xfarrow
/
blink
mirror of https://github.com/xfarrow/blink
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

This commit is contained in:
xfarrow 2024-02-26 12:27:22 +01:00
parent 82e51832ef
commit 3d9890bcef
6 changed files with 48 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
backend/apis/nodejs/src/models/organization_admin_model.js
View File

@ -26,20 +26,28 @@ async function isPersonAdmin (personId, organizationId) {
.where('id_organization', organizationId)
.select('*')
.first();
return isPersonAdmin;
return !!isPersonAdmin;
}
/**
* Add the specified Person as the Organization administrator
* @param {*} personId
* Add the specified Person as the Organization administrator, if thr requester is already
* an administrator
* @param {*} personId Id of the person to add as administrator
* @param {*} organizationId
* @param {*} requester Id of the person requesting the addition
*/
async function addOrganizationAdministrator (personId, organizationId) {
async function addOrganizationAdministrator (personId, organizationId, requester) {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(requester, organizationId);
if(isPersonAdmin){
await knex('OrganizationAdministrator')
.insert({
id_person: personId,
id_organization: organizationId
});
return true;
}
return false;
}
/**

21
backend/apis/nodejs/src/models/organization_model.js
View File

@ -34,7 +34,7 @@ function organization (name, location, description, isHiring) {
/**
* Gets an Organization by its identifier
* @param {*} id
* @returns
* @returns the Organization
*/
async function getOrganizationById (id) {
const organization = await knex('Organization')
@ -66,13 +66,13 @@ async function insertOrganization (organization, organizationAdministratorId) {
/**
* Updates an Organization specified by the OrganizationId, if and
* only if the specified personId is one of its Administrator
* only if the specified requester is one of its Administrator
* @param {*} organization
* @param {*} organizationId
* @param {*} personId
* @param {*} requester
* @returns true if the row was updated, false otherwise
*/
async function updateOrganizationIfAdministrator (organization, organizationId, personId) {
async function updateOrganization (organization, organizationId, requester) {
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
@ -107,7 +107,7 @@ async function updateOrganizationIfAdministrator (organization, organizationId,
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_person', requester)
.where('id_organization', organizationId);
})
.update(organization);
@ -118,16 +118,16 @@ async function updateOrganizationIfAdministrator (organization, organizationId,
* Deletes an Organization if the specified PersonId is
* one of its administrators
* @param {*} organizationId Id of the Organization to delete
* @param {*} personId PersonId of the supposedly administrator
* @param {*} requester PersonId of the supposedly administrator
* @returns true if the Organization was successfully deleted, false otherwise
*/
async function deleteOrganizationIfAdmin (organizationId, personId) {
async function deleteOrganization (organizationId, requester) {
const numberOfDeletedRows = await knex('Organization')
.where({ id: organizationId })
.whereExists(function () {
this.select('*')
.from('OrganizationAdministrator')
.where('id_person', personId)
.where('id_person', requester)
.where('id_organization', organizationId);
})
.del();
@ -141,7 +141,6 @@ module.exports = {
getOrganizationById,
organization,
insertOrganization,
updateOrganizationIfAdministrator,
deleteOrganizationIfAdmin,
deleteOrganizationIfAdmin
updateOrganization,
deleteOrganization
};

19
backend/apis/nodejs/src/models/organization_post_model.js
View File

@ -44,7 +44,7 @@ async function insertOrganizationPost (organization) {
// Non-exploitable TOC/TOU weakness
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
if (!isOrganizationAdmin) {
return res.status(403).json({ error: 'Forbidden' });
return false;
}
const organizationPost = await knex('OrganizationPost')
@ -75,13 +75,18 @@ async function isPersonPostAdministrator (postId, personId) {
}
/**
* Deletes the specified OrganizationPost
* @param {*} organizationPostId
* Deletes the specified OrganizationPost if the requester is one
* of the Administrators of the Organization the Post belongs to
* @param {*} postId Id of the Post to delete
* @param {*} requester Id of the Person requesting the deletion
*/
async function deleteOrganizationPost (organizationPostId) {
await knex('OrganizationPost')
.where('id', organizationPostId)
.del();
async function deleteOrganizationPost (postId, requester) {
if(await isPersonPostAdministrator(postId, requester)){
return await knex('OrganizationPost')
.where('id', postId)
.del() == 1;
}
return false;
}
module.exports = {

10
backend/apis/nodejs/src/routes/organization_admin_routes.js
View File

@ -28,13 +28,11 @@ async function addOrganizationAdmin (req, res) {
}
try {
const isPersonAdmin = await organization_admin_model.isPersonAdmin(req.jwt.person_id, req.body.organization_id);
// TOC/TOU
if (!isPersonAdmin) {
return res.status(401).json({ error: 'Forbidden' });
}
await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id);
const success = await organization_admin_model.addOrganizationAdministrator(req.body.person_id, req.body.organization_id, req.jwt.person_id);
if(success){
return res.status(200).json({ success: true });
}
return res.status(403).json({ error: 'Forbidden' });
} catch (error) {
console.error(`Error in function ${addOrganizationAdmin.name}: ${error}`);
res.status(500).json({ error: 'Internal server error' });

10
backend/apis/nodejs/src/routes/organization_post_routes.js
View File

@ -51,13 +51,13 @@ async function createOrganizationPost (req, res) {
*/
async function deleteOrganizationPost (req, res) {
try {
const isOrganizationAdmin = await organizationPostModel.isPersonPostAdministrator(req.params.id, req.jwt.person_id);
if (isOrganizationAdmin) {
await organizationPostModel.deleteOrganizationPost(req.params.id);
const success = await organizationPostModel.deleteOrganizationPost(req.params.id, req.jwt.person_id);
if(success){
return res.status(200).json({ success: true });
} else {
return res.status(401).json({ error: 'Forbidden' });
}
return res.status(401).json({ error: 'Forbidden' });
} catch (error) {
console.error(`Error in function ${deleteOrganizationPost.name}: ${error}`);
res.status(500).json({ error: 'Internal server error' });

7
backend/apis/nodejs/src/routes/organization_routes.js
View File

@ -68,7 +68,7 @@ async function updateOrganization (req, res) {
}
try {
const isUpdateSuccessful = organization_model.updateOrganizationIfAdministrator(updateOrganization, req.params.id, req.jwt.person_id);
const isUpdateSuccessful = organization_model.updateOrganization(updateOrganization, req.params.id, req.jwt.person_id);
if (isUpdateSuccessful) {
return res.status(200).json({ success: 'true' });
} else {
@ -88,12 +88,11 @@ async function updateOrganization (req, res) {
*/
async function deleteOrganization (req, res) {
try {
const isDeleteSuccessful = organization_model.deleteOrganizationIfAdmin(req.params.id, req.jwt.person_id);
const isDeleteSuccessful = organization_model.deleteOrganization(req.params.id, req.jwt.person_id);
if (isDeleteSuccessful) {
return res.status(403).json({ error: 'Forbidden' });
} else {
return res.status(200).json({ success: true });
}
return res.status(403).json({ error: 'Forbidden' });
} catch (error) {
console.error(`Error in function ${deleteOrganization.name}: ${error}`);
return res.status(500).json({ error: 'Internal server error' });