diff --git a/CHANGELOG.md b/CHANGELOG.md index 9588e976e..862966240 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * If extraData.images is set then the new value ovreplaces the old value instead of being merged (it waas impossible to delete images) * Add min/max number of to budgeting voting * Make sure postcode validation doesn't fail on an empty string +* Add Delete route for vote ## 0.7.6 (2020-10-07) * Votes were viewable when they should not be diff --git a/src/middleware/oauth-clients.js b/src/middleware/oauth-clients.js index 21ed1ca52..0c2cfafdd 100644 --- a/src/middleware/oauth-clients.js +++ b/src/middleware/oauth-clients.js @@ -62,13 +62,11 @@ exports.withAllForSite = (req, res, next) => { return userClientApi .fetch(authServerUrl,apiCredentials, oauthClientId) .then((client) => { - console.log('==>> err', client); - req.siteOAuthClients.push(client); resolve(); }) .catch((err) => { - console.log('==>> err', oauthClientId, err.message); + console.log('==>> err oauthClientId', oauthClientId, err.message); resolve(); }); }) diff --git a/src/models/Vote.js b/src/models/Vote.js index c9c8bb6cc..685639d4a 100644 --- a/src/models/Vote.js +++ b/src/models/Vote.js @@ -109,11 +109,11 @@ module.exports = function( db, sequelize, DataTypes ) { viewableBy: 'all', createableBy: 'member', updateableBy: ['editor', 'owner'], - deleteableBy: 'admin', + deleteableBy: ['editor', 'owner'], canToggle: function(user, self) { return userHasRole(user, 'editor', self.userId); } } - + return Vote; }; diff --git a/src/routes/api/site.js b/src/routes/api/site.js index 6325b0490..28ed74173 100755 --- a/src/routes/api/site.js +++ b/src/routes/api/site.js @@ -99,6 +99,7 @@ router.route('/:siteIdOrDomain') //(\\d+) .put(function(req, res, next) { const site = req.results; if (!( site && site.can && site.can('update') )) return next( new Error('You cannot update this site') ); + req.results .authorizeData(req.body, 'update') .update(req.body) @@ -113,6 +114,7 @@ router.route('/:siteIdOrDomain') //(\\d+) next(); }); }) + // update certain parts of config to the oauth client // mainly styling settings are synched so in line with the CMS .put(function (req, res, next) { @@ -143,20 +145,35 @@ router.route('/:siteIdOrDomain') //(\\d+) body: JSON.stringify(Object.assign(apiCredentials, oauthClient)) } - updates.push(fetch(authUpdateUrl, options)); }); Promise.all(updates) .then(() => { - // when succesfull return site JSON - res.json(req.site); + next() }) .catch((e) => { - console.log('errr', e); + console.log('errr oauth', e); next(e) }); }) + // call the site, to let the site know a refresh of the siteConfig is needed + .put(function (req, res, next) { + const site = req.results; + const cmsUrl = site.config.cms.url; + + if (!cmsUrl) { + next(); + } + + return fetch(cmsUrl + '/modules/openstad-api/refresh') + .then(function () { next(); }) + .catch(function (err) { console.log('errrr', err); next(); }); + }) + .put(function (req, res, next) { + // when succesfull return site JSON + res.json(req.results); + }) // delete site // --------- .delete(auth.can('Site', 'delete')) diff --git a/src/routes/api/vote.js b/src/routes/api/vote.js index b77540c09..7f59ef278 100755 --- a/src/routes/api/vote.js +++ b/src/routes/api/vote.js @@ -415,6 +415,35 @@ router.route('/*') .catch(next) }) + router.route('/:voteId(\\d+)') + .all(( req, res, next ) => { + var voteId = req.params.voteId; + + db.Vote + .findOne({ + where: { id: voteId } + }) + .then(function( vote ) { + if( vote ) { + req.results = vote; + } + next(); + }) + .catch(next); + }) + .delete(auth.useReqUser) + .delete(function(req, res, next) { + const vote = req.results; + if (!( vote && vote.can && vote.can('delete') )) return next( new Error('You cannot delete this vote') ); + + vote + .destroy() + .then(() => { + res.json({ "vote": "deleted" }); + }) + .catch(next); + }) + router.route('/:voteId(\\d+)/toggle') .all(( req, res, next ) => { var voteId = req.params.voteId;