_ENV === "admin" || config.admin || req?.hostname?.split?.(":")?.shift?.() === config.adminDomain || req?.hostname?.startsWith?.("admin"); async function checkAccess(pg, objectid, id) { const { uid, filepath } = await pg .query("select uid, file_path as filepath from crm.files where entity_id=$1 and file_id=$2", [objectid, id]) .then((el) => el.rows?.[0] || {}); return { uid, exists: filepath ? await isFileExists(filepath) : null }; } /** * Дістає CRM дані для vue хешує ідентифікатори, підтягує селекти * * @method DELETE * @summary CRM дані для обраного віджета. * @priority 2 * @tag table * @type api * @requires setTokenById * @requires getSelect * @param {String} id Ідентифікатор для хешування * @param {Any} sql Використовується для повернення sql запиту * @param {String} type Тип для хешування даних * @errors 400, 500 * @returns {Number} status Номер помилки * @returns {String|Object} error Опис помилки * @returns {String|Object} message Повідомлення про успішне виконання або об'єкт з параметрами */ export default async function widgetDel(req, reply) { const { pg = pgClients.client, params, user = {}, } = req; if (!user?.uid) { return reply.status(401).send("access restricted: user not authorized"); } const { type, objectid, id } = params || {}; if (!objectid) { return reply.status(400).send("not enough params: object id"); } if (!id && type !== "reaction") { return reply.status(400).send("not enough params: id"); } // force delete db entry if file not exists const { exists, uid } = ["file", "gallery"].includes(type) ? await checkAccess(pg, objectid, id) : {}; if (exists && !isAdmin(req) && uid && user?.uid !== uid) { return reply .status(403) .send("access restricted: file exists, not an author"); } const sqls = { comment: `delete from crm.communications where entity_id=$1 and ${isAdmin(req) ? "$2=$2" : "uid=$2"} and communication_id=$3`, checklist: `delete from crm.checklists where entity_id=$1 and ${isAdmin(req) ? "$2=$2" : "uid=$2"} and checklist_id=$3`, file: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? "$2=$2" : "uid=$2"} and file_id=$3 returning uploaded_name`, gallery: `update crm.files set file_status=3 where entity_id=$1 and ${!exists || isAdmin(req) ? "$2=$2" : "uid=$2"} and file_id=$3 returning uploaded_name`, reaction: `delete from crm.reactions where entity_id=$1 and ${isAdmin(req) ? "$2=$2" : "created_by=$2"} and $3=$3 returning reaction_type`, }; const sql = sqls[type]; const table = { comment: "crm.communications", checklist: "crm.checklists", file: "crm.files", gallery: "crm.files", reaction: "crm.reactions", }[type]; if (!sql || !table) { return reply.status(400).send("invalid widget type"); } const { rows = [] } = await pg.query(sql, [objectid, user.uid, id || ""]); await logChanges({ pg, table, id: type === "reaction" ? objectid : id, data: rows[0], uid: user?.uid, type: "DELETE", }); return reply .status(200) .send({ data: { id }, user: { uid: user.uid, name: user.user_name } }); }