Rename plots into widgets

Add owner validation

Rename plots into widgets
394af567 · Markus Grigull · 4c0aee74 · 394af567 · 394af567 · 394af567
Commit 394af567 authored 8 years ago by Markus Grigull
--- a/auth.js
+++ b/auth.js
@@ -35,6 +35,11 @@ module.exports = {
  validateRole: function(resource, action) {
    return function(req, res, next) {
      // get user role
+      if (!req.decoded) {
+        // no logged in user
+        return res.status(403).send({ success: false, message: 'Authentication missing' });
+      }
+
      var role = roles[req.decoded._doc.role];
      if (role.resource[resource].indexOf(action) > -1) {
        // item found in list
@@ -43,6 +48,22 @@ module.exports = {
        // item not found
        return res.status(403).send({ success: false, message: 'Action not permitted' });
      }
-    }
+    };
+  },
+
+  validateOwner: function(model) {
+    return function(req, res, next) {
+      // get owner id from request
+      var owner = req.body[model].owner;
+      var userId = req.decoded._doc._id;
+
+      if (owner === userId) {
+        // owner is logged in user
+        next();
+      } else {
+        // owner is not user
+        return res.status(403).send({ success: false, message: 'User is not owner' });
+      }
+    };
  }
 }
--- a/models/visualization.js
+++ b/models/visualization.js
@@ -10,7 +10,7 @@
 // include
 var mongoose = require('mongoose');

-var Plot = require('./plot');
+var Widget = require('./widget');

 var Schema = mongoose.Schema;

@@ -18,20 +18,20 @@ var Schema = mongoose.Schema;
 var visualizationSchema = new Schema({
  name: { type: String, required: true },
  project: { type: Schema.Types.ObjectId, ref: 'Project', required: true },
-  plots: [{ type: Schema.Types.ObjectId, ref: 'Plot' }],
+  widgets: [{ type: Schema.Types.ObjectId, ref: 'Widget' }],
  rows: { type: Number, default: 1 }
 });

 // execute before the visualization is deleted
 visualizationSchema.pre('remove', function(callback) {
-  // delete all plots belonging to this visualization
-  this.plots.forEach(function(id) {
-    Plot.findOne({ _id: id }, function(err, plot) {
+  // delete all widgets belonging to this visualization
+  this.widgets.forEach(function(id) {
+    Widget.findOne({ _id: id }, function(err, widget) {
      if (err) {
        return console.log(err);
      }

-      plot.remove(function(err) {
+      widget.remove(function(err) {
        if (err) {
          return console.log(err);
        }

--- a/models/plot.js
+++ b/models/plot.js
 /**
- * File: plot.js
+ * File: widget.js
 * Author: Markus Grigull <mgrigull@eonerc.rwth-aachen.de>
 * Date: 28.06.2016
 * Copyright: 2016, Institute for Automation of Complex Power Systems, EONERC
@@ -12,8 +12,8 @@ var mongoose = require('mongoose');

 var Schema = mongoose.Schema;

-// plot model
-var plotSchema = new Schema({
+// widget model
+var widgetSchema = new Schema({
  name: { type: String, required: true },
  signal: { type: String, required: true },
  simulator: { type: Number, required: true },
@@ -26,4 +26,4 @@ var plotSchema = new Schema({
  visualization: { type: Schema.Types.ObjectId, ref: 'Visualization' }
 });

-module.exports = mongoose.model('Plot', plotSchema);
+module.exports = mongoose.model('Widget', widgetSchema);
--- a/roles.js
+++ b/roles.js
@@ -9,7 +9,6 @@

 module.exports = {
  admin: {
-    id: 'admin',
    name: 'Admin',
    description: '',
    resource: {
@@ -22,7 +21,6 @@ module.exports = {
    }
  },
  user: {
-    id: 'user',
    name: 'User',
    description: '',
    resource: {
@@ -31,7 +29,6 @@ module.exports = {
    }
  },
  guest: {
-    id: 'guest',
    name: 'Guest',
    description: '',
    resource: {

--- a/routes/simulationModels.js
+++ b/routes/simulationModels.js
@@ -24,7 +24,7 @@ router.use('/simulationModels', auth.validateToken);

 // routes
 router.get('/simulationModels', auth.validateRole('simulationModel', 'read'), function(req, res) {
-  // get all models
+  // get all user simulations
  SimulationModel.find(function(err, models) {
    if (err) {
      return res.status(400).send(err);

--- a/routes/simulations.js
+++ b/routes/simulations.js
@@ -24,8 +24,10 @@ router.use('/simulations', auth.validateToken);

 // routes
 router.get('/simulations', auth.validateRole('simulation', 'read'), function(req, res) {
-  // get all simulations
-  Simulation.find(function(err, simulations) {
+  // get all user simulations
+  var userId = req.decoded._doc._id;
+
+  Simulation.find({ owner: userId }, function(err, simulations) {
    if (err) {
      return res.send(err);
    }
@@ -34,7 +36,7 @@ router.get('/simulations', auth.validateRole('simulation', 'read'), function(req
  });
 });

-router.post('/simulations', auth.validateRole('simulation', 'create'), function(req, res) {
+router.post('/simulations', auth.validateRole('simulation', 'create'), auth.validateOwner('simulation'), function(req, res) {
  // create new simulation
  var simulation = new Simulation(req.body.simulation);

@@ -70,6 +72,11 @@ router.put('/simulations/:id', auth.validateRole('simulation', 'update'), functi
      return res.status(400).send(err);
    }

+    // validate owner
+    if (simulation.owner != req.decoded._doc._id) {
+      return res.status(403).send({ success: false, message: 'User is not owner' });
+    }
+
    // update relationships
    if (req.body.simulation.owner && req.body.simulation.owner !== simulation.owner) {
      // remove from old user
@@ -129,7 +136,12 @@ router.get('/simulations/:id', auth.validateRole('simulation', 'read'), function
      return res.send(err);
    }

-    res.send({ simulation: simulation });
+    // validate owner
+    if (simulation.owner == req.decoded._doc._id) {
+      res.send({ simulation: simulation });
+    } else {
+      res.status(403).send({ success: false, message: 'User is not owner' });
+    }
  });
 });

@@ -139,6 +151,11 @@ router.delete('/simulations/:id', auth.validateRole('simulation', 'delete'), fun
      return res.status(400).send(err);
    }

+    // validate owner
+    if (simulation.owner != req.decoded._doc._id) {
+      return res.status(403).send({ success: false, message: 'User is not owner' });
+    }
+
    // remove from owner's list
    User.findOne({ _id: simulation.owner }, function(err, user) {
      if (err) {

--- a/routes/plots.js
+++ b/routes/plots.js
 /**
- * File: plots.js
+ * File: widgets.js
 * Author: Markus Grigull <mgrigull@eonerc.rwth-aachen.de>
 * Date: 28.06.2016
 * Copyright: 2016, Institute for Automation of Complex Power Systems, EONERC
@@ -13,46 +13,46 @@ var express = require('express');
 var auth = require('../auth');

 // models
-var Plot = require('../models/plot');
-var Visualization = require('../models/visualization')
+var Widget = require('../models/widget');
+var Visualization = require('../models/visualization');

 // create router
 var router = express.Router();

-// all plot routes need authentication
-router.use('/plots', auth.validateRole('visualization', 'read'), auth.validateToken);
+// all widget routes need authentication
+router.use('/widgets', auth.validateToken);

 // routes
-router.get('/plots', function(req, res) {
-  // get all plots
-  Plot.find(function(err, plots) {
+router.get('/widgets', auth.validateRole('visualization', 'read'), function(req, res) {
+  // get all widgets
+  Widget.find(function(err, widgets) {
    if (err) {
      return res.send(err);
    }

-    res.send({ plots: plots });
+    res.send({ widgets: widgets });
  });
 });

-router.post('/plots', auth.validateRole('visualization', 'create'), function(req, res) {
-  // create new plot
-  var plot = new Plot(req.body.plot);
+router.post('/widgets', auth.validateRole('visualization', 'create'), function(req, res) {
+  // create new widget
+  var widget = new Widget(req.body.widget);

-  plot.save(function(err) {
+  widget.save(function(err) {
    if (err) {
      return res.send(err);
    }

-    res.send({ plot: plot });
+    res.send({ widget: widget });
  });

-  // add plot to visualization
-  Visualization.findOne({ _id: plot.visualization }, function(err, visualization) {
+  // add widget to visualization
+  Visualization.findOne({ _id: widget.visualization }, function(err, visualization) {
    if (err) {
      return console.log(err);
    }

-    visualization.plots.push(plot._id);
+    visualization.widgets.push(widget._id);

    visualization.save(function(err) {
      if (err) {
@@ -62,55 +62,55 @@ router.post('/plots', auth.validateRole('visualization', 'create'), function(req
  });
 });

-router.put('/plots/:id', auth.validateRole('visualization', 'update'), function(req, res) {
-  // get plot
-  Plot.findOne({ _id: req.params.id }, function(err, plot) {
+router.put('/widgets/:id', auth.validateRole('visualization', 'update'), function(req, res) {
+  // get widget
+  Widget.findOne({ _id: req.params.id }, function(err, widget) {
    if (err) {
      return res.send(err);
    }

    // update all properties
-    for (property in req.body.plot) {
-      plot[property] = req.body.plot[property];
+    for (property in req.body.widget) {
+      widget[property] = req.body.widget[property];
    }

    // save the changes
-    plot.save(function(err) {
+    widget.save(function(err) {
      if (err) {
        return res.send(err);
      }

-      res.send({ plot: plot });
+      res.send({ widget: widget });
    });
  });
 });

-router.get('/plots/:id', auth.validateRole('visualization', 'read'), function(req, res) {
-  Plot.findOne({ _id: req.params.id }, function(err, plot) {
+router.get('/widgets/:id', auth.validateRole('visualization', 'read'), function(req, res) {
+  Widget.findOne({ _id: req.params.id }, function(err, widget) {
    if (err) {
      return res.send(err);
    }

-    res.send({ plot: plot });
+    res.send({ widget: widget });
  });
 });

-router.delete('/plots/:id', auth.validateRole('visualization', 'delete'), function(req, res) {
-  Plot.findOne({ _id: req.params.id }, function(err, plot) {
+router.delete('/widgets/:id', auth.validateRole('visualization', 'delete'), function(req, res) {
+  Widget.findOne({ _id: req.params.id }, function(err, widget) {
    if (err) {
      return res.send(err);
    }

    // remove from visualization's list
-    Visualization.findOne({ _id: plot.visualization }, function(err, visualization) {
+    Visualization.findOne({ _id: widget.visualization }, function(err, visualization) {
      if (err) {
        return console.log(err);
      }

-      for (var i = 0; i < visualization.plots.length; i++) {
-        var id = String(visualization.plots[i]);
-        if (id == plot._id) {
-          visualization.plots.splice(i, 1);
+      for (var i = 0; i < visualization.widgets.length; i++) {
+        var id = String(visualization.widgets[i]);
+        if (id == widget._id) {
+          visualization.widgets.splice(i, 1);
        }
      }

@@ -121,7 +121,7 @@ router.delete('/plots/:id', auth.validateRole('visualization', 'delete'), functi
      });
    });

-    visualization.remove(function(err) {
+    widget.remove(function(err) {
      if (err) {
        return res.send(err);
      }

--- a/server.js
+++ b/server.js
@@ -20,7 +20,7 @@ var config = require('./config');
 var users = require('./routes/users');
 var projects = require('./routes/projects');
 var visualizations = require('./routes/visualizations');
-var plots = require('./routes/plots');
+var widgets = require('./routes/widgets');
 var simulations = require('./routes/simulations');
 var simulationModels = require('./routes/simulationModels');
 var simulators = require('./routes/simulators');
@@ -43,7 +43,7 @@ mongoose.connect(config.databaseURL + config.databaseName);
 app.use('/api/v1', users);
 app.use('/api/v1', projects);
 app.use('/api/v1', visualizations);
-app.use('/api/v1', plots);
+app.use('/api/v1', widgets);
 app.use('/api/v1', simulations);
 app.use('/api/v1', simulationModels);
 app.use('/api/v1', simulators);