fix(pages & middleware): throw error if non-author/collaborator tries to edit a story

This commit is contained in:
parent a5346e8622
commit 989fefd6e7
Signed by: tablet
GPG Key ID: 924A5F6AF051E87C
2 changed files with 40 additions and 27 deletions

@ -21,3 +21,25 @@ export const storyMiddleware = defineNuxtRouteMiddleware(async (to, from) => {
return navigateTo("/login");
}
});
export const storyEditMiddleware = defineNuxtRouteMiddleware(
async (to, from) => {
const { data: curU } = useAuth();
const rtr = useRoute();
const { data: storyInfo } = await useApiFetch<
({ chapters: (IChapter & { text: string })[] } & IStory) | null
>(`/story/${rtr.params.id}/full`);
if (!storyInfo.value) {
return showError({ statusCode: 404, message: messages[404] });
}
if (
curU.value?.user?._id !== storyInfo.value?.author._id &&
curU.value?.user?._id !== storyInfo.value?.coAuthor?._id
) {
return showError({
statusCode: 403,
message: messages[403],
});
}
},
);

@ -4,54 +4,45 @@
import { FormStory } from "~/lib/client/types/form/story";
import { IStory } from "~/models/stories";
import { IChapter } from "~/models/stories/chapter";
import { storyEditMiddleware } from "~/lib/client/middleware";
const rtr = useRoute();
const {
data: { value: originalStory },
} = await useApiFetch<{ chapters: (IChapter & { text: string })[] } & IStory>(
`/story/${rtr.params.id}/full`,
);
if (!originalStory) {
await navigateTo("/not-found");
} = await useApiFetch<
({ chapters: (IChapter & { text: string })[] } & IStory) | null
>(`/story/${rtr.params.id}/full`);
if (originalStory === null) {
console.log("IT DOESN'T EXIST DAWG");
throw createError({
statusCode: 404,
message: "That story doesn't exist...",
});
}
definePageMeta({
middleware: [
(from, to) => {
const { data: curu } = useAuth();
if (
curu.value?.user?._id !== originalStory?.author._id &&
curu.value?.user?._id !== originalStory?.coAuthor._id
) {
return navigateTo("/403");
}
},
"auth",
],
middleware: [storyEditMiddleware, "auth"],
});
const story: FormStory = {
title: originalStory!.title,
coAuthor: originalStory?.coAuthor._id,
coAuthor: originalStory?.coAuthor ? originalStory.coAuthor._id : null,
completed: originalStory!.completed,
chapters: originalStory!.chapters.map((a, i) => ({
...a,
id: a.id,
chapterTitle: a.title,
index: i + 1,
summary: a.summary,
notes: a.notes,
genre: a.genre,
bands: a.bands.map((a) => a._id),
characters: a.characters,
relationships: a.relationships,
nsfw: a.nsfw,
loggedInOnly: a.loggedInOnly,
hidden: a.hidden,
content: a.text,
uuidKey: v4(),
})),
};
useHead({
title: `Editing story: ${originalStory?.title}`,
});
</script>
<template>
<a-typography-title style="text-align: center">
Editing "{{ originalStory!.title }}"
Editing "{{ originalStory?.title }}"
</a-typography-title>
<story-form
:can-draft="false"