diff --git a/harena-manager.postman_collection.json b/harena-manager.postman_collection.json new file mode 100644 index 0000000..d3f328e --- /dev/null +++ b/harena-manager.postman_collection.json @@ -0,0 +1,1974 @@ +{ + "info": { + "_postman_id": "07702665-ba09-4b0b-94f3-2094ea956bbb", + "name": "harena-manager", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" + }, + "item": [ + { + "name": "auth", + "item": [ + { + "name": "v2 (pre-release)", + "item": [ + { + "name": "/auth/login session", + "event": [ + { + "listen": "test", + "script": { + "id": "567f58fe-d502-485c-a557-e64d44ee08a9", + "exec": [ + "var response = pm.response.json();", + "pm.environment.set(\"user-token\", response.token);", + "pm.environment.set(\"user-id\", response.id);", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "noauth" + }, + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "email", + "value": "", + "type": "text" + }, + { + "key": "password", + "value": "", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/auth/login/", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "auth", + "login", + "" + ] + } + }, + "response": [] + }, + { + "name": "/auth/logout session", + "event": [ + { + "listen": "test", + "script": { + "id": "3d934f14-e90d-4b1d-8d2c-b1b8ee81fe32", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "noauth" + }, + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/auth/logout/", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "auth", + "logout", + "" + ] + } + }, + "response": [] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "id": "da0fa33a-7a78-450f-8339-8c4fc909e175", + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "id": "9e9584d9-38cd-474d-97cf-73aa67aeddaa", + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ], + "protocolProfileBehavior": {}, + "_postman_isSubFolder": true + }, + { + "name": "/auth/login jwt", + "event": [ + { + "listen": "test", + "script": { + "id": "91e2df22-41c1-448e-b3e0-e8e033c1cb77", + "exec": [ + "var response = pm.response.json();", + "console.log(response)", + "pm.environment.set(\"user-token\", response.token);", + "pm.environment.set(\"user-refreshToken\", response.refreshToken);", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "email", + "value": "", + "type": "text" + }, + { + "key": "password", + "value": "", + "type": "text" + }, + { + "key": "refresh_token", + "value": "{{user-refreshToken}}", + "type": "text", + "disabled": true + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/auth/login", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "auth", + "login" + ] + } + }, + "response": [] + }, + { + "name": "/auth/logout jwt", + "event": [ + { + "listen": "test", + "script": { + "id": "3a9f31a1-d665-46b0-b24c-6dbf7d6e8fd8", + "exec": [ + "pm.environment.set(\"user-token\", 'revoked');" + ], + "type": "text/javascript" + } + } + ], + "request": { + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{user-token}}", + "type": "string" + } + ] + }, + "method": "POST", + "header": [], + "url": { + "raw": "{{api-base-url}}/auth/logout", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "auth", + "logout" + ] + } + }, + "response": [] + }, + { + "name": "/auth/checkToken jwt", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/auth/check", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "auth", + "check" + ] + } + }, + "response": [] + } + ], + "description": "Authentication endpoints", + "protocolProfileBehavior": {} + }, + { + "name": "user", + "item": [ + { + "name": "/cases_by_quest", + "event": [ + { + "listen": "test", + "script": { + "id": "36b974e1-931e-4a34-b7b0-4fbcee9af8fd", + "exec": [ + "var response = pm.response.json();", + "", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "quest_id", + "value": "aa9da08a-1bd4-4a57-b4bf-076a889d6046", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/user/cases_by_quest", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "cases_by_quest" + ] + } + }, + "response": [] + }, + { + "name": "/user/:id", + "event": [ + { + "listen": "test", + "script": { + "id": "92b0cce6-4a84-4ff4-81c7-0b1633fcb81a", + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/user/{{user-id}}", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "{{user-id}}" + ] + } + }, + "response": [] + }, + { + "name": "/user/cases", + "event": [ + { + "listen": "test", + "script": { + "id": "15d8f8af-11b5-41b0-88eb-673f3674b357", + "exec": [ + "var response = pm.response.json();", + "", + "// pm.environment.set(\"case-id\", response.token);", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/user/cases", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "cases" + ] + } + }, + "response": [] + }, + { + "name": "/user/quests", + "event": [ + { + "listen": "test", + "script": { + "id": "f3514b63-b332-4c8c-947e-fe77d5c0fd20", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/user/quests", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "quests" + ] + } + }, + "response": [] + }, + { + "name": "/user", + "event": [ + { + "listen": "test", + "script": { + "id": "ba3beae2-1cbf-42ca-98c1-6d1e965934c1", + "exec": [ + "var response = pm.response.json();", + "", + "pm.environment.set(\"user-id\", response.id);", + "// pm.environment.set(\"user\", response);", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "username", + "value": "adu", + "type": "text" + }, + { + "key": "email", + "value": "adu@email.com", + "type": "text" + }, + { + "key": "password", + "value": "adu", + "type": "text" + }, + { + "key": "login", + "value": "adu", + "type": "text" + }, + { + "key": "institution", + "value": "unicamp", + "type": "text", + "disabled": true + }, + { + "key": "course", + "value": "", + "type": "text", + "disabled": true + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/user", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user" + ] + } + }, + "response": [] + }, + { + "name": "/user/:id", + "request": { + "method": "PUT", + "header": [], + "url": { + "raw": "{{api-base-url}}/user/{{user-id}}?login=adrubal2", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "{{user-id}}" + ], + "query": [ + { + "key": "username", + "value": "{{user-username}}", + "disabled": true + }, + { + "key": "email", + "value": "{{user-email}}", + "disabled": true + }, + { + "key": "password", + "value": "{{user-password}}", + "disabled": true + }, + { + "key": "login", + "value": "adrubal2" + } + ] + } + }, + "response": [] + }, + { + "name": "/user", + "event": [ + { + "listen": "test", + "script": { + "id": "b0bc7d04-65d4-49a7-97d2-58bfa69a962c", + "exec": [ + "pm.test(\"Status code is 200 or 204\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200, 204]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "{{api-base-url}}/user/{{user-id}}", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "user", + "{{user-id}}" + ] + } + }, + "response": [] + } + ], + "description": "User services", + "protocolProfileBehavior": {} + }, + { + "name": "case", + "item": [ + { + "name": "/case/:id", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/case/{{case-id}}", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case", + "{{case-id}}" + ] + } + }, + "response": [] + }, + { + "name": "/cases", + "event": [ + { + "listen": "test", + "script": { + "id": "82a99ba1-14bc-4295-9860-0090d986d9ea", + "exec": [ + "var response = pm.response.json();", + "", + "// pm.environment.set(\"case-id\", response.token);", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/case", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case" + ] + } + }, + "response": [] + }, + { + "name": "/case", + "event": [ + { + "listen": "test", + "script": { + "id": "7c669a24-5cdb-493f-9d31-d735adb3733c", + "exec": [ + "var response = pm.response.json();", + "console.log(response.id)", + "pm.environment.set(\"case-id\", response.id);", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "title", + "value": "um novíssimo caso", + "type": "text" + }, + { + "key": "source", + "value": "{{case-source}}", + "type": "text" + }, + { + "key": "description", + "value": "test description", + "type": "text" + }, + { + "key": "language", + "value": "en", + "type": "text" + }, + { + "key": "domain", + "value": "test domain", + "type": "text" + }, + { + "key": "specialty", + "value": "test specialty ", + "type": "text" + }, + { + "key": "keywords", + "value": "keyword4;kw6", + "type": "text" + }, + { + "key": "original_date", + "value": "1987-09-13", + "type": "text" + }, + { + "key": "complexity", + "value": "Undergraduate", + "type": "text" + }, + { + "key": "institution", + "value": "uni", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/case", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case" + ] + } + }, + "response": [] + }, + { + "name": "/case/link/user", + "event": [ + { + "listen": "test", + "script": { + "id": "d7b34f12-8154-4251-94cf-68490ec63ff9", + "exec": [ + "var response = pm.response.json();", + "", + "// pm.environment.set(\"case-uuid\", response.uuid);", + "", + "pm.test(\"Status code is 200 or 201\", function () {", + " ", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + " ", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "caseId", + "value": "40132dcd-5eaa-4c82-b834-5ad6323de2c7", + "type": "text" + }, + { + "key": "user_id", + "value": "07c714ae-d22c-490b-ab91-9a0a15965f18", + "type": "text" + }, + { + "key": "permission", + "value": "write", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/case/share", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case", + "share" + ] + } + }, + "response": [] + }, + { + "name": "/case/:id", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "title", + "value": "test 444", + "type": "text" + }, + { + "key": "description", + "value": "new description 33333", + "type": "text" + }, + { + "key": "language", + "value": "en-us", + "type": "text", + "disabled": true + }, + { + "key": "domain", + "value": "new domain", + "type": "text", + "disabled": true + }, + { + "key": "specialty", + "value": "new specialty", + "type": "text", + "disabled": true + }, + { + "key": "keywords", + "value": "kw1;kw2", + "type": "text", + "disabled": true + }, + { + "key": "source", + "value": "nc1", + "type": "text", + "disabled": true + }, + { + "key": "original_date", + "value": "", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/case/{{case-id}}", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case", + "{{case-id}}" + ] + } + }, + "response": [] + }, + { + "name": "/case", + "request": { + "method": "DELETE", + "header": [], + "url": { + "raw": "{{api-base-url}}/case/{{case-id}}", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "case", + "{{case-id}}" + ] + } + }, + "response": [] + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "author", + "item": [ + { + "name": "/author/quests", + "event": [ + { + "listen": "test", + "script": { + "id": "b66fc72e-7206-4b20-9750-53667c651776", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/author/quests", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "author", + "quests" + ] + } + }, + "response": [] + }, + { + "name": "/author/quest/cases", + "event": [ + { + "listen": "test", + "script": { + "id": "4f1838db-2a67-4e69-b9b4-c487dd0d3c2b", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "questId", + "value": "5131b64a-04ff-4aec-af98-0edab334fd02", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/author/quest/cases", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "author", + "quest", + "cases" + ] + } + }, + "response": [] + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "player", + "item": [ + { + "name": "/player/quests", + "event": [ + { + "listen": "test", + "script": { + "id": "9c92b7da-e2cd-49bc-9eb9-4c181ebab6a0", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/player/quests", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "player", + "quests" + ] + } + }, + "response": [] + }, + { + "name": "/player/quest/cases", + "event": [ + { + "listen": "test", + "script": { + "id": "633d4edc-ff80-43f3-bf49-1c5b69ca27e2", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "questId", + "value": "ea8dbc12-e879-46e6-b5d7-e67ad88e841b", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/player/quest/cases", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "player", + "quest", + "cases" + ] + } + }, + "response": [] + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "artifact", + "item": [ + { + "name": "/artifact", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "value": "multipart/form-data", + "type": "text" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "type": "file", + "src": "/home/faguim/Pictures/Screenshot from 2020-06-16 22-12-19.png" + }, + { + "key": "caseId", + "value": "8fac1e26-5824-4b19-9d7b-5091e10856b3", + "type": "text", + "disabled": true + }, + { + "key": "questId", + "value": "5131b64a-04ff-4aec-af98-0edab334fd02", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/artifact", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "artifact" + ] + } + }, + "response": [] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "id": "6b5445c6-193c-42ed-b492-4d20a8c402c7", + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "id": "5f99b0f8-1060-45fc-bfbd-4554b05c1ff8", + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "quest", + "item": [ + { + "name": "/quest/users", + "event": [ + { + "listen": "test", + "script": { + "id": "c5a31c15-f698-4d75-8ad4-34fc0cf5987f", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "questId", + "value": "5885fb0d-ce64-421f-9b9e-1ea2cef3143f", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/quest/users", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "quest", + "users" + ] + } + }, + "response": [] + }, + { + "name": "/quest", + "event": [ + { + "listen": "test", + "script": { + "id": "c864d920-e0b9-4c63-965c-d3ae8e93547e", + "exec": [ + "var response = pm.response.json();", + "", + "pm.environment.set(\"quest-id\", response.id);" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "type": "text", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "title", + "value": "default-quest", + "type": "text" + }, + { + "key": "color", + "value": "#505050", + "type": "text" + }, + { + "key": "artifact_id", + "value": "f9679a24-58f3-4741-9752-f40d0b4f4ab0", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/quest/", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "quest", + "" + ] + } + }, + "response": [] + }, + { + "name": "/quest/link/user", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "userId", + "value": "5a0064c7-fc6a-4629-b33a-bd835d8efd64", + "type": "text" + }, + { + "key": "questId", + "value": "c458b50b-3cae-4df8-a9eb-b2bed98ae640", + "type": "text" + }, + { + "key": "roleSlug", + "value": "player", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/quest/link/user", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "quest", + "link", + "user" + ] + } + }, + "response": [] + }, + { + "name": "/quest/link/case", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "questId", + "value": "775bd2ac-68b5-45a9-82c6-b796894114c7", + "type": "text" + }, + { + "key": "caseId", + "value": "00f42405-743c-4a9d-8bb4-52b41f7df9ac", + "type": "text" + }, + { + "key": "orderPosition", + "value": "0", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/quest/link/case", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "quest", + "link", + "case" + ] + } + }, + "response": [] + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "category", + "item": [ + { + "name": "/category", + "event": [ + { + "listen": "test", + "script": { + "id": "38d0d1fe-0734-4312-a8ad-337b82eca94a", + "exec": [ + "var response = pm.response.json();", + "", + "pm.environment.set(\"quest-id\", response.id);" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "type": "text", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "title", + "value": "default-quest", + "type": "text" + }, + { + "key": "color", + "value": "#505050", + "type": "text" + }, + { + "key": "artifact_id", + "value": "f9679a24-58f3-4741-9752-f40d0b4f4ab0", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/category/", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "category", + "" + ] + } + }, + "response": [] + }, + { + "name": "/category/link/case", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "categoryId", + "value": "decisoes-extremas", + "type": "text" + }, + { + "key": "caseId", + "value": "150f89f4-ff11-4795-9d20-a424c025be19", + "type": "text" + }, + { + "key": "orderPosition", + "value": "0", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/category/link/case", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "category", + "link", + "case" + ] + } + }, + "response": [] + }, + { + "name": "/category/cases", + "event": [ + { + "listen": "test", + "script": { + "id": "58534689-6772-46ad-9b0d-4affd8fd747f", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "categoryId", + "value": "decisoesExtremas", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/category/cases", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "category", + "cases" + ] + } + }, + "response": [] + }, + { + "name": "/category/list", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "{{api-base-url}}/category/list", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "category", + "list" + ] + } + }, + "response": [] + } + ], + "protocolProfileBehavior": {} + }, + { + "name": "admin", + "item": [ + { + "name": "/admin/users", + "event": [ + { + "listen": "test", + "script": { + "id": "dce3f18a-9ee0-4103-bbd1-583e031102e9", + "exec": [ + "var response = pm.response.json();", + "", + "console.log(response);", + " ", + "checkUserID = function(){", + " ", + " for(var index in response){", + " ", + " if (response[index].id === pm.variables.get(\"user-id\"))", + " return true;", + " ", + " }", + " ", + " throw new Error(\"user-id not found\");", + " ", + "}", + "", + "pm.test(\"Checking if user ID is present\",checkUserID)" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/users", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "users" + ] + } + }, + "response": [] + }, + { + "name": "/admin/roles", + "event": [ + { + "listen": "test", + "script": { + "id": "05548dfb-1e21-4b80-bf6b-b00a2c8fe689", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/admin/roles", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "roles" + ] + } + }, + "response": [] + }, + { + "name": "/admin/user/{{user-id}}/roles", + "event": [ + { + "listen": "test", + "script": { + "id": "592df749-fa5b-4564-84bb-56bbeff2e660", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/admin/user/1d6851cf-f3c7-4a00-8b5c-7fd7b0f36db9/roles", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "user", + "1d6851cf-f3c7-4a00-8b5c-7fd7b0f36db9", + "roles" + ] + } + }, + "response": [] + }, + { + "name": "/admin/quests", + "event": [ + { + "listen": "test", + "script": { + "id": "2cf289af-4e53-40b5-a442-35a11e68a812", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{api-base-url}}/admin/quests", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "quests" + ] + } + }, + "response": [] + }, + { + "name": "/admin/user/link/role", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "userId", + "value": "7d1c3323-3169-40d4-b000-4723cff87886", + "type": "text" + }, + { + "key": "roleId", + "value": "0c3ed16e-9ad2-46ff-85e2-8586a80df0eb", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/user/link/role", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "user", + "link", + "role" + ] + } + }, + "response": [] + }, + { + "name": "/admin/institution", + "event": [ + { + "listen": "test", + "script": { + "id": "3528171d-8ffc-409e-b9a3-96d1443c78d3", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "type": "text", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "acronym", + "value": "unicamp", + "type": "text" + }, + { + "key": "title", + "value": "Universidade Estadual de Campinas", + "type": "text" + }, + { + "key": "country", + "value": "BR", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/institution", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "institution" + ] + } + }, + "response": [] + }, + { + "name": "/admin/revoke_tokens", + "event": [ + { + "listen": "test", + "script": { + "id": "3d03a439-99d7-46a2-95bb-49bc78086521", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "type": "text", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "formdata", + "formdata": [], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/revoke_tokens", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "revoke_tokens" + ] + } + }, + "response": [] + }, + { + "name": "/admin/quest/link/user", + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "userId", + "value": "d14252e7-57d2-4577-b0cc-7fcd23161452", + "type": "text" + }, + { + "key": "questId", + "value": "5bc14c72-2862-45e7-9239-2e71e64bb9cc", + "type": "text" + }, + { + "key": "roleSlug", + "value": "author", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/quest/link/user", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "quest", + "link", + "user" + ] + } + }, + "response": [] + }, + { + "name": "Create role", + "event": [ + { + "listen": "test", + "script": { + "id": "d5a31a63-3bcd-46c3-870b-6acdba5c1a5f", + "exec": [ + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "name": "Content-Type", + "type": "text", + "value": "application/x-www-form-urlencoded" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "name", + "value": "Project Manager", + "type": "text" + }, + { + "key": "slug", + "value": "manager", + "type": "text" + }, + { + "key": "description", + "value": "Research project member", + "type": "text" + } + ], + "options": { + "formdata": {} + } + }, + "url": { + "raw": "{{api-base-url}}/admin/role", + "host": [ + "{{api-base-url}}" + ], + "path": [ + "admin", + "role" + ] + } + }, + "response": [] + }, + { + "name": "/admin/quest/{{id}}", + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "" + } + }, + "response": [] + } + ], + "description": "Services for administrate `harena`", + "protocolProfileBehavior": {} + } + ], + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{user-token}}", + "type": "string" + } + ] + }, + "event": [ + { + "listen": "prerequest", + "script": { + "id": "acaa6f27-94d6-45ac-808d-423f35cdb2f3", + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "id": "bf2b717e-9bf0-4a33-b28f-d3b22d76d241", + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ], + "protocolProfileBehavior": {} +} \ No newline at end of file diff --git a/src/adonisjs/app/Controllers/Http/AuthController.js b/src/adonisjs/app/Controllers/Http/AuthController.js index 275af93..e1551f7 100644 --- a/src/adonisjs/app/Controllers/Http/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/AuthController.js @@ -1,47 +1,87 @@ 'use strict' -const Logger = use('Logger') - const User = use('App/Models/v1/User') +const Token = use('App/Models/v1/Token') +const Logger = use('Logger') class AuthController { - async login ({ request, auth, response, session }) { - console.log('v2/session') - Logger.info('login attempt via v2/auth/login (SESSION)') + async checkToken ({ request, auth, response }) { + try { + // console.log('====Checking token...') + await auth.check() + response.json('token valid') + // console.log('====Token valid') + } catch (error) { + // console.log('====Token invalid') + } + } + + async login ({ request, auth, response }) { + // console.log(request.all()) + Logger.info('login attempt via v1/auth/login (JWT)') + + let { email, password, refresh_token } = request.all() + console.log(password) + let user = '' + let token = '' + try { - const { email, password } = request.all() - // if (await auth.remember(true).attempt(email, password)) { - if (await auth.remember(true).attempt(email, password)) { - console.log('------------------------------- attempt') - // console.log(session.all()) - - const user = await User.findBy('email', email) - // let token = await auth.generate(user) - - // let authenticatedUser = new User() - // authenticatedUser.id = user.id - // authenticatedUser.email = user.email - // authenticatedUser.username = user.username - - Object.assign(user, { adonisAuth: session.get('adonis-auth') }) - // return response.json('Logged in successfully') - - // let adonis_session = session.get('adonis-auth') - console.log(session.all()) - // console.log(auth) - return response.json(user) + await auth.check() + return response.json('user is signed already') + } catch (e) { + // token expired + if (e.code == 'E_JWT_TOKEN_EXPIRED') { + token = await auth.generateForRefreshToken(refresh_token) + + Object.entries(token).forEach(entry => { + if (entry[0] == 'refreshToken') { + refresh_token = entry[1] + } + }) + Logger.info('expired token') } + + // unloged user + if (e.code == 'E_INVALID_JWT_TOKEN') { + try { + token = await auth.withRefreshToken().attempt(email, password) + Logger.info('newly generated token') + } catch (e) { + console.log(e) + } + } + + // generic error + if (token == '') { return response.status(e.status).json(e.message) } + + user = await User.findBy('email', email) + Object.assign(user, token) + + return response.json(user) + } + } + + async login2 ({ request, auth, response }) { + try { + const refresh_token = request.input('access_code') + + const token = await auth.generateForRefreshToken(refresh_token) + return response.json(token) } catch (e) { console.log(e) - return response.status(e.status).json({ message: e.message }) + return response.status(500).json(e.message) } } async logout ({ auth, response }) { try { - await auth.logout() + Logger.info('logout attempt via v1/auth/logout (JWT)') + + const refreshToken = auth.getAuthHeader() + // console.log(refreshToken); + await auth.revokeTokens(refreshToken) - return response.json('Logged out successfuly') + return response.json('successfull logout') } catch (e) { console.log(e) return response.status(500).json(e.message) diff --git a/src/adonisjs/app/Controllers/Http/v1/AuthController.js b/src/adonisjs/app/Controllers/Http/v1/AuthController.js index 1ec2d37..195531f 100644 --- a/src/adonisjs/app/Controllers/Http/v1/AuthController.js +++ b/src/adonisjs/app/Controllers/Http/v1/AuthController.js @@ -1,87 +1,59 @@ 'use strict' -const User = use('App/Models/v1/User') -const Token = use('App/Models/v1/Token') const Logger = use('Logger') +const User = use('App/Models/v1/User') + class AuthController { async checkToken ({ request, auth, response }) { try { - console.log('====Checking token...') + // console.log('====Checking token...') await auth.check() response.json('token valid') - console.log('====Token valid') + // console.log('====Token valid') } catch (error) { - console.log('====Token invalid') + // console.log('====Token invalid') } } - async login ({ request, auth, response }) { - // console.log(request.all()) - Logger.info('login attempt via v1/auth/login (JWT)') - - let { email, password, refresh_token } = request.all() - console.log(password) - let user = '' - let token = '' - + async login ({ request, auth, response, session }) { + console.log('v2/session') + Logger.info('login attempt via v2/auth/login (SESSION)') + const { email, password } = request.all() try { - await auth.check() - return response.json('user is signed already') - } catch (e) { - // token expired - if (e.code == 'E_JWT_TOKEN_EXPIRED') { - token = await auth.generateForRefreshToken(refresh_token) + if (await auth.remember(true).attempt(email, password)) { + console.log('------------------------------- attempt') + // console.log(session.all()) - Object.entries(token).forEach(entry => { - if (entry[0] == 'refreshToken') { - refresh_token = entry[1] - } - }) - Logger.info('expired token') - } + const user = await User.findBy('email', email) - // unloged user - if (e.code == 'E_INVALID_JWT_TOKEN') { + console.log(session.all()) + return response.json(user) + } + } catch (e) { + if (e.code === 'E_CANNOT_LOGIN') { try { - token = await auth.withRefreshToken().attempt(email, password) - Logger.info('newly generated token') + console.log('=============== Another was session found, logging out old session') + await auth.logout() + if (await auth.remember(true).attempt(email, password)) { + console.log('=============== login in to current session') + const user = await User.findBy('email', email) + return response.json(user) + } } catch (e) { console.log(e) } } - - // generic error - if (token == '') { return response.status(e.status).json(e.message) } - - user = await User.findBy('email', email) - Object.assign(user, token) - - return response.json(user) - } - } - - async login2 ({ request, auth, response }) { - try { - const refresh_token = request.input('access_code') - - const token = await auth.generateForRefreshToken(refresh_token) - return response.json(token) - } catch (e) { console.log(e) - return response.status(500).json(e.message) + return response.status(e.status).json({ message: e.message }) } } async logout ({ auth, response }) { try { - Logger.info('logout attempt via v1/auth/logout (JWT)') - - const refreshToken = auth.getAuthHeader() - // console.log(refreshToken); - await auth.revokeTokens(refreshToken) + await auth.logout() - return response.json('successfull logout') + return response.json('Logged out successfuly') } catch (e) { console.log(e) return response.status(500).json(e.message) diff --git a/src/adonisjs/app/Controllers/Http/v1/CaseController.js b/src/adonisjs/app/Controllers/Http/v1/CaseController.js index 4201fb9..e370872 100644 --- a/src/adonisjs/app/Controllers/Http/v1/CaseController.js +++ b/src/adonisjs/app/Controllers/Http/v1/CaseController.js @@ -49,6 +49,7 @@ class CaseController { const institution = await Institution.find(c.institution_id) c.institution = institution.acronym + c.institutionTitle = institution.title return response.json(c) } else return response.status(500).json('case not found') @@ -84,7 +85,7 @@ class CaseController { await c.versions().save(cv) await c.users().attach(auth.user.id, (row) => { - row.role = 0 + row.permission = 'delete' }) c.versions = await c.versions().fetch() @@ -165,34 +166,53 @@ class CaseController { } } - async share ({ request, auth, response }) { + + async linkUser ({ request, auth, response }) { + const trx = await Database.beginTransaction() + try { - const logged_user = auth.user.id - const { user_id, case_id } = request.post() + const loggedUser = auth.user.id + const { userId, caseId, permission } = request.post() - if (logged_user == user_id) { + if (permission != 'read' && permission != 'share' && permission != 'write'){ + return response.json('invalid permission') + } + + if (loggedUser == userId) { return response.status(500).json('cannot share a case with herself') } - const user = await User.find(user_id) - - // Check if target user is an author - const sql_return = await Database - .select('slug') - .from('roles') - .where('slug', '=', 'author') - .leftJoin('role_user', 'roles.id', 'role_user.role_id') - .where('role_user.user_id', '=', user_id) - - if (sql_return[0] != undefined) { - await user.cases().attach(case_id, (row) => { - row.role = 1 - }) - return response.json('case successfully shared') - } else { - return response.status(500).json('target user is not an author') + const user = await User.find(userId) + + await user.cases().detach(null, trx) + + if (permission == 'read'){ + if (await user.checkRole('player') || await user.checkRole('author')){ + await user.cases().attach(caseId, (row) => { + row.permission = permission + }, trx) + }else { + return response.status(500).json('target user must be an author or a player to be elegible for such permission') + } + } + + if (permission == 'write' || permission == 'share'){ + // Check if target user is an author + if (await user.checkRole('author')){ + + await user.cases().attach(caseId, (row) => { + row.permission = permission + }, trx) + + } else { + return response.status(500).json('target user must be an author to be elegible for such permission') + } + } + trx.commit() + return response.json('user and case successfully linked') } catch (e) { + trx.rollback() console.log(e) return response.status(e.status).json({ message: e.toString() }) } diff --git a/src/adonisjs/app/Controllers/Http/v1/CategoryController.js b/src/adonisjs/app/Controllers/Http/v1/CategoryController.js new file mode 100644 index 0000000..d39770c --- /dev/null +++ b/src/adonisjs/app/Controllers/Http/v1/CategoryController.js @@ -0,0 +1,99 @@ +'use strict' + +const Database = use('Database') +const uuidv4 = require('uuid/v4') + +const Artifact = use('App/Models/v1/Artifact') +const Env = use('Env') +const Category = use('App/Models/v1/Category') +const Case = use('App/Models/v1/Case') + +class CategoryController { + async store ({ request, response }) { + const trx = await Database.beginTransaction() + try { + + const category = new Category() + category.id = await uuidv4() + + const c = request.all() + c.artifact_id = c.artifact_id ? c.artifact_id : 'default-quest-image' + + category.merge(c) + + await category.save(trx) + + trx.commit() + + return response.json(category) + } catch (e) { + trx.rollback() + console.log(e) + + return response.status(e.status).json({ message: e.message }) + } + } + + + async linkCase ({ request, response }) { + try { + const { categoryId, caseId } = request.post() + + const category = await Category.find(categoryId) + const c = await Case.find(caseId) + + await category.cases().save(c) + + return response.json('category and case successfully linked') + } catch (e) { + console.log(e) + return response.status(500).json(e) + } + } + + async listCases ({ request, response, auth }) { + try { + const user = await auth.user + const categoryId = request.input('categoryId') + const category = await Category.find(categoryId) + const test = await Database + .select('*') + .from('users_cases') + .where('user_id', user.id) + .where('cases.category_id', category.id) + .leftJoin('cases', 'users_cases.case_id', 'cases.id') + + + return response.json(test) + } catch (e) { + console.log(e) + } + } + + async listCategories ({ request, response, auth }) { + try { + const resultCategory = await Category.all() + const baseUrl = Env.getOrFail('APP_URL') + const category = [] + console.log(baseUrl) + + for (var i = 0; i < resultCategory.rows.length; i++) { + const categoryJSON = {} + categoryJSON.id = resultCategory.rows[i].id + categoryJSON.title = resultCategory.rows[i].title + categoryJSON.template = resultCategory.rows[i].template + + const artifact = await Artifact.find(resultCategory.rows[i].artifact_id) + console.log(artifact) + categoryJSON.url = baseUrl + artifact.relative_path + + category.push(categoryJSON) + } + return response.json(category) + } catch (e) { + console.log(e) + return response.status(500).json({ message: e.message }) + } + } +} +module.exports = CategoryController diff --git a/src/adonisjs/app/Controllers/Http/v1/QuestController.js b/src/adonisjs/app/Controllers/Http/v1/QuestController.js index d29e70f..101efd1 100644 --- a/src/adonisjs/app/Controllers/Http/v1/QuestController.js +++ b/src/adonisjs/app/Controllers/Http/v1/QuestController.js @@ -61,6 +61,8 @@ class QuestController { return response.status(e.status).json({ message: e.message }) } } + + async update ({ params, request, response }) { try { @@ -80,6 +82,7 @@ class QuestController { } } + async destroy ({ params, response }) { const trx = await Database.beginTransaction() try { @@ -128,64 +131,79 @@ class QuestController { } } + async linkUser ({ request, response }) { + const trx = await Database.beginTransaction() + try { - const { userId, questId, roleSlug } = request.post() + const { userId, questId, permission } = request.post() + + if (permission != 'read' && permission != 'share' && permission != 'write'){ + return response.json('invalid permission') + } + const user = await User.find(userId) const quest = await Quest.find(questId) - const role = await Role.findBy('slug', roleSlug) - - if (role == null) { return response.status(500).json('Invalid roleSlug') } - if (await user.checkRole(role.slug)) { - await user.quests().attach([quest.id], (row) => { - console.log('--------------------- await promisse OK') + await user.quests().detach(null, trx) - if (role.slug == 'author') { - row.role = 1 - } - if (role.slug == 'player') { - row.role = 2 - } - console.log('--------------------- promisse EXECUTED') - }) + if (permission == 'read'){ + if (await user.checkRole('player') || await user.checkRole('author')){ + await user.quests().attach([quest.id], (row) => { + row.permission = permission + }, trx) + }else { + trx.rollback() + return response.status(500).json('target user must be an author or a player to be elegible for such permission') + } + } - console.log(3) - return response.json(role.slug + ' ' + user.username + ' was added to the quest ' + quest.title) - } else { - console.log(e) - return response.status(500).json('target user must have ' + role.slug + ' role') + if (permission == 'write' || permission == 'share'){ + if (await user.checkRole('author')){ + await user.quests().attach([quest.id], (row) => { + row.permission = permission + }, trx) + } else { + trx.rollback() + return response.status(500).json('target user must be an author to be elegible for such permission') + } } + + trx.commit() + return response.json('user and quest successfully linked') } catch (e) { + trx.rollback() console.log(e) return response.status(500).json(e) } } - async linkCase ({ request, response }) { + async linkCase ({ request, response, auth }) { try { + const loggedUser = auth.user const { questId, caseId, orderPosition } = request.post() - // let c = await Case.find(case_id) - const quest = await Quest.find(questId) + if (await loggedUser.checkCasePermission(caseId, 'share')){ + + const quest = await Quest.find(questId) - await quest.cases().attach(caseId, (row) => { - row.order_position = orderPosition - }) + await quest.cases().attach(caseId, (row) => { + row.order_position = orderPosition + }) - quest.cases = await quest.cases().fetch() + quest.cases = await quest.cases().fetch() - return response.json(quest) + return response.json(quest) + } else{ + return response.status(500).json('you dont have permission to add such case for quests') + } } catch (e) { console.log(e) - if (e.code === 'ER_DUP_ENTRY') { - return response.status(409).json({ message: e.message }) - } - return response.status(500).json(e) } } + async listUsers ({ request, response }) { try { const questId = request.input('questId') @@ -199,10 +217,10 @@ class QuestController { } } + async listCases ({ request, response }) { try { const questId = request.input('questId') - const quest = await Quest.find(questId) return response.json(await quest.cases().fetch()) diff --git a/src/adonisjs/app/Controllers/Http/v1/UserController.js b/src/adonisjs/app/Controllers/Http/v1/UserController.js index 7bc8bd0..7b31e17 100644 --- a/src/adonisjs/app/Controllers/Http/v1/UserController.js +++ b/src/adonisjs/app/Controllers/Http/v1/UserController.js @@ -185,7 +185,7 @@ class UserController { .select('*') .from('quests_users') .where('user_id', user.id) - .whereIn('role', [0, 1]) + .whereIn('permission', ['write', 'share', 'delete']) .leftJoin('quests', 'quests_users.quest_id', 'quests.id') const base_url = Env.getOrFail('APP_URL') @@ -219,7 +219,7 @@ class UserController { .select('*') .from('quests_users') .where('user_id', user.id) - .where('role', 2) + .where('permission', 'read') .leftJoin('quests', 'quests_users.quest_id', 'quests.id') const base_url = Env.getOrFail('APP_URL') diff --git a/src/adonisjs/app/Middleware/CheckCasePermission.js b/src/adonisjs/app/Middleware/CheckCasePermission.js new file mode 100644 index 0000000..feb6ae5 --- /dev/null +++ b/src/adonisjs/app/Middleware/CheckCasePermission.js @@ -0,0 +1,77 @@ +'use strict' +/** @typedef {import('@adonisjs/framework/src/Request')} Request */ +/** @typedef {import('@adonisjs/framework/src/Response')} Response */ +/** @typedef {import('@adonisjs/framework/src/View')} View */ + +const Database = use('Database') + +class CheckPermissionForGivenCase { + /** + * @param {object} ctx + * @param {Request} ctx.request + * @param {Function} next + */ + async handle ({ params, request, response, auth }, next, properties) { + try { + const loggedUserId = auth.user.id + let sqlQuery = '' + let caseId = '' + + let queryResult + + if (Object.keys(params).length === 0) { + caseId = request.input('caseId') + } else { + caseId = params.id + } + + if (properties[0] == 'read') { + queryResult = await Database + .from('users_cases') + .where('users_cases.user_id', loggedUserId) + .where('users_cases.case_id', caseId) + .whereIn('users_cases.permission', ['read', 'share', 'write', 'delete']) + .count() + } + + if (properties[0] == 'share') { + queryResult = await Database + .from('users_cases') + .where('users_cases.user_id', loggedUserId) + .where('users_cases.case_id', caseId) + .whereIn('users_cases.permission', ['share', 'write', 'delete']) + .count() + } + + if (properties[0] == 'write') { + queryResult = await Database + .from('users_cases') + .where('users_cases.user_id', loggedUserId) + .where('users_cases.case_id', caseId) + .whereIn('users_cases.permission', ['write', 'delete']) + .count() + } + + if (properties[0] == 'delete') { + queryResult = await Database + .from('users_cases') + .where('users_cases.user_id', loggedUserId) + .where('users_cases.case_id', caseId) + .whereIn('users_cases.permission', ['delete']) + .count() + } + + if (queryResult[0]['count(*)'] === 0) { + return response.status(500).json('you dont have permission to ' + properties[0] + ' such case') + } else { + await next() + } + + } catch (e) { + console.log(e) + return response.status(500).json(e) + } + } +} + +module.exports = CheckPermissionForGivenCase diff --git a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js b/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js deleted file mode 100644 index c3ab141..0000000 --- a/src/adonisjs/app/Middleware/CheckPermissionForGivenCase.js +++ /dev/null @@ -1,55 +0,0 @@ -'use strict' -/** @typedef {import('@adonisjs/framework/src/Request')} Request */ -/** @typedef {import('@adonisjs/framework/src/Response')} Response */ -/** @typedef {import('@adonisjs/framework/src/View')} View */ - -const Database = use('Database') - -class CheckPermissionForGivenCase { - /** - * @param {object} ctx - * @param {Request} ctx.request - * @param {Function} next - */ - async handle ({ params, request, response, auth }, next, properties) { - try { - const logged_user = auth.user.id - let sqlQuery = '' - let case_id = '' - - if (Object.keys(params).length === 0) { - case_id = request.input('case_id') - } else { - case_id = params.id - } - - // verify if the loged user is owner of the case - if (properties[0] == 'author') { - sqlQuery = 'select uc.user_id from users u ' + - 'left join users_cases uc on u.id = uc.user_id ' + - 'where uc.user_id = ? and uc.case_id = ? and uc.role = 0' - const author = await Database.raw(sqlQuery, [logged_user, case_id]) - - if (author != null) { await next() } else return response.status(500).json('you are not owner of this case') - } - - if (properties[0] == 'contributor') { - const logged_user = auth.user.id - - // verify if the loged user is a contributor of the given case - sqlQuery = 'select uc.user_id from users u ' + - 'left join users_cases uc on u.id = uc.user_id ' + - 'where uc.user_id = ? and uc.case_id = ? and (uc.role = 1 or uc.role = 0)' - const contributor = await Database.raw(sqlQuery, [logged_user, case_id]) - - if (contributor != null) { await next() } else return response.status(500).json('you are not contributor of this case') - } - } catch (e) { - console.log('quebrou') - console.log(e) - return response.status(500).json(e) - } - } -} - -module.exports = CheckPermissionForGivenCase diff --git a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js b/src/adonisjs/app/Middleware/CheckQuestPermission.js similarity index 63% rename from src/adonisjs/app/Middleware/CheckUserQuestPermission.js rename to src/adonisjs/app/Middleware/CheckQuestPermission.js index c6610b8..d79d3b1 100644 --- a/src/adonisjs/app/Middleware/CheckUserQuestPermission.js +++ b/src/adonisjs/app/Middleware/CheckQuestPermission.js @@ -21,34 +21,45 @@ class CheckUserQuestPermission { let query_result - if (properties[0] == null) { + if (properties[0] == 'read') { query_result = await Database .from('quests_users') .where('quests_users.user_id', userId) .where('quests_users.quest_id', questId) + .whereIn('quests_users.permission', ['read', 'share', 'write', 'delete']) .count() } - if (properties[0] == 'contributor') { + if (properties[0] == 'share') { query_result = await Database .from('quests_users') .where('quests_users.user_id', userId) .where('quests_users.quest_id', questId) - .whereIn('quests_users.role', [0, 1]) + .whereIn('quests_users.permission', ['share', 'write', 'delete']) .count() } - if (properties[0] == 'player') { + if (properties[0] == 'write') { query_result = await Database .from('quests_users') .where('quests_users.user_id', userId) .where('quests_users.quest_id', questId) - .whereIn('quests_users.role', [2]) + .whereIn('quests_users.permission', ['write', 'delete']) .count() } - if (query_result[0]['count(*)'] === 0) { return response.status(500).json('user dont have ' + properties[0] + ' permissions for such quest or quest id is incorrect') } else { - // Logger.info('check user\'s quest permission - OK') + if (properties[0] == 'delete') { + query_result = await Database + .from('quests_users') + .where('quests_users.user_id', userId) + .where('quests_users.quest_id', questId) + .whereIn('quests_users.permission', ['delete']) + .count() + } + + if (query_result[0]['count(*)'] === 0) { + return response.status(500).json('you dont have permission for such operation with the given quest') + } else { await next() } } catch (e) { diff --git a/src/adonisjs/app/Models/v1/Case.js b/src/adonisjs/app/Models/v1/Case.js index 43eab1b..f55276f 100644 --- a/src/adonisjs/app/Models/v1/Case.js +++ b/src/adonisjs/app/Models/v1/Case.js @@ -19,7 +19,7 @@ class Case extends Model { users () { return this.belongsToMany('App/Models/v1/User') .pivotTable('users_cases') - .withPivot(['role']) + .withPivot(['permission']) .withTimestamps() } diff --git a/src/adonisjs/app/Models/v1/Category.js b/src/adonisjs/app/Models/v1/Category.js new file mode 100644 index 0000000..83f2701 --- /dev/null +++ b/src/adonisjs/app/Models/v1/Category.js @@ -0,0 +1,20 @@ +'use strict' + +/** @type {typeof import('@adonisjs/lucid/src/Lucid/Model')} */ +const Model = use('Model') + +class Category extends Model { + static get incrementing () { + return false + } + + cases () { + return this.hasMany('App/Models/v1/Case') + } + + artifact () { + return this.belongsTo('App/Models/v1/Artifact') + } +} + +module.exports = Category diff --git a/src/adonisjs/app/Models/v1/Quest.js b/src/adonisjs/app/Models/v1/Quest.js index 1e0a87d..1db26cd 100644 --- a/src/adonisjs/app/Models/v1/Quest.js +++ b/src/adonisjs/app/Models/v1/Quest.js @@ -13,7 +13,7 @@ class Quest extends Model { users () { return this.belongsToMany('App/Models/v1/User') .pivotTable('quests_users') - .withPivot(['role']) + .withPivot(['permission']) .withTimestamps() } diff --git a/src/adonisjs/app/Models/v1/User.js b/src/adonisjs/app/Models/v1/User.js index a847da6..59c6afb 100644 --- a/src/adonisjs/app/Models/v1/User.js +++ b/src/adonisjs/app/Models/v1/User.js @@ -15,7 +15,7 @@ class User extends Model { cases () { return this.belongsToMany('App/Models/v1/Case') .pivotTable('users_cases') - .withPivot(['role']) + .withPivot(['permission']) .withTimestamps() } @@ -23,7 +23,7 @@ class User extends Model { return this .belongsToMany('App/Models/v1/Quest') .pivotTable('quests_users') - .withPivot(['role']) + .withPivot(['permission']) .withTimestamps() } @@ -49,6 +49,7 @@ class User extends Model { return ['password'] } + async checkRole (role) { const query_result = await Database .from('roles') @@ -57,9 +58,25 @@ class User extends Model { .where('role_user.user_id', this.id) .count() - if (query_result[0]['count(*)'] === 0) { return 0 } else { return 1 } + if (query_result[0]['count(*)'] === 0) { return false } else { return true } + } + + + async checkCasePermission(caseId, permission) { + let queryResult + if (permission == 'share'){ + queryResult = await Database + .from('users_cases') + .where('users_cases.user_id', this.id) + .where('users_cases.case_id', caseId) + .whereIn('users_cases.permission', ['share', 'write', 'delete']) + .count() + } + + if (queryResult[0]['count(*)'] === 0) { return false } else { return true } } + static boot () { super.boot() diff --git a/src/adonisjs/config/auth.js b/src/adonisjs/config/auth.js index 0ad4dd9..bd9f0b1 100644 --- a/src/adonisjs/config/auth.js +++ b/src/adonisjs/config/auth.js @@ -16,7 +16,7 @@ module.exports = { | Available Serializers - lucid, database | */ - authenticator: 'jwt', + authenticator: 'session', /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/config/cors.js b/src/adonisjs/config/cors.js index ce5c8da..724f457 100644 --- a/src/adonisjs/config/cors.js +++ b/src/adonisjs/config/cors.js @@ -14,9 +14,9 @@ module.exports = { | Array - An array of allowed origins | String: * - A wildcard to allow current request origin | Function - Receives the current origin and should return one of the above values. - | + |http://localhost:10010, http://localhost:10020 */ - origin: '*', + origin: true, /* |-------------------------------------------------------------------------- diff --git a/src/adonisjs/config/session.js b/src/adonisjs/config/session.js index d3ec27c..9957580 100644 --- a/src/adonisjs/config/session.js +++ b/src/adonisjs/config/session.js @@ -65,7 +65,7 @@ module.exports = { */ cookie: { httpOnly: true, - sameSite: false, + sameSite: true, path: '/' // domain: 'harena.com' // domain: Env.get('COOKIE_DOMAIN', null) diff --git a/src/adonisjs/database/migrations/1601429350735_users_cases_update_add_permission_schema.js b/src/adonisjs/database/migrations/1601429350735_users_cases_update_add_permission_schema.js new file mode 100644 index 0000000..f05f468 --- /dev/null +++ b/src/adonisjs/database/migrations/1601429350735_users_cases_update_add_permission_schema.js @@ -0,0 +1,23 @@ +'use strict' + +/** @type {import('@adonisjs/lucid/src/Schema')} */ +const Schema = use('Schema') + +class UsersCasesUpdateAddPermissionSchema extends Schema { + up () { + this.table('users_cases', (table) => { + // alter table + table.dropColumn('role') + table.string('permission') + }) + } + + down () { + this.table('users_cases', (table) => { + table.integer('role') + table.dropColumn('permission') + }) + } +} + +module.exports = UsersCasesUpdateAddPermissionSchema diff --git a/src/adonisjs/database/migrations/1601430054988_quests_users_cases_update_add_permission_schema.js b/src/adonisjs/database/migrations/1601430054988_quests_users_cases_update_add_permission_schema.js new file mode 100644 index 0000000..8d0c5ec --- /dev/null +++ b/src/adonisjs/database/migrations/1601430054988_quests_users_cases_update_add_permission_schema.js @@ -0,0 +1,24 @@ +'use strict' + +/** @type {import('@adonisjs/lucid/src/Schema')} */ +const Schema = use('Schema') + +class QuestsUsersCasesUpdateAddPermissionSchema extends Schema { + up () { + this.table('quests_users', (table) => { + // alter table + table.dropColumn('role') + table.string('permission') + }) + } + + down () { + this.table('quests_users', (table) => { + // reverse alternations + table.integer('role') + table.dropColumn('permission') + }) + } +} + +module.exports = QuestsUsersCasesUpdateAddPermissionSchema diff --git a/src/adonisjs/database/migrations/1601607060784_category_schema.js b/src/adonisjs/database/migrations/1601607060784_category_schema.js new file mode 100644 index 0000000..c51d932 --- /dev/null +++ b/src/adonisjs/database/migrations/1601607060784_category_schema.js @@ -0,0 +1,27 @@ +'use strict' + +/** @type {import('@adonisjs/lucid/src/Schema')} */ +const Schema = use('Schema') + +class CategorySchema extends Schema { + up () { + this.dropIfExists('categories') + + this.create('categories', (table) => { + table.uuid('id') + table.primary('id') + + table.string('title', 255) + table.string('template', 255) + + table.uuid('artifact_id').references('id').inTable('artifacts').index('artifact_id') + table.timestamps() + }) + } + + down () { + this.drop('categories') + } +} + +module.exports = CategorySchema diff --git a/src/adonisjs/database/migrations/1601607571711_case_update_add_category_relationship_schema.js b/src/adonisjs/database/migrations/1601607571711_case_update_add_category_relationship_schema.js new file mode 100644 index 0000000..7efac3c --- /dev/null +++ b/src/adonisjs/database/migrations/1601607571711_case_update_add_category_relationship_schema.js @@ -0,0 +1,24 @@ +'use strict' + +/** @type {import('@adonisjs/lucid/src/Schema')} */ +const Schema = use('Schema') + +class CaseUpdateAddCategoryRelationshipSchema extends Schema { + up () { + this.table('cases', (table) => { + // alter table + table.uuid('category_id').references('id').inTable('categories').index('category_id') + + }) + } + + down () { + this.table('cases', (table) => { + // reverse alternations + table.dropForeign('category_id') + table.dropColumn('category_id') + }) + } +} + +module.exports = CaseUpdateAddCategoryRelationshipSchema diff --git a/src/adonisjs/database/seeds/InitialSeeder.js b/src/adonisjs/database/seeds/InitialSeeder.js index c96c682..7792349 100644 --- a/src/adonisjs/database/seeds/InitialSeeder.js +++ b/src/adonisjs/database/seeds/InitialSeeder.js @@ -18,6 +18,7 @@ const Property = use('App/Models/Property') const CaseArtifacts = use('App/Models/CaseArtifact') const CaseVersion = use('App/Models/v1/CaseVersion') const Case = use('App/Models/v1/Case') +const Category = use('App/Models/v1/Category') const User = use('App/Models/v1/User') const Quest = use('App/Models/v1/Quest') const Artifact = use('App/Models/v1/Artifact') @@ -40,112 +41,26 @@ class UserSeeder { const jacinto = await User.findBy('username', 'jacinto') if (jacinto == null) { - - const institution = await this.seed_institution(trx) + const user = await this.seed_default_users(trx) - const c = await this.seed_default_case(trx) + const institution = await this.seed_institution(user, trx) + + const c = await this.seed_default_case(institution, trx) + + await this.seed_artifact(user, c, trx) + await this.seedCategories(user, trx) - const artifact = await this.seed_artifact(c, trx) - await user.artifacts().save(artifact, trx) - await user.institution().associate(institution, trx) await user.save(trx) await c.users().attach([user.id], (row) => { - const AUTHOR = 0 - row.role = AUTHOR + row.permission = 'delete' }, trx) const roles = await this.seed_roles(trx) - const quest = new Quest() - quest.id = 'default-quest' - quest.title = 'default-quest' - quest.color = '#505050' - - // let artifactQuestId = await uuidv4() - const artifactDefaultId = 'default-quest-image' - - const fileName = artifactDefaultId + '.png' - const questRelativePath = ARTIFACTS_DIR - - const artifactDefault = new Artifact() - artifactDefault.id = artifactDefaultId - artifactDefault.relative_path = questRelativePath + fileName - - const fsPath = Helpers.publicPath('/resources/artifacts/') - - await Drive.copy(Helpers.resourcesPath('imgs/default-quest.png'), fsPath + fileName) - - await quest.artifact().associate(artifactDefault, trx) - - await user.artifacts().save(artifactDefault, trx) - - await quest.save(trx) - - // Adding default quests information - const quests = [ - { - id: 'quiz-da-emergencia', - title: 'Quiz da Emergência', - color: '#e64e31', - artifactId: 'quiz-da-emergencia', - url: 'imgs/quiz-emergencia.png' - - }, - { - id: 'desafio-de-eletrocardiograma', - title: 'Desafio de Eletrocardiograma', - color: '#ae9e00', - artifactId: 'desafio-de-eletrocardiograma', - url: 'imgs/desafio-eletro.png' - }, - { - id: 'desafio-radiologico', - title: 'Desafio Radiológico', - color: '#348f00', - artifactId: 'desafio-radiologico', - url: 'imgs/desafio-radio.png' - }, - { - id: 'visita-virtual', - title: 'Visita Virtual', - color: '#245797', - artifactId: 'visita-virtual', - url: 'imgs/visita-virtual.png' - }, - { - id: 'decisoes-extremas', - title: 'Decisões Extremas', - color: '#a34fa3', - artifactId: 'decisoes-extremas', - url: 'imgs/decisoes-extremas.png' - } - ] - - // Adding default quests in DB - - for (var q in quests) { - const _quest = new Quest() - _quest.id = quests[q].id - _quest.title = quests[q].title - _quest.color = quests[q].color - const _artifactDefault = new Artifact() - let _artifactDefaultId = quests[q].artifactId - - _artifactDefaultId = quests[q].id - const _fileName = _artifactDefaultId + '.png' - _artifactDefault.id = _artifactDefaultId - _artifactDefault.relative_path = questRelativePath + _fileName - - await Drive.copy(Helpers.resourcesPath(quests[q].url), fsPath + _fileName) - await _quest.artifact().associate(_artifactDefault, trx) - await user.artifacts().save(_artifactDefault, trx) - await _quest.save(trx) - await user.quests().attach([_quest.id], (row) => { - row.role = 0 - }, trx) - } + const quest = await this.seedQuest(user, trx) + await trx.commit() trx = await Database.beginTransaction() @@ -156,14 +71,6 @@ class UserSeeder { row.order_position = 0 }, trx) - await user.quests().attach(['default-quest'], (row) => { - row.role = 0 - }, trx) - - // await user.quests().attach([quest.id], (row) => { - // row.role = 2 - // }, trx) - await trx.commit() } else { console.log('Database is already populated') @@ -177,9 +84,8 @@ class UserSeeder { } } - async seed_institution(trx) { + async seed_institution(user, trx) { try { - const institution = new Institution() institution.id = await uuidv4() institution.acronym = 'uni' @@ -198,13 +104,14 @@ class UserSeeder { institution3.title = 'Universidade do Minho' institution3.country = 'PT' - institution.save(trx) + // institution.save(trx) institution2.save(trx) institution3.save(trx) + await user.institution().associate(institution, trx) return institution } catch (e) { - + console.log(e) } } @@ -224,7 +131,7 @@ class UserSeeder { } } - async seed_default_case (trx) { + async seed_default_case (institution, trx) { try { const c = new Case() c.title = 'default-case' @@ -241,6 +148,7 @@ class UserSeeder { cv.id = await uuidv4() await c.versions().save(cv, trx) + await c.institution().associate(institution, trx) return c } catch (e) { @@ -248,7 +156,7 @@ class UserSeeder { } } - async seed_artifact (c, trx) { + async seed_artifact (user, c, trx) { try { const artifact_id = await uuidv4() const fileName = artifact_id + '.png' @@ -267,18 +175,8 @@ class UserSeeder { ca.case_id = c.id await ca.artifact().associate(artifact, trx) + await user.artifacts().save(artifact, trx) - // let property = new Property() - // property.id = await uuidv4() - // property.title = 'shape' - - // await property.save(trx) - - // await artifact.properties().attach([property.id], (row) => { - // row.value = 'square' - // }, trx) - - return artifact } catch (e) { console.log(e) } @@ -297,6 +195,83 @@ class UserSeeder { return roles } + + async seedQuest(user, trx){ + const quest = new Quest() + quest.id = 'default-quest' + quest.title = 'default-quest' + quest.color = '#505050' + + const artifactId = 'default-quest-image' + + const fileName = artifactId + '.png' + + const artifact = new Artifact() + artifact.id = artifactId + artifact.relative_path = ARTIFACTS_DIR + 'quests/' + quest.id + '/' + fileName + + const fsPath = Helpers.publicPath('/resources/artifacts/quests/') + quest.id + '/' + + await Drive.copy(Helpers.resourcesPath('imgs/default-quest.png'), fsPath + fileName) + + await quest.artifact().associate(artifact, trx) + await user.artifacts().save(artifact, trx) + await quest.save(trx) + await user.quests().attach([quest.id], (row) => { + row.permission = 'delete' + }, trx) + + return quest + } + + async seedCategories(user, trx){ + const categories = [ + { id: 'quiz-da-emergencia', + title: 'Quiz da Emergência', + template: 'quiz-da-emergencia', + artifactId: 'quiz-da-emergencia-image', + url: 'imgs/quiz-emergencia.png' }, + { id: 'desafio-de-eletrocardiograma', + title: 'Desafio de Eletrocardiograma', + template: 'desafio-de-eletrocardiograma', + artifactId: 'desafio-de-eletrocardiograma-image', + url: 'imgs/desafio-eletro.png' }, + { id: 'desafio-radiologico', + title: 'Desafio Radiológico', + template: 'desafio-radiologico', + artifactId: 'desafio-radiologico-image', + url: 'imgs/desafio-radio.png' }, + { id: 'visita-virtual', + title: 'Visita Virtual', + template: 'visita-virtual', + artifactId: 'visita-virtual-image', + url: 'imgs/visita-virtual.png' }, + { id: 'decisoes-extremas', + title: 'Decisões Extremas', + template: 'decisoes-extremas', + artifactId: 'decisoes-extremas-image', + url: 'imgs/decisoes-extremas.png' } + ] + + for (var c of categories) { + const category = new Category() + category.id = c.id + category.title = c.title + category.template = c.template + + const fileName = c.artifactId + '.png' + + const artifact = new Artifact() + artifact.id = c.artifactId + artifact.relative_path = ARTIFACTS_DIR + 'categories/' + c.id + '/' + fileName + + const fsPath = Helpers.publicPath('/resources/artifacts/categories/') + c.id + '/' + await Drive.copy(Helpers.resourcesPath(c.url), fsPath + fileName) + await category.artifact().associate(artifact, trx) + await user.artifacts().save(artifact, trx) + await category.save(trx) + } + } } module.exports = UserSeeder diff --git a/src/adonisjs/start/kernel.js b/src/adonisjs/start/kernel.js index a02beb4..c3f0ee3 100644 --- a/src/adonisjs/start/kernel.js +++ b/src/adonisjs/start/kernel.js @@ -43,8 +43,8 @@ const namedMiddleware = { guest: 'Adonis/Middleware/AllowGuestOnly', is: 'Adonis/Acl/Is', can: 'Adonis/Acl/Can', - check_permission: 'App/Middleware/CheckPermissionForGivenCase', - quest_permission: 'App/Middleware/CheckUserQuestPermission' + case_permission: 'App/Middleware/CheckCasePermission', + quest_permission: 'App/Middleware/CheckQuestPermission' } /* diff --git a/src/adonisjs/start/routes.js b/src/adonisjs/start/routes.js index 8fbc089..e11eb64 100644 --- a/src/adonisjs/start/routes.js +++ b/src/adonisjs/start/routes.js @@ -63,11 +63,11 @@ Route.group(() => { |---------------------------------------------------------------------------------------------- */ Route.group(() => { - Route.get( ':id', 'v1/CaseController.show') - Route.post( '', 'v1/CaseController.store') - Route.put( ':id', 'v1/CaseController.update').middleware(['check_permission:contributor']) - Route.post( 'share', 'v1/CaseController.share').middleware(['check_permission:author']) - Route.delete(':id', 'v1/CaseController.destroy').middleware(['check_permission:author']) + Route.get( ':id', 'v1/CaseController.show').middleware(['case_permission:read']) + Route.post( '', 'v1/CaseController.store') + Route.put( ':id', 'v1/CaseController.update').middleware(['case_permission:write']) + Route.post( 'link/user', 'v1/CaseController.linkUser').middleware(['case_permission:share']) + Route.delete(':id', 'v1/CaseController.destroy').middleware(['case_permission:delete']) }).prefix('/api/v1/case').middleware(['auth', 'is:author']) @@ -90,7 +90,7 @@ Route.group(() => { */ Route.group(() => { Route.get('quests', 'v1/UserController.listContributingQuests').middleware('auth') - Route.get('quest/cases', 'v1/QuestController.listCases').middleware('auth', 'quest_permission:contributor') + Route.get('quest/cases', 'v1/QuestController.listCases').middleware('auth', 'quest_permission:read') }).prefix('/api/v1/author').middleware('auth', 'is:author') @@ -102,7 +102,7 @@ Route.group(() => { */ Route.group(() => { Route.get('quests', 'v1/UserController.listPlayingQuests').middleware('auth') - Route.get('quest/cases', 'v1/QuestController.listCases').middleware('auth', 'quest_permission:player') + Route.get('quest/cases', 'v1/QuestController.listCases').middleware('auth', 'quest_permission:read') }).prefix('/api/v1/player').middleware('auth', 'is:player') @@ -113,15 +113,29 @@ Route.group(() => { |---------------------------------------------------------------------------------------------- */ Route.group(() => { - Route.get( 'users', 'v1/QuestController.listUsers').middleware('quest_permission:contributor') + Route.get( 'users', 'v1/QuestController.listUsers').middleware('quest_permission:delete') - Route.post( '', 'v1/QuestController.store') + Route.post( '', 'v1/QuestController.store') - Route.post( 'link/user', 'v1/QuestController.linkUser').middleware('quest_permission:contributor') - Route.post( 'link/case', 'v1/QuestController.linkCase').middleware('quest_permission:contributor') + Route.post( 'link/user', 'v1/QuestController.linkUser').middleware('quest_permission:share') + Route.post( 'link/case', 'v1/QuestController.linkCase').middleware('quest_permission:write') }).prefix('/api/v1/quest').middleware('auth', 'is:author') +/* +|---------------------------------------------------------------------------------------------- +| api: v1 +| resource: /category +|---------------------------------------------------------------------------------------------- +*/ +Route.group(() => { + Route.post( '', 'v1/CategoryController.store') + Route.post( 'link/case', 'v1/CategoryController.linkCase') + Route.get( 'list', 'v1/CategoryController.listCategories') + Route.get( 'cases', 'v1/CategoryController.listCases') + +}).prefix('/api/v1/category').middleware('auth', 'is:author') + /* |---------------------------------------------------------------------------------------------- | api: v1