Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-19 13:19:44 +02:00
Code Issues Releases Activity

feat: Version 2

Browse source 
Closes #627, closes #1047
This commit is contained in:
Maksim Eltyshev 2025-05-10 02:09:06 +02:00
parent ad7fb51cfa
commit 2ee1166747
1557 changed files with 76832 additions and 47042 deletions
Download patch file Download diff file Expand all files Collapse all files

28
server/api/controllers/access-tokens/create.js
View file

@ -1,8 +1,13 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const bcrypt = require('bcrypt');
const validator = require('validator');
const { v4: uuid } = require('uuid');
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const { isEmailOrUsername } = require('../../../utils/validators');
const { getRemoteAddress } = require('../../../utils/remote-address');
const Errors = {
INVALID_CREDENTIALS: {
@ -19,20 +24,17 @@ const Errors = {
},
};
const emailOrUsernameValidator = (value) =>
value.includes('@')
? validator.isEmail(value)
: value.length >= 3 && value.length <= 16 && /^[a-zA-Z0-9]+((_|\.)?[a-zA-Z0-9])*$/.test(value);
module.exports = {
inputs: {
emailOrUsername: {
type: 'string',
custom: emailOrUsernameValidator,
maxLength: 256,
custom: isEmailOrUsername,
required: true,
},
password: {
type: 'string',
maxLength: 256,
required: true,
},
withHttpOnlyToken: {
@ -62,7 +64,7 @@ module.exports = {
}
const remoteAddress = getRemoteAddress(this.req);
const user = await sails.helpers.users.getOneByEmailOrUsername(inputs.emailOrUsername);
const user = await User.qm.getOneActiveByEmailOrUsername(inputs.emailOrUsername);
if (!user) {
sails.log.warn(
@ -74,11 +76,13 @@ module.exports = {
: Errors.INVALID_CREDENTIALS;
}
if (user.isSso) {
if (user.isSsoUser) {
throw Errors.USE_SINGLE_SIGN_ON;
}
if (!bcrypt.compareSync(inputs.password, user.password)) {
const isPasswordValid = await bcrypt.compare(inputs.password, user.password);
if (!isPasswordValid) {
sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
throw sails.config.custom.showDetailedAuthErrors
@ -92,7 +96,7 @@ module.exports = {
const httpOnlyToken = inputs.withHttpOnlyToken ? uuid() : null;
await Session.create({
await Session.qm.createOne({
accessToken,
httpOnlyToken,
remoteAddress,

12
server/api/controllers/access-tokens/delete.js
View file

@ -1,13 +1,13 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
async fn() {
const { currentSession } = this.req;
await Session.updateOne({
id: currentSession.id,
deletedAt: null,
}).set({
deletedAt: new Date().toISOString(),
});
await Session.qm.deleteOneById(currentSession.id);
sails.sockets.leaveAll(`@accessToken:${currentSession.accessToken}`);

26
server/api/controllers/access-tokens/exchange-using-oidc.js → server/api/controllers/access-tokens/exchange-with-oidc.js
View file

@ -1,10 +1,15 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { v4: uuid } = require('uuid');
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const { getRemoteAddress } = require('../../../utils/remote-address');
const Errors = {
INVALID_OIDC_CONFIGURATION: {
invalidOIDCConfiguration: 'Invalid OIDC configuration',
invalidOidcConfiguration: 'Invalid OIDC configuration',
},
INVALID_CODE_OR_NONCE: {
invalidCodeOrNonce: 'Invalid code or nonce',
@ -18,6 +23,9 @@ const Errors = {
USERNAME_ALREADY_IN_USE: {
usernameAlreadyInUse: 'Username already in use',
},
ACTIVE_USERS_LIMIT_REACHED: {
activeUsersLimitReached: 'Active users limit reached',
},
MISSING_VALUES: {
missingValues: 'Unable to retrieve required values (email, name)',
},
@ -27,10 +35,12 @@ module.exports = {
inputs: {
code: {
type: 'string',
maxLength: 1024,
required: true,
},
nonce: {
type: 'string',
maxLength: 1024,
required: true,
},
withHttpOnlyToken: {
@ -40,7 +50,7 @@ module.exports = {
},
exits: {
invalidOIDCConfiguration: {
invalidOidcConfiguration: {
responseType: 'serverError',
},
invalidCodeOrNonce: {
@ -55,6 +65,9 @@ module.exports = {
usernameAlreadyInUse: {
responseType: 'conflict',
},
activeUsersLimitReached: {
responseType: 'conflict',
},
missingValues: {
responseType: 'unprocessableEntity',
},
@ -64,15 +77,16 @@ module.exports = {
const remoteAddress = getRemoteAddress(this.req);
const user = await sails.helpers.users
.getOrCreateOneUsingOidc(inputs.code, inputs.nonce)
.getOrCreateOneWithOidc(inputs.code, inputs.nonce)
.intercept('invalidOidcConfiguration', () => Errors.INVALID_OIDC_CONFIGURATION)
.intercept('invalidCodeOrNonce', () => {
sails.log.warn(`Invalid code or nonce! (IP: ${remoteAddress})`);
return Errors.INVALID_CODE_OR_NONCE;
})
.intercept('invalidOIDCConfiguration', () => Errors.INVALID_OIDC_CONFIGURATION)
.intercept('invalidUserinfoConfiguration', () => Errors.INVALID_USERINFO_CONFIGURATION)
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
.intercept('activeLimitReached', () => Errors.ACTIVE_USERS_LIMIT_REACHED)
.intercept('missingValues', () => Errors.MISSING_VALUES);
const { token: accessToken, payload: accessTokenPayload } = sails.helpers.utils.createJwtToken(
@ -81,7 +95,7 @@ module.exports = {
const httpOnlyToken = inputs.withHttpOnlyToken ? uuid() : null;
await Session.create({
await Session.qm.createOne({
accessToken,
httpOnlyToken,
remoteAddress,

55
server/api/controllers/actions/index.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
@ -7,17 +14,10 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
beforeId: {
type: 'string',
regex: /^[0-9]+$/,
},
withDetails: {
type: 'boolean',
},
beforeId: idInput,
},
exits: {
@ -30,35 +30,38 @@ module.exports = {
const { currentUser } = this.req;
const { card, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, card.boardId);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
card.boardId,
currentUser.id,
);
if (!isBoardMember) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!boardMembership) {
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
if (!isProjectManager) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
}
}
const actions = await sails.helpers.cards.getActions(
card.id,
inputs.beforeId,
inputs.withDetails,
);
const actions = await Action.qm.getByCardId(card.id, {
beforeId: inputs.beforeId,
});
const userIds = sails.helpers.utils.mapRecords(actions, 'userId', true);
const users = await sails.helpers.users.getMany(userIds, true);
const userIds = sails.helpers.utils.mapRecords(actions, 'userId', true, true);
const users = await User.qm.getByIds(userIds);
return {
items: actions,
included: {
users,
users: sails.helpers.users.presentMany(users, currentUser),
},
};
},

81
server/api/controllers/attachments/create.js
View file

@ -1,3 +1,11 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { isUrl } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -8,18 +16,36 @@ const Errors = {
NO_FILE_WAS_UPLOADED: {
noFileWasUploaded: 'No file was uploaded',
},
URL_MUST_BE_PRESENT: {
urlMustBePresent: 'Url must be present',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
type: {
type: 'string',
regex: /^[0-9]+$/,
isIn: Object.values(Attachment.Types),
required: true,
},
url: {
type: 'string',
maxLength: 2048,
custom: isUrl,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
requestId: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
},
@ -36,19 +62,22 @@ module.exports = {
uploadError: {
responseType: 'unprocessableEntity',
},
urlMustBePresent: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs, exits) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
@ -58,26 +87,40 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let files;
try {
files = await sails.helpers.utils.receiveFile('file', this.req);
} catch (error) {
return exits.uploadError(error.message); // TODO: add error
let data;
if (inputs.type === Attachment.Types.FILE) {
let files;
try {
files = await sails.helpers.utils.receiveFile('file', this.req);
} catch (error) {
return exits.uploadError(error.message); // TODO: add error
}
if (files.length === 0) {
throw Errors.NO_FILE_WAS_UPLOADED;
}
const file = _.last(files);
data = await sails.helpers.attachments.processUploadedFile(file);
} else if (inputs.type === Attachment.Types.LINK) {
if (!inputs.url) {
throw Errors.URL_MUST_BE_PRESENT;
}
data = await sails.helpers.attachments.processLink(inputs.url);
}
if (files.length === 0) {
throw Errors.NO_FILE_WAS_UPLOADED;
}
const file = _.last(files);
const fileData = await sails.helpers.attachments.processUploadedFile(file);
const values = {
..._.pick(inputs, ['type', 'name']),
data,
};
const attachment = await sails.helpers.attachments.createOne.with({
project,
board,
list,
values: {
...fileData,
...values,
card,
creatorUser: currentUser,
},
@ -86,7 +129,7 @@ module.exports = {
});
return exits.success({
item: attachment,
item: sails.helpers.attachments.presentOne(attachment),
});
},
};

28
server/api/controllers/attachments/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,17 +34,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.attachments
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.attachments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.ATTACHMENT_NOT_FOUND);
let { attachment } = path;
const { card, list, board, project } = path;
let { attachment } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.ATTACHMENT_NOT_FOUND; // Forbidden
@ -63,7 +69,7 @@ module.exports = {
}
return {
item: attachment,
item: sails.helpers.attachments.presentOne(attachment),
};
},
};

62
server/api/controllers/attachments/download-thumbnail.js
View file

@ -1,62 +0,0 @@
const Errors = {
ATTACHMENT_NOT_FOUND: {
attachmentNotFound: 'Attachment not found',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true,
},
},
exits: {
attachmentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs, exits) {
const { currentUser } = this.req;
const { attachment, card, project } = await sails.helpers.attachments
.getProjectPath(inputs.id)
.intercept('pathNotFound', () => Errors.ATTACHMENT_NOT_FOUND);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, card.boardId);
if (!isBoardMember) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.ATTACHMENT_NOT_FOUND; // Forbidden
}
}
if (!attachment.image) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
const fileManager = sails.hooks['file-manager'].getInstance();
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.dirname}/thumbnails/cover-256.${attachment.image.thumbnailsExtension}`,
);
} catch (error) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
this.res.type('image/jpeg');
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(readStream);
},
};

63
server/api/controllers/attachments/download.js
View file

@ -1,63 +0,0 @@
const path = require('path');
const Errors = {
ATTACHMENT_NOT_FOUND: {
attachmentNotFound: 'Attachment not found',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true,
},
},
exits: {
attachmentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs, exits) {
const { currentUser } = this.req;
const { attachment, card, project } = await sails.helpers.attachments
.getProjectPath(inputs.id)
.intercept('pathNotFound', () => Errors.ATTACHMENT_NOT_FOUND);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, card.boardId);
if (!isBoardMember) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.ATTACHMENT_NOT_FOUND; // Forbidden
}
}
const fileManager = sails.hooks['file-manager'].getInstance();
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.dirname}/${attachment.filename}`,
);
} catch (error) {
throw Errors.ATTACHMENT_NOT_FOUND;
}
this.res.type(attachment.filename);
if (!attachment.image && path.extname(attachment.filename) !== '.pdf') {
this.res.set('Content-Disposition', 'attachment');
}
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(readStream);
},
};

29
server/api/controllers/attachments/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,13 +17,13 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
},
@ -32,17 +39,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.attachments
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.attachments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.ATTACHMENT_NOT_FOUND);
let { attachment } = path;
const { card, list, board, project } = path;
let { attachment } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.ATTACHMENT_NOT_FOUND; // Forbidden
@ -70,7 +77,7 @@ module.exports = {
}
return {
item: attachment,
item: sails.helpers.attachments.presentOne(attachment),
};
},
};

46
server/api/controllers/projects/update-background-image.js → server/api/controllers/background-images/create.js Executable file → Normal file
View file

@ -1,4 +1,9 @@
const rimraf = require('rimraf');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
PROJECT_NOT_FOUND: {
@ -14,11 +19,15 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
projectId: {
...idInput,
required: true,
},
requestId: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
},
exits: {
@ -39,7 +48,7 @@ module.exports = {
async fn(inputs, exits) {
const { currentUser } = this.req;
let project = await Project.findOne(inputs.id);
const project = await Project.qm.getOneById(inputs.projectId);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
@ -64,33 +73,22 @@ module.exports = {
const file = _.last(files);
const fileData = await sails.helpers.projects
.processUploadedBackgroundImageFile(file)
.intercept('fileIsNotImage', () => {
try {
rimraf.sync(file.fd);
} catch (error) {
console.warn(error.stack); // eslint-disable-line no-console
}
const values = await sails.helpers.backgroundImages
.processUploadedFile(file)
.intercept('fileIsNotImage', () => Errors.FILE_IS_NOT_IMAGE);
return Errors.FILE_IS_NOT_IMAGE;
});
project = await sails.helpers.projects.updateOne.with({
record: project,
const backgroundImage = await sails.helpers.backgroundImages.createOne.with({
values: {
backgroundImage: fileData,
...values,
project,
},
actorUser: currentUser,
requestId: inputs.requestId,
request: this.req,
});
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
}
return exits.success({
item: project,
item: sails.helpers.backgroundImages.presentOne(backgroundImage),
});
},
};

59
server/api/controllers/background-images/delete.js Executable file
View file

@ -0,0 +1,59 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BACKGROUND_IMAGE_NOT_FOUND: {
backgroundImageNotFound: 'Background image not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
backgroundImageNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.backgroundImages
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BACKGROUND_IMAGE_NOT_FOUND);
let { backgroundImage } = pathToProject;
const { project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.BACKGROUND_IMAGE_NOT_FOUND; // Forbidden
}
backgroundImage = await sails.helpers.backgroundImages.deleteOne.with({
project,
record: backgroundImage,
actorUser: currentUser,
request: this.req,
});
if (!backgroundImage) {
throw Errors.BACKGROUND_IMAGE_NOT_FOUND;
}
return {
item: sails.helpers.backgroundImages.presentOne(backgroundImage),
};
},
};

63
server/api/controllers/base-custom-field-groups/create.js Normal file
View file

@ -0,0 +1,63 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
},
};
module.exports = {
inputs: {
projectId: {
...idInput,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
},
exits: {
projectNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const project = await Project.qm.getOneById(inputs.projectId);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
}
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['name']);
const baseCustomFieldGroup = await sails.helpers.baseCustomFieldGroups.createOne.with({
values: {
...values,
project,
},
actorUser: currentUser,
request: this.req,
});
return {
item: baseCustomFieldGroup,
};
},
};

59
server/api/controllers/base-custom-field-groups/delete.js Normal file
View file

@ -0,0 +1,59 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BASE_CUSTOM_FIELD_GROUP_NOT_FOUND: {
baseCustomFieldGroupNotFound: 'Base custom field group not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
baseCustomFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.baseCustomFieldGroups
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND);
let { baseCustomFieldGroup } = pathToProject;
const { project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
baseCustomFieldGroup = await sails.helpers.baseCustomFieldGroups.deleteOne.with({
project,
record: baseCustomFieldGroup,
actorUser: currentUser,
request: this.req,
});
if (!baseCustomFieldGroup) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND;
}
return {
item: baseCustomFieldGroup,
};
},
};

67
server/api/controllers/base-custom-field-groups/update.js Normal file
View file

@ -0,0 +1,67 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BASE_CUSTOM_FIELD_GROUP_NOT_FOUND: {
baseCustomFieldGroupNotFound: 'Base custom field group not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
},
exits: {
baseCustomFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.baseCustomFieldGroups
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND);
let { baseCustomFieldGroup } = pathToProject;
const { project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['name']);
baseCustomFieldGroup = await sails.helpers.baseCustomFieldGroups.updateOne.with({
values,
project,
record: baseCustomFieldGroup,
actorUser: currentUser,
request: this.req,
});
if (!baseCustomFieldGroup) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND;
}
return {
item: baseCustomFieldGroup,
};
},
};

33
server/api/controllers/board-memberships/create.js
View file

@ -1,4 +1,14 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
},
@ -13,13 +23,11 @@ const Errors = {
module.exports = {
inputs: {
boardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
userId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
role: {
@ -34,6 +42,9 @@ module.exports = {
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
boardNotFound: {
responseType: 'notFound',
},
@ -49,7 +60,7 @@ module.exports = {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getProjectPath(inputs.boardId)
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
@ -58,10 +69,18 @@ module.exports = {
throw Errors.BOARD_NOT_FOUND; // Forbidden
}
const user = await sails.helpers.users.getOne(inputs.userId);
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
if (inputs.userId !== currentUser.id) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const user = await User.qm.getOneById(inputs.userId, {
withDeactivated: false,
});
if (!user) {
throw Error.USER_NOT_FOUND;
throw Errors.USER_NOT_FOUND;
}
const values = _.pick(inputs, ['role', 'canComment']);

21
server/api/controllers/board-memberships/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_MEMBERSHIP_NOT_FOUND: {
boardMembershipNotFound: 'Board membership not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -22,12 +28,12 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.boardMemberships
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.boardMemberships
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BOARD_MEMBERSHIP_NOT_FOUND);
let { boardMembership } = path;
const { board, project } = path;
let { boardMembership } = pathToProject;
const { board, project } = pathToProject;
if (boardMembership.userId !== currentUser.id) {
const isProjectManager = await sails.helpers.users.isProjectManager(
@ -40,7 +46,10 @@ module.exports = {
}
}
const user = await User.qm.getOneById(boardMembership.userId);
boardMembership = await sails.helpers.boardMemberships.deleteOne.with({
user,
project,
board,
record: boardMembership,

22
server/api/controllers/board-memberships/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_MEMBERSHIP_NOT_FOUND: {
boardMembershipNotFound: 'Board membership not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
role: {
@ -30,12 +36,12 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.boardMemberships
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.boardMemberships
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BOARD_MEMBERSHIP_NOT_FOUND);
let { boardMembership } = path;
const { board, project } = path;
let { boardMembership } = pathToProject;
const { board, project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
@ -54,6 +60,10 @@ module.exports = {
request: this.req,
});
if (!boardMembership) {
throw Errors.BOARD_MEMBERSHIP_NOT_FOUND;
}
return {
item: boardMembership,
};

30
server/api/controllers/boards/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
@ -13,16 +20,17 @@ const Errors = {
module.exports = {
inputs: {
projectId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
importType: {
@ -32,6 +40,7 @@ module.exports = {
requestId: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
},
@ -42,6 +51,9 @@ module.exports = {
noImportFileWasUploaded: {
responseType: 'unprocessableEntity',
},
invalidImportFile: {
responseType: 'unprocessableEntity',
},
uploadError: {
responseType: 'unprocessableEntity',
},
@ -50,7 +62,7 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const project = await Project.findOne(inputs.projectId);
const project = await Project.qm.getOneById(inputs.projectId);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
@ -62,10 +74,8 @@ module.exports = {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['position', 'name']);
let boardImport;
if (inputs.importType && Object.values(Board.ImportTypes).includes(inputs.importType)) {
if (inputs.importType) {
let files;
try {
files = await sails.helpers.utils.receiveFile('importFile', this.req);
@ -80,13 +90,19 @@ module.exports = {
const file = _.last(files);
if (inputs.importType === Board.ImportTypes.TRELLO) {
const trelloBoard = await sails.helpers.boards
.processUploadedTrelloImportFile(file)
.intercept('invalidFile', () => Errors.INVALID_IMPORT_FILE);
boardImport = {
type: inputs.importType,
board: await sails.helpers.boards.processUploadedTrelloImportFile(file),
board: trelloBoard,
};
}
}
const values = _.pick(inputs, ['position', 'name']);
const { board, boardMembership } = await sails.helpers.boards.createOne.with({
values: {
...values,

22
server/api/controllers/boards/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -22,16 +28,12 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.boards
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.boards
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
let { board } = path;
const { project } = path;
if (!board) {
throw Errors.BOARD_NOT_FOUND;
}
let { board } = pathToProject;
const { project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);

81
server/api/controllers/boards/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
subscribe: {
@ -26,42 +32,67 @@ module.exports = {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getProjectPath(inputs.id)
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, board.id);
if (!isBoardMember) {
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
}
}
}
const boardMemberships = await sails.helpers.boards.getBoardMemberships(board.id);
board.isSubscribed = await sails.helpers.users.isBoardSubscriber(currentUser.id, board.id);
const userIds = sails.helpers.utils.mapRecords(boardMemberships, 'userId');
const users = await sails.helpers.users.getMany(userIds);
const boardMemberships = await BoardMembership.qm.getByBoardId(board.id);
const labels = await Label.qm.getByBoardId(board.id);
const lists = await List.qm.getByBoardId(board.id);
const labels = await sails.helpers.boards.getLabels(board.id);
const lists = await sails.helpers.boards.getLists(board.id);
const finiteLists = lists.filter((list) => sails.helpers.lists.isFinite(list));
const finiteListIds = sails.helpers.utils.mapRecords(finiteLists);
const cards = await sails.helpers.boards.getCards(board.id);
const cards = await Card.qm.getByListIds(finiteListIds);
const cardIds = sails.helpers.utils.mapRecords(cards);
const cardSubscriptions = await sails.helpers.cardSubscriptions.getMany({
cardId: cardIds,
userId: currentUser.id,
});
const userIds = _.union(
sails.helpers.utils.mapRecords(boardMemberships, 'userId'),
sails.helpers.utils.mapRecords(cards, 'creatorUserId', true, true),
);
const cardMemberships = await sails.helpers.cards.getCardMemberships(cardIds);
const cardLabels = await sails.helpers.cards.getCardLabels(cardIds);
const tasks = await sails.helpers.cards.getTasks(cardIds);
const attachments = await sails.helpers.cards.getAttachments(cardIds);
const users = await User.qm.getByIds(userIds);
const cardMemberships = await CardMembership.qm.getByCardIds(cardIds);
const cardLabels = await CardLabel.qm.getByCardIds(cardIds);
const taskLists = await TaskList.qm.getByCardIds(cardIds);
const taskListIds = sails.helpers.utils.mapRecords(taskLists);
const tasks = await Task.qm.getByTaskListIds(taskListIds);
const attachments = await Attachment.qm.getByCardIds(cardIds);
const boardCustomFieldGroups = await CustomFieldGroup.qm.getByBoardId(board.id);
const cardCustomFieldGroups = await CustomFieldGroup.qm.getByCardIds(cardIds);
const customFieldGroups = [...boardCustomFieldGroups, ...cardCustomFieldGroups];
const customFieldGroupIds = sails.helpers.utils.mapRecords(customFieldGroups);
const customFields = await CustomField.qm.getByCustomFieldGroupIds(customFieldGroupIds);
const customFieldValues = await CustomFieldValue.qm.getByCardIds(cardIds);
const cardSubscriptions = await CardSubscription.qm.getByCardIdsAndUserId(
cardIds,
currentUser.id,
);
const isSubscribedByCardId = cardSubscriptions.reduce(
(result, cardSubscription) => ({
@ -83,16 +114,20 @@ module.exports = {
return {
item: board,
included: {
users,
boardMemberships,
labels,
lists,
cards,
cardMemberships,
cardLabels,
taskLists,
tasks,
attachments,
customFieldGroups,
customFields,
customFieldValues,
users: sails.helpers.users.presentMany(users, currentUser),
projects: [project],
attachments: sails.helpers.attachments.presentMany(attachments),
},
};
},

75
server/api/controllers/boards/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
@ -7,16 +14,36 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
defaultView: {
type: 'string',
isIn: Object.values(Board.Views),
},
defaultCardType: {
type: 'string',
isIn: Object.values(Card.Types),
allowNull: true,
},
limitCardTypesToDefaultOne: {
type: 'boolean',
allowNull: true,
},
alwaysDisplayCardCreator: {
type: 'boolean',
},
isSubscribed: {
type: 'boolean',
},
},
@ -29,24 +56,48 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.boards
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.boards
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
let { board } = path;
const { project } = path;
if (!board) {
throw Errors.BOARD_NOT_FOUND;
}
let { board } = pathToProject;
const { project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, board.id);
if (!isProjectManager) {
if (!isProjectManager && !isBoardMember) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['position', 'name']);
const availableInputKeys = ['id'];
if (isProjectManager) {
availableInputKeys.push(
'position',
'name',
'defaultView',
'defaultCardType',
'limitCardTypesToDefaultOne',
'alwaysDisplayCardCreator',
);
}
if (isBoardMember) {
availableInputKeys.push('isSubscribed');
}
if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, [
'position',
'name',
'defaultView',
'defaultCardType',
'limitCardTypesToDefaultOne',
'alwaysDisplayCardCreator',
'isSubscribed',
]);
board = await sails.helpers.boards.updateOne.with({
values,

26
server/api/controllers/card-labels/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -16,13 +23,11 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
labelId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -46,13 +51,13 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
@ -62,8 +67,7 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const label = await Label.findOne({
id: inputs.labelId,
const label = await Label.qm.getOneById(inputs.labelId, {
boardId: board.id,
});

28
server/api/controllers/card-labels/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -13,13 +20,11 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
labelId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -40,13 +45,13 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
@ -56,10 +61,7 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let cardLabel = await CardLabel.findOne({
cardId: inputs.cardId,
labelId: inputs.labelId,
});
let cardLabel = await CardLabel.qm.getOneByCardIdAndLabelId(card.id, inputs.labelId);
if (!cardLabel) {
throw Errors.LABEL_NOT_IN_CARD;

23
server/api/controllers/card-memberships/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -16,13 +23,11 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
userId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -46,13 +51,13 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden

31
server/api/controllers/card-memberships/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -13,13 +20,11 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
userId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -40,13 +45,13 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
@ -56,10 +61,10 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let cardMembership = await CardMembership.findOne({
cardId: inputs.cardId,
userId: inputs.userId,
});
let cardMembership = await CardMembership.qm.getOneByCardIdAndUserId(
inputs.cardId,
inputs.userId,
);
if (!cardMembership) {
throw Errors.USER_NOT_CARD_MEMBER;

63
server/api/controllers/cards/create.js
View file

@ -1,4 +1,10 @@
const moment = require('moment');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { isDueDate, isStopwatch } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
@ -12,59 +18,40 @@ const Errors = {
},
};
const dueDateValidator = (value) => moment(value, moment.ISO_8601, true).isValid();
const stopwatchValidator = (value) => {
if (!_.isPlainObject(value) || _.size(value) !== 2) {
return false;
}
if (
!_.isNull(value.startedAt) &&
_.isString(value.startedAt) &&
!moment(value.startedAt, moment.ISO_8601, true).isValid()
) {
return false;
}
if (!_.isFinite(value.total)) {
return false;
}
return true;
};
module.exports = {
inputs: {
listId: {
...idInput,
required: true,
},
type: {
type: 'string',
regex: /^[0-9]+$/,
isIn: Object.values(Card.Types),
required: true,
},
position: {
type: 'number',
min: 0,
allowNull: true,
},
name: {
type: 'string',
maxLength: 1024,
required: true,
},
description: {
type: 'string',
isNotEmptyString: true,
maxLength: 1048576,
allowNull: true,
},
dueDate: {
type: 'string',
custom: dueDateValidator,
allowNull: true,
},
isDueDateCompleted: {
type: 'boolean',
allowNull: true,
custom: isDueDate,
},
stopwatch: {
type: 'json',
custom: stopwatchValidator,
custom: isStopwatch,
},
},
@ -84,13 +71,13 @@ module.exports = {
const { currentUser } = this.req;
const { list, board, project } = await sails.helpers.lists
.getProjectPath(inputs.listId)
.getPathToProjectById(inputs.listId)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
@ -101,20 +88,20 @@ module.exports = {
}
const values = _.pick(inputs, [
'type',
'position',
'name',
'description',
'dueDate',
'isDueDateCompleted',
'stopwatch',
]);
const card = await sails.helpers.cards.createOne
.with({
project,
board,
values: {
...values,
board,
list,
creatorUser: currentUser,
},

26
server/api/controllers/cards/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,17 +34,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.cards
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.cards
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
let { card } = path;
const { list, board, project } = path;
let { card } = pathToProject;
const { list, board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden

38
server/api/controllers/cards/duplicate.js Executable file → Normal file
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,16 +17,18 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 1024,
required: true,
},
},
@ -36,18 +45,23 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.id)
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
// TODO: allow for endless lists?
if (!sails.helpers.lists.isFinite(list)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
@ -58,7 +72,12 @@ module.exports = {
card: nextCard,
cardMemberships,
cardLabels,
taskLists,
tasks,
attachments,
customFieldGroups,
customFields,
customFieldValues,
} = await sails.helpers.cards.duplicateOne.with({
project,
board,
@ -76,7 +95,12 @@ module.exports = {
included: {
cardMemberships,
cardLabels,
taskLists,
tasks,
customFieldGroups,
customFields,
customFieldValues,
attachments: sails.helpers.attachments.presentMany(attachments),
},
};
},

164
server/api/controllers/cards/index.js Normal file
View file

@ -0,0 +1,164 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const moment = require('moment');
const { isId } = require('../../../utils/validators');
const { idInput, idsInput } = require('../../../utils/inputs');
const Errors = {
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
};
const isBefore = (value) => {
if (!_.isPlainObject(value) || _.size(value) !== 2) {
return false;
}
if (!moment(value.listChangedAt, moment.ISO_8601, true).isValid()) {
return false;
}
if (!isId(value.id)) {
return false;
}
return true;
};
module.exports = {
inputs: {
listId: {
...idInput,
required: true,
},
before: {
type: 'json',
custom: isBefore,
},
search: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
filterUserIds: idsInput,
filterLabelIds: idsInput,
},
exits: {
listNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { list, project } = await sails.helpers.lists
.getPathToProjectById(inputs.listId)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
list.boardId,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
}
}
let filterUserIds;
if (inputs.filterUserIds) {
const boardMemberships = await BoardMembership.qm.getByBoardId(list.boardId);
const availableUserIdsSet = new Set(
sails.helpers.utils.mapRecords(boardMemberships, 'userId'),
);
filterUserIds = _.uniq(inputs.filterUserIds.split(','));
filterUserIds = filterUserIds.filter((userId) => availableUserIdsSet.has(userId));
}
let filterLabelIds;
if (inputs.filterLabelIds) {
const labels = await Label.qm.getByBoardId(list.boardId);
const availableLabelIdsSet = new Set(sails.helpers.utils.mapRecords(labels));
filterLabelIds = _.uniq(inputs.filterLabelIds.split(','));
filterLabelIds = filterLabelIds.filter((labelId) => availableLabelIdsSet.has(labelId));
}
const cards = await Card.qm.getByEndlessListId(list.id, {
filterUserIds,
filterLabelIds,
before: inputs.before,
search: inputs.search,
});
const cardIds = sails.helpers.utils.mapRecords(cards);
const userIds = sails.helpers.utils.mapRecords(cards, 'creatorUserId', true, true);
const users = await User.qm.getByIds(userIds);
const cardSubscriptions = await CardSubscription.qm.getByCardIdsAndUserId(
cardIds,
currentUser.id,
);
const cardMemberships = await CardMembership.qm.getByCardIds(cardIds);
const cardLabels = await CardLabel.qm.getByCardIds(cardIds);
const taskLists = await TaskList.qm.getByCardIds(cardIds);
const taskListIds = sails.helpers.utils.mapRecords(taskLists);
const tasks = await Task.qm.getByTaskListIds(taskListIds);
const attachments = await Attachment.qm.getByCardIds(cardIds);
const customFieldGroups = await CustomFieldGroup.qm.getByCardIds(cardIds);
const customFieldGroupIds = sails.helpers.utils.mapRecords(customFieldGroups);
const customFields = await CustomField.qm.getByCustomFieldGroupIds(customFieldGroupIds);
const customFieldValues = await CustomFieldValue.qm.getByCardIds(cardIds);
const isSubscribedByCardId = cardSubscriptions.reduce(
(result, cardSubscription) => ({
...result,
[cardSubscription.cardId]: true,
}),
{},
);
cards.forEach((card) => {
// eslint-disable-next-line no-param-reassign
card.isSubscribed = isSubscribedByCardId[card.id] || false;
});
return {
items: cards,
included: {
cardMemberships,
cardLabels,
taskLists,
tasks,
customFieldGroups,
customFields,
customFieldValues,
users: sails.helpers.users.presentMany(users, currentUser),
attachments: sails.helpers.attachments.presentMany(attachments),
},
};
},
};

66
server/api/controllers/cards/read-notifications.js Normal file
View file

@ -0,0 +1,66 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
cardNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, project } = await sails.helpers.cards
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
card.boardId,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
}
}
const notifications = await sails.helpers.cards.readNotificationsForUser.with({
record: card,
user: currentUser,
request: this.req,
});
return {
item: card,
included: {
notifications,
},
};
},
};

51
server/api/controllers/cards/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -23,36 +29,57 @@ module.exports = {
const { currentUser } = this.req;
const { card, project } = await sails.helpers.cards
.getProjectPath(inputs.id)
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const isBoardMember = await sails.helpers.users.isBoardMember(currentUser.id, card.boardId);
if (!isBoardMember) {
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.CARD_NOT_FOUND; // Forbidden
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
card.boardId,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
}
}
card.isSubscribed = await sails.helpers.users.isCardSubscriber(currentUser.id, card.id);
const cardMemberships = await sails.helpers.cards.getCardMemberships(card.id);
const cardLabels = await sails.helpers.cards.getCardLabels(card.id);
const tasks = await sails.helpers.cards.getTasks(card.id);
const attachments = await sails.helpers.cards.getAttachments(card.id);
const users = card.creatorUserId ? await User.qm.getByIds([card.creatorUserId]) : [];
const cardMemberships = await CardMembership.qm.getByCardId(card.id);
const cardLabels = await CardLabel.qm.getByCardId(card.id);
const taskLists = await TaskList.qm.getByCardId(card.id);
const taskListIds = sails.helpers.utils.mapRecords(taskLists);
const tasks = await Task.qm.getByTaskListIds(taskListIds);
const attachments = await Attachment.qm.getByCardId(card.id);
const customFieldGroups = await CustomFieldGroup.qm.getByCardId(card.id);
const customFieldGroupIds = sails.helpers.utils.mapRecords(customFieldGroups);
const customFields = await CustomField.qm.getByCustomFieldGroupIds(customFieldGroupIds);
const customFieldValues = await CustomFieldValue.qm.getByCardId(card.id);
return {
item: card,
included: {
cardMemberships,
cardLabels,
taskLists,
tasks,
attachments,
customFieldGroups,
customFields,
customFieldValues,
users: sails.helpers.users.presentMany(users, currentUser),
attachments: sails.helpers.attachments.presentMany(attachments),
},
};
},

142
server/api/controllers/cards/update.js
View file

@ -1,4 +1,10 @@
const moment = require('moment');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { isDueDate, isStopwatch } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
@ -13,80 +19,60 @@ const Errors = {
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
COVER_ATTACHMENT_NOT_FOUND: {
coverAttachmentNotFound: 'Cover attachment not found',
},
LIST_MUST_BE_PRESENT: {
listMustBePresent: 'List must be present',
},
COVER_ATTACHMENT_MUST_CONTAIN_IMAGE: {
coverAttachmentMustContainImage: 'Cover attachment must contain image',
},
POSITION_MUST_BE_PRESENT: {
positionMustBePresent: 'Position must be present',
},
};
const dueDateValidator = (value) => moment(value, moment.ISO_8601, true).isValid();
const stopwatchValidator = (value) => {
if (!_.isPlainObject(value) || _.size(value) !== 2) {
return false;
}
if (
!_.isNull(value.startedAt) &&
_.isString(value.startedAt) &&
!moment(value.startedAt, moment.ISO_8601, true).isValid()
) {
return false;
}
if (!_.isFinite(value.total)) {
return false;
}
return true;
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
boardId: {
type: 'string',
regex: /^[0-9]+$/,
},
listId: {
type: 'string',
regex: /^[0-9]+$/,
},
boardId: idInput,
listId: idInput,
coverAttachmentId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
allowNull: true,
},
type: {
type: 'string',
isIn: Object.values(Card.Types),
},
position: {
type: 'number',
min: 0,
allowNull: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 1024,
},
description: {
type: 'string',
isNotEmptyString: true,
maxLength: 1048576,
allowNull: true,
},
dueDate: {
type: 'string',
custom: dueDateValidator,
allowNull: true,
},
isDueDateCompleted: {
type: 'boolean',
custom: isDueDate,
allowNull: true,
},
stopwatch: {
type: 'json',
custom: stopwatchValidator,
custom: isStopwatch,
},
isSubscribed: {
type: 'boolean',
@ -106,9 +92,15 @@ module.exports = {
listNotFound: {
responseType: 'notFound',
},
coverAttachmentNotFound: {
responseType: 'notFound',
},
listMustBePresent: {
responseType: 'unprocessableEntity',
},
coverAttachmentMustContainImage: {
responseType: 'unprocessableEntity',
},
positionMustBePresent: {
responseType: 'unprocessableEntity',
},
@ -117,23 +109,38 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.cards
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.cards
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
let { card } = path;
const { list, board, project } = path;
let { card } = pathToProject;
const { list, board, project } = pathToProject;
let boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
let boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
const availableInputKeys = ['id', 'isSubscribed'];
if (boardMembership.role === BoardMembership.Roles.EDITOR) {
availableInputKeys.push(
'boardId',
'listId',
'coverAttachmentId',
'type',
'position',
'name',
'description',
'dueDate',
'stopwatch',
);
}
if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
@ -142,13 +149,13 @@ module.exports = {
if (!_.isUndefined(inputs.boardId)) {
({ board: nextBoard, project: nextProject } = await sails.helpers.boards
.getProjectPath(inputs.boardId)
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND));
boardMembership = await BoardMembership.findOne({
boardId: nextBoard.id,
userId: currentUser.id,
});
boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
nextBoard.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
@ -161,23 +168,33 @@ module.exports = {
let nextList;
if (!_.isUndefined(inputs.listId)) {
nextList = await List.findOne({
id: inputs.listId,
nextList = await List.qm.getOneById(inputs.listId, {
boardId: (nextBoard || board).id,
});
if (!nextList) {
throw Errors.LIST_NOT_FOUND; // Forbidden
throw Errors.LIST_NOT_FOUND;
}
}
let nextCoverAttachment;
if (inputs.coverAttachmentId) {
nextCoverAttachment = await Attachment.qm.getOneById(inputs.coverAttachmentId, {
cardId: card.id,
});
if (!nextCoverAttachment || nextCoverAttachment.type !== Attachment.Types.FILE) {
throw Errors.COVER_ATTACHMENT_NOT_FOUND;
}
}
const values = _.pick(inputs, [
'coverAttachmentId',
'type',
'position',
'name',
'description',
'dueDate',
'isDueDateCompleted',
'stopwatch',
'isSubscribed',
]);
@ -193,12 +210,17 @@ module.exports = {
project: nextProject,
board: nextBoard,
list: nextList,
coverAttachment: nextCoverAttachment,
},
actorUser: currentUser,
request: this.req,
})
.intercept('positionMustBeInValues', () => Errors.POSITION_MUST_BE_PRESENT)
.intercept('listMustBeInValues', () => Errors.LIST_MUST_BE_PRESENT);
.intercept('listMustBeInValues', () => Errors.LIST_MUST_BE_PRESENT)
.intercept(
'coverAttachmentInValuesMustContainImage',
() => Errors.COVER_ATTACHMENT_MUST_CONTAIN_IMAGE,
);
if (!card) {
throw Errors.CARD_NOT_FOUND;

80
server/api/controllers/comment-actions/delete.js
View file

@ -1,80 +0,0 @@
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
COMMENT_ACTION_NOT_FOUND: {
commentActionNotFound: 'Comment action not found',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
commentActionNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.actions
.getProjectPath({
id: inputs.id,
type: Action.Types.COMMENT_CARD,
})
.intercept('pathNotFound', () => Errors.COMMENT_ACTION_NOT_FOUND);
let { action } = path;
const { card, list, board, project } = path;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
if (action.userId !== currentUser.id) {
throw Errors.COMMENT_ACTION_NOT_FOUND; // Forbidden
}
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
if (!boardMembership) {
throw Errors.COMMENT_ACTION_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR && !boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
action = await sails.helpers.actions.deleteOne.with({
project,
board,
list,
card,
record: action,
actorUser: currentUser,
request: this.req,
});
if (!action) {
throw Errors.COMMENT_ACTION_NOT_FOUND;
}
return {
item: action,
};
},
};

89
server/api/controllers/comment-actions/update.js
View file

@ -1,89 +0,0 @@
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
COMMENT_ACTION_NOT_FOUND: {
commentActionNotFound: 'Comment action not found',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
required: true,
},
text: {
type: 'string',
isNotEmptyString: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
commentActionNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.actions
.getProjectPath({
id: inputs.id,
type: Action.Types.COMMENT_CARD,
})
.intercept('pathNotFound', () => Errors.COMMENT_ACTION_NOT_FOUND);
let { action } = path;
const { card, list, board, project } = path;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
if (action.userId !== currentUser.id) {
throw Errors.COMMENT_ACTION_NOT_FOUND; // Forbidden
}
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
if (!boardMembership) {
throw Errors.COMMENT_ACTION_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR && !boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const values = {
data: _.pick(inputs, ['text']),
};
action = await sails.helpers.actions.updateOne.with({
values,
project,
board,
list,
card,
record: action,
actorUser: currentUser,
request: this.req,
});
if (!action) {
throw Errors.COMMENT_ACTION_NOT_FOUND;
}
return {
item: action,
};
},
};

36
server/api/controllers/comment-actions/create.js → server/api/controllers/comments/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,12 +17,12 @@ const Errors = {
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
text: {
type: 'string',
maxLength: 1048576,
required: true,
},
},
@ -33,28 +40,27 @@ module.exports = {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR && !boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
if (!boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const values = {
type: Action.Types.COMMENT_CARD,
data: _.pick(inputs, ['text']),
};
const values = _.pick(inputs, ['text']);
const action = await sails.helpers.actions.createOne.with({
const comment = await sails.helpers.comments.createOne.with({
project,
board,
list,
@ -67,7 +73,7 @@ module.exports = {
});
return {
item: action,
item: comment,
};
},
};

85
server/api/controllers/comments/delete.js Executable file
View file

@ -0,0 +1,85 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
COMMENT_NOT_FOUND: {
commentNotFound: 'Comment not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
commentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.comments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.COMMENT_NOT_FOUND);
let { comment } = pathToProject;
const { card, list, board, project } = pathToProject;
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.COMMENT_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
if (comment.userId !== currentUser.id) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (!boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
}
comment = await sails.helpers.comments.deleteOne.with({
project,
board,
list,
card,
record: comment,
actorUser: currentUser,
request: this.req,
});
if (!comment) {
throw Errors.COMMENT_NOT_FOUND;
}
return {
item: comment,
};
},
};

68
server/api/controllers/comments/index.js Normal file
View file

@ -0,0 +1,68 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
beforeId: idInput,
},
exits: {
cardNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, project } = await sails.helpers.cards
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
card.boardId,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
}
}
const comments = await Comment.qm.getByCardId(card.id, {
beforeId: inputs.beforeId,
});
const userIds = sails.helpers.utils.mapRecords(comments, 'userId', true, true);
const users = await User.qm.getByIds(userIds);
return {
items: comments,
included: {
users: sails.helpers.users.presentMany(users, currentUser),
},
};
},
};

89
server/api/controllers/comments/update.js Executable file
View file

@ -0,0 +1,89 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
COMMENT_NOT_FOUND: {
commentNotFound: 'Comment not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
text: {
type: 'string',
isNotEmptyString: true,
maxLength: 1048576,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
commentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.comments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.COMMENT_NOT_FOUND);
let { comment } = pathToProject;
const { card, list, board, project } = pathToProject;
if (comment.userId !== currentUser.id) {
throw Errors.COMMENT_NOT_FOUND; // Forbidden
}
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.COMMENT_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
if (!boardMembership.canComment) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const values = _.pick(inputs, ['text']);
comment = await sails.helpers.comments.updateOne.with({
values,
project,
board,
list,
card,
record: comment,
actorUser: currentUser,
request: this.req,
});
if (!comment) {
throw Errors.COMMENT_NOT_FOUND;
}
return {
item: comment,
};
},
};

38
server/api/controllers/config/show.js Normal file
View file

@ -0,0 +1,38 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
async fn() {
const { currentUser } = this.req;
const oidcClient = await sails.hooks.oidc.getClient();
let oidc = null;
if (oidcClient) {
const authorizationUrlParams = {
scope: sails.config.custom.oidcScopes,
};
if (!sails.config.custom.oidcUseDefaultResponseMode) {
authorizationUrlParams.response_mode = sails.config.custom.oidcResponseMode;
}
oidc = {
authorizationUrl: oidcClient.authorizationUrl(authorizationUrlParams),
endSessionUrl: oidcClient.issuer.end_session_endpoint ? oidcClient.endSessionUrl({}) : null,
isEnforced: sails.config.custom.oidcEnforced,
};
}
return {
item: sails.helpers.config.presentOne(
{
oidc,
},
currentUser,
),
};
},
};

114
server/api/controllers/custom-field-groups/create-in-board.js Normal file
View file

@ -0,0 +1,114 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
},
BASE_CUSTOM_FIELD_GROUP_NOT_FOUND: {
baseCustomFieldGroupNotFound: 'Base custom field group not found',
},
BASE_CUSTOM_FIELD_GROUP_OR_NAME_MUST_BE_PRESENT: {
baseCustomFieldGroupOrNameMustBePresent: 'Base custom field group or name must be present',
},
};
module.exports = {
inputs: {
boardId: {
...idInput,
required: true,
},
baseCustomFieldGroupId: idInput,
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
boardNotFound: {
responseType: 'notFound',
},
baseCustomFieldGroupNotFound: {
responseType: 'notFound',
},
baseCustomFieldGroupOrNameMustBePresent: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let baseCustomFieldGroup;
if (inputs.baseCustomFieldGroupId) {
baseCustomFieldGroup = await BaseCustomFieldGroup.qm.getOneById(
inputs.baseCustomFieldGroupId,
{
projectId: project.id,
},
);
if (!baseCustomFieldGroup) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND;
}
}
const values = _.pick(inputs, ['position', 'name']);
const customFieldGroup = await sails.helpers.customFieldGroups.createOneInBoard
.with({
project,
values: {
...values,
board,
baseCustomFieldGroup,
},
actorUser: currentUser,
request: this.req,
})
.intercept(
'baseCustomFieldGroupOrNameMustBeInValues',
() => Errors.BASE_CUSTOM_FIELD_GROUP_OR_NAME_MUST_BE_PRESENT,
);
return {
item: customFieldGroup,
};
},
};

116
server/api/controllers/custom-field-groups/create-in-card.js Normal file
View file

@ -0,0 +1,116 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
BASE_CUSTOM_FIELD_GROUP_NOT_FOUND: {
baseCustomFieldGroupNotFound: 'Base custom field group not found',
},
BASE_CUSTOM_FIELD_GROUP_OR_NAME_MUST_BE_PRESENT: {
baseCustomFieldGroupOrNameMustBePresent: 'Base custom field group or name must be present',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
baseCustomFieldGroupId: idInput,
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
cardNotFound: {
responseType: 'notFound',
},
baseCustomFieldGroupNotFound: {
responseType: 'notFound',
},
baseCustomFieldGroupOrNameMustBePresent: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let baseCustomFieldGroup;
if (inputs.baseCustomFieldGroupId) {
baseCustomFieldGroup = await BaseCustomFieldGroup.qm.getOneById(
inputs.baseCustomFieldGroupId,
{
projectId: project.id,
},
);
if (!baseCustomFieldGroup) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND;
}
}
const values = _.pick(inputs, ['position', 'name']);
const customFieldGroup = await sails.helpers.customFieldGroups.createOneInCard
.with({
project,
board,
list,
values: {
...values,
card,
baseCustomFieldGroup,
},
actorUser: currentUser,
request: this.req,
})
.intercept(
'baseCustomFieldGroupOrNameMustBeInValues',
() => Errors.BASE_CUSTOM_FIELD_GROUP_OR_NAME_MUST_BE_PRESENT,
);
return {
item: customFieldGroup,
};
},
};

85
server/api/controllers/custom-field-groups/delete.js Executable file
View file

@ -0,0 +1,85 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
customFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.customFieldGroups
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_GROUP_NOT_FOUND);
let { customFieldGroup } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (customFieldGroup.boardId) {
customFieldGroup = await sails.helpers.customFieldGroups.deleteOneInBoard.with({
project,
board,
record: customFieldGroup,
actorUser: currentUser,
request: this.req,
});
} else if (customFieldGroup.cardId) {
customFieldGroup = await sails.helpers.customFieldGroups.deleteOneInCard.with({
project,
board,
list,
card,
record: customFieldGroup,
actorUser: currentUser,
request: this.req,
});
}
if (!customFieldGroup) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
return {
item: customFieldGroup,
};
},
};

67
server/api/controllers/custom-field-groups/show.js Normal file
View file

@ -0,0 +1,67 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
customFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { customFieldGroup, board, project } = await sails.helpers.customFieldGroups
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_GROUP_NOT_FOUND);
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
}
}
const customFields = await CustomField.qm.getByCustomFieldGroupId(customFieldGroup.id);
const customFieldValues = customFieldGroup.cardId
? await CustomFieldValue.qm.getByCustomFieldGroupId(customFieldGroup.id)
: [];
return {
item: customFieldGroup,
included: {
customFields,
customFieldValues,
},
};
},
};

109
server/api/controllers/custom-field-groups/update.js Executable file
View file

@ -0,0 +1,109 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
NAME_MUST_NOT_BE_NULL: {
nameMustNotBeNull: 'Name must not be null',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
customFieldGroupNotFound: {
responseType: 'notFound',
},
nameMustNotBeNull: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.customFieldGroups
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_GROUP_NOT_FOUND);
let { customFieldGroup } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name']);
if (customFieldGroup.boardId) {
customFieldGroup = await sails.helpers.customFieldGroups.updateOneInBoard
.with({
values,
project,
board,
record: customFieldGroup,
actorUser: currentUser,
request: this.req,
})
.intercept('nameInValuesMustNotBeNull', () => Errors.NAME_MUST_NOT_BE_NULL);
} else if (customFieldGroup.cardId) {
customFieldGroup = await sails.helpers.customFieldGroups.updateOneInCard
.with({
values,
project,
board,
list,
card,
record: customFieldGroup,
actorUser: currentUser,
request: this.req,
})
.intercept('nameInValuesMustNotBeNull', () => Errors.NAME_MUST_NOT_BE_NULL);
}
if (!customFieldGroup) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
return {
item: customFieldGroup,
};
},
};

129
server/api/controllers/custom-field-values/create-or-update.js Normal file
View file

@ -0,0 +1,129 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
CUSTOM_FIELD_NOT_FOUND: {
customFieldNotFound: 'Custom field not found',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
customFieldGroupId: {
...idInput,
required: true,
},
customFieldId: {
...idInput,
required: true,
},
content: {
type: 'string',
maxLength: 512,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
cardNotFound: {
responseType: 'notFound',
},
customFieldGroupNotFound: {
responseType: 'notFound',
},
customFieldNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const customFieldGroup = await CustomFieldGroup.qm.getOneById(inputs.customFieldGroupId);
if (!customFieldGroup) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
if (customFieldGroup.boardId) {
if (customFieldGroup.boardId !== board.id) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
} else if (customFieldGroup.cardId) {
if (customFieldGroup.cardId !== card.id) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
}
const customField = await CustomField.qm.getOneById(inputs.customFieldId);
if (!customField) {
throw Errors.CUSTOM_FIELD_NOT_FOUND;
}
if (customFieldGroup.baseCustomFieldGroupId) {
if (customField.baseCustomFieldGroupId !== customFieldGroup.baseCustomFieldGroupId) {
throw Errors.CUSTOM_FIELD_NOT_FOUND;
}
} else if (customField.customFieldGroupId !== customFieldGroup.id) {
throw Errors.CUSTOM_FIELD_NOT_FOUND;
}
const values = _.pick(inputs, ['content']);
const customFieldValue = await sails.helpers.customFieldValues.createOrUpdateOne.with({
project,
board,
list,
values: {
...values,
card,
customFieldGroup,
customField,
},
actorUser: currentUser,
request: this.req,
});
return {
item: customFieldValue,
};
},
};

110
server/api/controllers/custom-field-values/delete.js Normal file
View file

@ -0,0 +1,110 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
CUSTOM_FIELD_VALUE_NOT_FOUND: {
customFieldValueNotFound: 'Custom field value not found',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
customFieldGroupId: {
...idInput,
required: true,
},
customFieldId: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
cardNotFound: {
responseType: 'notFound',
},
customFieldGroupNotFound: {
responseType: 'notFound',
},
customFieldValueNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const customFieldGroup = await CustomFieldGroup.qm.getOneById(inputs.customFieldGroupId);
if (!customFieldGroup) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND;
}
let customFieldValue =
await CustomFieldValue.qm.getOneByCardIdAndCustomFieldGroupIdAndCustomFieldId(
card.id,
customFieldGroup.id,
inputs.customFieldId,
);
if (!customFieldValue) {
throw Errors.CUSTOM_FIELD_VALUE_NOT_FOUND;
}
customFieldValue = await sails.helpers.customFieldValues.deleteOne.with({
project,
board,
list,
card,
customFieldGroup,
record: customFieldValue,
actorUser: currentUser,
request: this.req,
});
if (!customFieldValue) {
throw Errors.CUSTOM_FIELD_VALUE_NOT_FOUND;
}
return {
item: customFieldValue,
};
},
};

70
server/api/controllers/custom-fields/create-in-base-custom-field-group.js Normal file
View file

@ -0,0 +1,70 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BASE_CUSTOM_FIELD_GROUP_NOT_FOUND: {
baseCustomFieldGroupNotFound: 'Base custom field group not found',
},
};
module.exports = {
inputs: {
baseCustomFieldGroupId: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
showOnFrontOfCard: {
type: 'boolean',
},
},
exits: {
baseCustomFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { baseCustomFieldGroup, project } = await sails.helpers.baseCustomFieldGroups
.getPathToProjectById(inputs.baseCustomFieldGroupId)
.intercept('pathNotFound', () => Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND);
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.BASE_CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['position', 'name', 'showOnFrontOfCard']);
const customField = await sails.helpers.customFields.createOneInBaseCustomFieldGroup.with({
project,
values: {
...values,
baseCustomFieldGroup,
},
actorUser: currentUser,
request: this.req,
});
return {
item: customField,
};
},
};

86
server/api/controllers/custom-fields/create-in-custom-field-group.js Normal file
View file

@ -0,0 +1,86 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CUSTOM_FIELD_GROUP_NOT_FOUND: {
customFieldGroupNotFound: 'Custom field group not found',
},
};
module.exports = {
inputs: {
customFieldGroupId: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
showOnFrontOfCard: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
customFieldGroupNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { customFieldGroup, card, list, board, project } = await sails.helpers.customFieldGroups
.getPathToProjectById(inputs.customFieldGroupId)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_GROUP_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_GROUP_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name', 'showOnFrontOfCard']);
const customField = await sails.helpers.customFields.createOneInCustomFieldGroup.with({
project,
board,
list,
card,
values: {
...values,
customFieldGroup,
},
actorUser: currentUser,
request: this.req,
});
return {
item: customField,
};
},
};

95
server/api/controllers/custom-fields/delete.js Executable file
View file

@ -0,0 +1,95 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CUSTOM_FIELD_NOT_FOUND: {
customFieldNotFound: 'Custom field not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
customFieldNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.customFields
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_NOT_FOUND);
let { customField } = pathToProject;
const { customFieldGroup, card, list, board, baseCustomFieldGroup, project } = pathToProject;
if (customField.baseCustomFieldGroupId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.CUSTOM_FIELD_NOT_FOUND; // Forbidden
}
customField = await sails.helpers.customFields.deleteOneInBaseCustomFieldGroup.with({
project,
baseCustomFieldGroup,
record: customField,
actorUser: currentUser,
request: this.req,
});
} else if (customField.customFieldGroupId) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
customField = await sails.helpers.customFields.deleteOneInCustomFieldGroup.with({
project,
board,
list,
card,
customFieldGroup,
record: customField,
actorUser: currentUser,
request: this.req,
});
}
if (!customField) {
throw Errors.CUSTOM_FIELD_NOT_FOUND;
}
return {
item: customField,
};
},
};

111
server/api/controllers/custom-fields/update.js Executable file
View file

@ -0,0 +1,111 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CUSTOM_FIELD_NOT_FOUND: {
customFieldNotFound: 'Custom field not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
showOnFrontOfCard: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
customFieldNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.customFields
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.CUSTOM_FIELD_NOT_FOUND);
let { customField } = pathToProject;
const { customFieldGroup, card, list, board, baseCustomFieldGroup, project } = pathToProject;
const values = _.pick(inputs, ['position', 'name', 'showOnFrontOfCard']);
if (customField.baseCustomFieldGroupId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.CUSTOM_FIELD_NOT_FOUND; // Forbidden
}
customField = await sails.helpers.customFields.updateOneInBaseCustomFieldGroup.with({
values,
project,
baseCustomFieldGroup,
record: customField,
actorUser: currentUser,
request: this.req,
});
} else if (customField.customFieldGroupId) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CUSTOM_FIELD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
customField = await sails.helpers.customFields.updateOneInCustomFieldGroup.with({
values,
project,
board,
list,
card,
customFieldGroup,
record: customField,
actorUser: currentUser,
request: this.req,
});
}
if (!customField) {
throw Errors.CUSTOM_FIELD_NOT_FOUND;
}
return {
item: customField,
};
},
};

93
server/api/controllers/file-attachments/download-thumbnail.js Normal file
View file

@ -0,0 +1,93 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
FILE_ATTACHMENT_NOT_FOUND: {
fileAttachmentNotFound: 'File attachment not found',
},
};
const FILE_NAMES = ['outside-360', 'outside-720'];
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
fileName: {
type: 'string',
isIn: FILE_NAMES,
required: true,
},
fileExtension: {
type: 'string',
maxLength: 128, // TODO: unnecessary?
required: true,
},
},
exits: {
fileAttachmentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs, exits) {
const { currentUser } = this.req;
const { attachment, board, project } = await sails.helpers.attachments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.FILE_ATTACHMENT_NOT_FOUND);
if (attachment.type !== Attachment.Types.FILE) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
if (!attachment.data.image) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
if (inputs.fileExtension !== attachment.data.image.thumbnailsExtension) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND; // Forbidden
}
}
}
const fileManager = sails.hooks['file-manager'].getInstance();
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.data.fileReferenceId}/thumbnails/${inputs.fileName}.${inputs.fileExtension}`,
);
} catch (error) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
this.res.type(attachment.data.mimeType);
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(readStream);
},
};

91
server/api/controllers/file-attachments/download.js Normal file
View file

@ -0,0 +1,91 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
FILE_ATTACHMENT_NOT_FOUND: {
fileAttachmentNotFound: 'File attachment not found',
},
};
const INLINE_MIME_TYPES_SET = new Set([
'application/pdf',
'audio/mpeg',
'audio/wav',
'audio/ogg',
'audio/opus',
'audio/mp4',
'audio/x-aac',
'video/mp4',
'video/ogg',
'video/webm',
]);
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
fileAttachmentNotFound: {
responseType: 'notFound',
},
},
async fn(inputs, exits) {
const { currentUser } = this.req;
const { attachment, board, project } = await sails.helpers.attachments
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.FILE_ATTACHMENT_NOT_FOUND);
if (attachment.type !== Attachment.Types.FILE) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND; // Forbidden
}
}
}
const fileManager = sails.hooks['file-manager'].getInstance();
let readStream;
try {
readStream = await fileManager.read(
`${sails.config.custom.attachmentsPathSegment}/${attachment.data.fileReferenceId}/${attachment.data.filename}`,
);
} catch (error) {
throw Errors.FILE_ATTACHMENT_NOT_FOUND;
}
if (attachment.data.mimeType) {
this.res.type(attachment.data.mimeType);
}
if (!INLINE_MIME_TYPES_SET.has(attachment.data.mimeType) && !attachment.data.image) {
this.res.set('Content-Disposition', 'attachment');
}
this.res.set('Cache-Control', 'private, max-age=900'); // TODO: move to config
return exits.success(readStream);
},
};

22
server/api/controllers/labels/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,17 +17,18 @@ const Errors = {
module.exports = {
inputs: {
boardId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
color: {
@ -43,13 +51,13 @@ module.exports = {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getProjectPath(inputs.boardId)
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.BOARD_NOT_FOUND; // Forbidden

26
server/api/controllers/labels/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,17 +34,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.labels
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.labels
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LABEL_NOT_FOUND);
let { label } = path;
const { board, project } = path;
let { label } = pathToProject;
const { board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LABEL_NOT_FOUND; // Forbidden

32
server/api/controllers/labels/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,16 +17,17 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
color: {
@ -40,17 +48,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.labels
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.labels
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LABEL_NOT_FOUND);
let { label } = path;
const { board, project } = path;
let { label } = pathToProject;
const { board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LABEL_NOT_FOUND; // Forbidden
@ -71,6 +79,10 @@ module.exports = {
request: this.req,
});
if (!label) {
throw Errors.LABEL_NOT_FOUND;
}
return {
item: label,
};

75
server/api/controllers/lists/clear.js Normal file
View file

@ -0,0 +1,75 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
listNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { list, board, project } = await sails.helpers.lists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
// TODO: allow for other types?
if (list.type !== List.Types.TRASH) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
await sails.helpers.lists.clearOne.with({
project,
board,
record: list,
actorUser: currentUser,
request: this.req,
});
return {
item: list,
};
},
};

27
server/api/controllers/lists/create.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,16 +17,22 @@ const Errors = {
module.exports = {
inputs: {
boardId: {
...idInput,
required: true,
},
type: {
type: 'string',
regex: /^[0-9]+$/,
isIn: List.FINITE_TYPES,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
},
@ -37,13 +50,13 @@ module.exports = {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getProjectPath(inputs.boardId)
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
@ -53,7 +66,7 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name']);
const values = _.pick(inputs, ['type', 'position', 'name']);
const list = await sails.helpers.lists.createOne.with({
project,

38
server/api/controllers/lists/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,27 +34,31 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.lists
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.lists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
let { list } = path;
const { board, project } = path;
let { list } = pathToProject;
const { board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
if (!sails.helpers.lists.isFinite(list)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
list = await sails.helpers.lists.deleteOne.with({
const result = await sails.helpers.lists.deleteOne.with({
project,
board,
record: list,
@ -56,12 +66,18 @@ module.exports = {
request: this.req,
});
({ list } = result);
const { cards } = result;
if (!list) {
throw Errors.LIST_NOT_FOUND;
}
return {
item: list,
included: {
cards,
},
};
},
};

95
server/api/controllers/lists/move-cards.js Normal file
View file

@ -0,0 +1,95 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
listId: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
listNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { list, board, project } = await sails.helpers.lists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
// TODO: allow for other types?
if (list.type !== List.Types.CLOSED) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const nextList = await List.qm.getOneById(inputs.listId, {
boardId: board.id,
});
if (!nextList) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
// TODO: allow for other types?
if (nextList.type !== List.Types.ARCHIVE) {
throw Errors.LIST_NOT_FOUND;
}
const { cards, actions } = await sails.helpers.lists.moveCards.with({
project,
board,
record: list,
values: {
list: nextList,
},
actorUser: currentUser,
request: this.req,
});
return {
item: list,
included: {
cards,
actions,
},
};
},
};

112
server/api/controllers/lists/show.js Normal file
View file

@ -0,0 +1,112 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
listNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { list, project } = await sails.helpers.lists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
if (!sails.helpers.lists.isFinite(list)) {
throw Errors.LIST_NOT_FOUND;
}
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
list.boardId,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
}
}
const cards = await Card.qm.getByListId(list.id);
const cardIds = sails.helpers.utils.mapRecords(cards);
const userIds = sails.helpers.utils.mapRecords(cards, 'creatorUserId', true, true);
const users = await User.qm.getByIds(userIds);
const cardMemberships = await CardMembership.qm.getByCardIds(cardIds);
const cardLabels = await CardLabel.qm.getByCardIds(cardIds);
const taskLists = await TaskList.qm.getByCardIds(cardIds);
const taskListIds = sails.helpers.utils.mapRecords(taskLists);
const tasks = await Task.qm.getByTaskListIds(taskListIds);
const attachments = await Attachment.qm.getByCardIds(cardIds);
const customFieldGroups = await CustomFieldGroup.qm.getByCardIds(cardIds);
const customFieldGroupIds = sails.helpers.utils.mapRecords(customFieldGroups);
const customFields = await CustomField.qm.getByCustomFieldGroupIds(customFieldGroupIds);
const customFieldValues = await CustomFieldValue.qm.getByCardIds(cardIds);
const cardSubscriptions = await CardSubscription.qm.getByCardIdsAndUserId(
cardIds,
currentUser.id,
);
const isSubscribedByCardId = cardSubscriptions.reduce(
(result, cardSubscription) => ({
...result,
[cardSubscription.cardId]: true,
}),
{},
);
cards.forEach((card) => {
// eslint-disable-next-line no-param-reassign
card.isSubscribed = isSubscribedByCardId[card.id] || false;
});
return {
item: list,
included: {
cards,
cardMemberships,
cardLabels,
taskLists,
tasks,
customFieldGroups,
customFields,
customFieldValues,
users: sails.helpers.users.presentMany(users, currentUser),
attachments: sails.helpers.attachments.presentMany(attachments),
},
};
},
};

57
server/api/controllers/lists/sort.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -5,18 +12,25 @@ const Errors = {
LIST_NOT_FOUND: {
listNotFound: 'List not found',
},
CANNOT_BE_SORTED_AS_ENDLESS_LIST: {
cannotBeSortedAsEndlessList: 'Cannot be sorted as endless list',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
type: {
fieldName: {
type: 'string',
isIn: Object.values(List.SortTypes),
isIn: Object.values(List.SortFieldNames),
required: true,
},
order: {
type: 'string',
isIn: Object.values(List.SortOrders),
},
},
@ -27,36 +41,43 @@ module.exports = {
listNotFound: {
responseType: 'notFound',
},
cannotBeSortedAsEndlessList: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { list, board, project } = await sails.helpers.lists
.getProjectPath(inputs.id)
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND;
throw Errors.LIST_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const cards = await sails.helpers.lists.sortOne.with({
project,
board,
record: list,
type: inputs.type,
actorUser: currentUser,
request: this.req,
});
const options = _.pick(inputs, ['fieldName', 'order']);
const cards = await sails.helpers.lists.sortOne
.with({
options,
project,
board,
record: list,
actorUser: currentUser,
request: this.req,
})
.intercept('cannotBeSortedAsEndlessList', () => Errors.CANNOT_BE_SORTED_AS_ENDLESS_LIST);
return {
item: list,

38
server/api/controllers/lists/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,16 +17,21 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
type: {
type: 'string',
isIn: List.FINITE_TYPES,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
color: {
type: 'string',
@ -40,27 +52,31 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.lists
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.lists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.LIST_NOT_FOUND);
let { list } = path;
const { board, project } = path;
let { list } = pathToProject;
const { board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.LIST_NOT_FOUND; // Forbidden
}
if (!sails.helpers.lists.isFinite(list)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name', 'color']);
const values = _.pick(inputs, ['type', 'position', 'name', 'color']);
list = await sails.helpers.lists.updateOne.with({
values,

75
server/api/controllers/notification-services/create-in-board.js Normal file
View file

@ -0,0 +1,75 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
BOARD_NOT_FOUND: {
boardNotFound: 'Board not found',
},
LIMIT_REACHED: {
limitReached: 'Limit reached',
},
};
module.exports = {
inputs: {
boardId: {
...idInput,
required: true,
},
url: {
type: 'string',
maxLength: 512,
required: true,
},
format: {
type: 'string',
isIn: Object.values(NotificationService.Formats),
required: true,
},
},
exits: {
boardNotFound: {
responseType: 'notFound',
},
limitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { board, project } = await sails.helpers.boards
.getPathToProjectById(inputs.boardId)
.intercept('pathNotFound', () => Errors.BOARD_NOT_FOUND);
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
throw Errors.BOARD_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['url', 'format']);
const notificationService = await sails.helpers.notificationServices.createOneInBoard
.with({
project,
values: {
...values,
board,
},
actorUser: currentUser,
request: this.req,
})
.intercept('limitReached', () => Errors.LIMIT_REACHED);
return {
item: notificationService,
};
},
};

68
server/api/controllers/notification-services/create-in-user.js Normal file
View file

@ -0,0 +1,68 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
LIMIT_REACHED: {
limitReached: 'Limit reached',
},
};
module.exports = {
inputs: {
userId: {
...idInput,
required: true,
},
url: {
type: 'string',
maxLength: 512,
required: true,
},
format: {
type: 'string',
isIn: Object.values(NotificationService.Formats),
required: true,
},
},
exits: {
userNotFound: {
responseType: 'notFound',
},
limitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
const { currentUser } = this.req;
if (inputs.userId !== currentUser.id) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
const values = _.pick(inputs, ['url', 'format']);
const notificationService = await sails.helpers.notificationServices.createOneInUser
.with({
values: {
...values,
user: currentUser,
},
actorUser: currentUser,
request: this.req,
})
.intercept('limitReached', () => Errors.LIMIT_REACHED);
return {
item: notificationService,
};
},
};

76
server/api/controllers/notification-services/delete.js Normal file
View file

@ -0,0 +1,76 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOTIFICATION_SERVICE_NOT_FOUND: {
notificationServiceNotFound: 'Notification service not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notificationServiceNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.notificationServices
.getPathToUserById(inputs.id)
.intercept('pathNotFound', () => Errors.NOTIFICATION_SERVICE_NOT_FOUND);
let { notificationService } = pathToProject;
const { user, board, project } = pathToProject;
if (notificationService.userId) {
if (user.id !== currentUser.id) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
notificationService = await sails.helpers.notificationServices.deleteOneInUser.with({
user,
record: notificationService,
actorUser: currentUser,
request: this.req,
});
} else if (notificationService.boardId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
notificationService = await sails.helpers.notificationServices.deleteOneInBoard.with({
project,
board,
record: notificationService,
actorUser: currentUser,
request: this.req,
});
}
if (!notificationService) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND;
}
return {
item: notificationService,
};
},
};

59
server/api/controllers/notification-services/test.js Normal file
View file

@ -0,0 +1,59 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOTIFICATION_SERVICE_NOT_FOUND: {
notificationServiceNotFound: 'Notification service not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notificationServiceNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { notificationService, user, project } = await sails.helpers.notificationServices
.getPathToUserById(inputs.id)
.intercept('pathNotFound', () => Errors.NOTIFICATION_SERVICE_NOT_FOUND);
if (notificationService.userId) {
if (user.id !== currentUser.id) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
} else if (notificationService.boardId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
}
await sails.helpers.notificationServices.testOne.with({
record: notificationService,
i18n: this.req.i18n,
});
return {
item: notificationService,
};
},
};

89
server/api/controllers/notification-services/update.js Normal file
View file

@ -0,0 +1,89 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOTIFICATION_SERVICE_NOT_FOUND: {
notificationServiceNotFound: 'Notification service not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
url: {
type: 'string',
isNotEmptyString: true,
maxLength: 512,
},
format: {
type: 'string',
isIn: Object.values(NotificationService.Formats),
},
},
exits: {
notificationServiceNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.notificationServices
.getPathToUserById(inputs.id)
.intercept('pathNotFound', () => Errors.NOTIFICATION_SERVICE_NOT_FOUND);
let { notificationService } = pathToProject;
const { user, board, project } = pathToProject;
const values = _.pick(inputs, ['url', 'format']);
if (notificationService.userId) {
if (user.id !== currentUser.id) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
notificationService = await sails.helpers.notificationServices.updateOneInUser.with({
values,
user,
record: notificationService,
actorUser: currentUser,
request: this.req,
});
} else if (notificationService.boardId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND; // Forbidden
}
notificationService = await sails.helpers.notificationServices.updateOneInBoard.with({
values,
project,
board,
record: notificationService,
actorUser: currentUser,
request: this.req,
});
}
if (!notificationService) {
throw Errors.NOTIFICATION_SERVICE_NOT_FOUND;
}
return {
item: notificationService,
};
},
};

21
server/api/controllers/notifications/index.js
View file

@ -1,24 +1,21 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
async fn() {
const { currentUser } = this.req;
const notifications = await sails.helpers.users.getNotifications(currentUser.id);
const notifications = await Notification.qm.getUnreadByUserId(currentUser.id);
const actionIds = sails.helpers.utils.mapRecords(notifications, 'actionId');
const actions = await sails.helpers.actions.getMany(actionIds);
const userIds = sails.helpers.utils.mapRecords(actions, 'userId', true);
const users = await sails.helpers.users.getMany(userIds, true);
const cardIds = sails.helpers.utils.mapRecords(notifications, 'cardId');
const cards = await sails.helpers.cards.getMany(cardIds);
const userIds = sails.helpers.utils.mapRecords(notifications, 'creatorUserId', true, true);
const users = await User.qm.getByIds(userIds);
return {
items: notifications,
included: {
users,
cards,
actions,
users: sails.helpers.users.presentMany(users, currentUser),
},
};
},

19
server/api/controllers/notifications/read-all.js Executable file
View file

@ -0,0 +1,19 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
async fn() {
const { currentUser } = this.req;
const notifications = await sails.helpers.notifications.readAllForUser.with({
user: currentUser,
request: this.req,
});
return {
items: notifications,
};
},
};

24
server/api/controllers/notifications/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOTIFICATION_NOT_FOUND: {
notificationNotFound: 'Notification not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -22,9 +28,7 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const notification = await Notification.findOne({
id: inputs.id,
isRead: false,
const notification = await Notification.qm.getOneById(inputs.id, {
userId: currentUser.id,
});
@ -32,16 +36,14 @@ module.exports = {
throw Errors.NOTIFICATION_NOT_FOUND;
}
const action = await Action.findOne(notification.actionId);
const user = await sails.helpers.users.getOne(action.userId, true);
const card = await Card.findOne(notification.cardId);
const users = notification.creatorUserId
? await User.qm.getByIds([notification.creatorUserId])
: [];
return {
item: notification,
included: {
users: [user],
cards: [card],
actions: [action],
users,
},
};
},

42
server/api/controllers/notifications/update.js Executable file → Normal file
View file

@ -1,29 +1,59 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOTIFICATION_NOT_FOUND: {
notificationNotFound: 'Notification not found',
},
};
module.exports = {
inputs: {
ids: {
type: 'string',
id: {
...idInput,
required: true,
regex: /^[0-9]+(,[0-9]+)*$/,
},
isRead: {
type: 'boolean',
},
},
exits: {
notificationNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let notification = await Notification.qm.getOneById(inputs.id, {
userId: currentUser.id,
});
if (!notification) {
throw Errors.NOTIFICATION_NOT_FOUND;
}
const values = _.pick(inputs, ['isRead']);
const notifications = await sails.helpers.notifications.updateMany.with({
notification = await sails.helpers.notifications.updateOne.with({
values,
recordsOrIds: inputs.ids.split(','),
record: notification,
actorUser: currentUser,
request: this.req,
});
if (!notification) {
throw Errors.NOTIFICATION_NOT_FOUND;
}
return {
items: notifications,
item: notification,
};
},
};

54
server/api/controllers/project-managers/create.js
View file

@ -1,4 +1,14 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
},
@ -8,23 +18,27 @@ const Errors = {
USER_ALREADY_PROJECT_MANAGER: {
userAlreadyProjectManager: 'User already project manager',
},
USER_MUST_BE_ADMIN_OR_PROJECT_OWNER: {
userMustBeAdminOrProjectOwner: 'User must be admin or project owner',
},
};
module.exports = {
inputs: {
projectId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
userId: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
projectNotFound: {
responseType: 'notFound',
},
@ -34,27 +48,41 @@ module.exports = {
userAlreadyProjectManager: {
responseType: 'conflict',
},
userMustBeAdminOrProjectOwner: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const project = await Project.findOne(inputs.projectId);
const project = await Project.qm.getOneById(inputs.projectId);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
}
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (currentUser.role !== User.Roles.ADMIN) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
if (!isProjectManager) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
}
const user = await sails.helpers.users.getOne(inputs.userId);
if (project.ownerProjectManagerId) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const user = await User.qm.getOneById(inputs.userId, {
withDeactivated: false,
});
if (!user) {
throw Error.USER_NOT_FOUND;
throw Errors.USER_NOT_FOUND;
}
const projectManager = await sails.helpers.projectManagers.createOne
@ -66,7 +94,11 @@ module.exports = {
actorUser: currentUser,
request: this.req,
})
.intercept('userAlreadyProjectManager', () => Errors.USER_ALREADY_PROJECT_MANAGER);
.intercept('userAlreadyProjectManager', () => Errors.USER_ALREADY_PROJECT_MANAGER)
.intercept(
'userInValuesMustBeAdminOrProjectOwner',
() => Errors.USER_MUST_BE_ADMIN_OR_PROJECT_OWNER,
);
return {
item: projectManager,

66
server/api/controllers/project-managers/delete.js
View file

@ -1,48 +1,78 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
PROJECT_MANAGER_NOT_FOUND: {
projectManagerNotFound: 'Project manager not found',
},
MUST_NOT_BE_LAST: {
mustNotBeLast: 'Must not be last',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
projectManagerNotFound: {
responseType: 'notFound',
},
mustNotBeLast: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let projectManager = await ProjectManager.findOne(inputs.id);
const pathToProject = await sails.helpers.projectManagers
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.PROJECT_MANAGER_NOT_FOUND);
if (!projectManager) {
throw Errors.PROJECT_MANAGER_NOT_FOUND;
let { projectManager } = pathToProject;
const { project } = pathToProject;
if (currentUser.role !== User.Roles.ADMIN) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
throw Errors.PROJECT_MANAGER_NOT_FOUND; // Forbidden
}
}
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
projectManager.projectId,
);
if (!isProjectManager) {
throw Errors.PROJECT_MANAGER_NOT_FOUND; // Forbidden
if (project.ownerProjectManagerId) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
// TODO: check if the last one
projectManager = await sails.helpers.projectManagers.deleteOne.with({
record: projectManager,
actorUser: currentUser,
request: this.req,
});
const user = await User.qm.getOneById(projectManager.userId);
projectManager = await sails.helpers.projectManagers.deleteOne
.with({
user,
project,
record: projectManager,
actorUser: currentUser,
request: this.req,
})
.intercept('mustNotBeLast', () => Errors.MUST_NOT_BE_LAST);
if (!projectManager) {
throw Errors.PROJECT_MANAGER_NOT_FOUND;

33
server/api/controllers/projects/create.js
View file

@ -1,31 +1,32 @@
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
};
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
inputs: {
name: {
type: {
type: 'string',
isIn: Object.values(Project.Types),
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
name: {
type: 'string',
maxLength: 128,
required: true,
},
description: {
type: 'string',
isNotEmptyString: true,
maxLength: 1024,
allowNull: true,
},
},
async fn(inputs) {
const { currentUser } = this.req;
if (!currentUser.isAdmin && !sails.config.custom.allowAllToCreateProjects) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['name']);
const values = _.pick(inputs, ['type', 'name', 'description']);
const { project, projectManager } = await sails.helpers.projects.createOne.with({
values,

30
server/api/controllers/projects/delete.js
View file

@ -1,14 +1,23 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
},
MUST_NOT_HAVE_BOARDS: {
mustNotHaveBoards: 'Must not have boards',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -17,12 +26,15 @@ module.exports = {
projectNotFound: {
responseType: 'notFound',
},
mustNotHaveBoards: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let project = await Project.findOne(inputs.id);
let project = await Project.qm.getOneById(inputs.id);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
@ -34,11 +46,13 @@ module.exports = {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
project = await sails.helpers.projects.deleteOne.with({
record: project,
actorUser: currentUser,
request: this.req,
});
project = await sails.helpers.projects.deleteOne
.with({
record: project,
actorUser: currentUser,
request: this.req,
})
.intercept('mustNotHaveBoards', () => Errors.MUST_NOT_HAVE_BOARDS);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;

101
server/api/controllers/projects/index.js
View file

@ -1,53 +1,104 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
module.exports = {
async fn() {
const { currentUser } = this.req;
const managerProjectIds = await sails.helpers.users.getManagerProjectIds(currentUser.id);
const managerProjects = await sails.helpers.projects.getMany(managerProjectIds);
let sharedProjects;
let sharedProjectIds;
let boardMemberships = await sails.helpers.users.getBoardMemberships(currentUser.id);
const managerProjectIds = await sails.helpers.users.getManagerProjectIds(currentUser.id);
const fullyVisibleProjectIds = [...managerProjectIds];
if (currentUser.role === User.Roles.ADMIN) {
sharedProjects = await Project.qm.getShared({
exceptIdOrIds: managerProjectIds,
});
sharedProjectIds = sails.helpers.utils.mapRecords(sharedProjects);
fullyVisibleProjectIds.push(...sharedProjectIds);
}
const boardMemberships = await BoardMembership.qm.getByUserId(currentUser.id);
const membershipBoardIds = sails.helpers.utils.mapRecords(boardMemberships, 'boardId');
let membershipBoards = await sails.helpers.boards.getMany({
id: membershipBoardIds,
projectId: {
'!=': managerProjectIds,
},
const membershipBoards = await Board.qm.getByIds(membershipBoardIds, {
exceptProjectIdOrIds: fullyVisibleProjectIds,
});
let membershipProjectIds = sails.helpers.utils.mapRecords(membershipBoards, 'projectId', true);
const membershipProjects = await sails.helpers.projects.getMany(membershipProjectIds);
membershipProjectIds = sails.helpers.utils.mapRecords(membershipProjects);
const membershipProjectIds = sails.helpers.utils.mapRecords(
membershipBoards,
'projectId',
true,
);
const projectIds = [...managerProjectIds, ...membershipProjectIds];
const projects = [...managerProjects, ...membershipProjects];
const projects = await Project.qm.getByIds(projectIds);
const projectManagers = await sails.helpers.projects.getProjectManagers(projectIds);
if (sharedProjectIds) {
projectIds.push(...sharedProjectIds);
projects.push(...sharedProjects);
}
const fullyVisibleBoards = await Board.qm.getByProjectIds(fullyVisibleProjectIds);
const boards = [...fullyVisibleBoards, ...membershipBoards];
const projectFavorites = await ProjectFavorite.qm.getByProjectIdsAndUserId(
projectIds,
currentUser.id,
);
const projectManagers = await ProjectManager.qm.getByProjectIds(projectIds);
const userIds = sails.helpers.utils.mapRecords(projectManagers, 'userId', true);
const users = await sails.helpers.users.getMany(userIds);
const users = await User.qm.getByIds(userIds);
const managerBoards = await sails.helpers.projects.getBoards(managerProjectIds);
const backgroundImages = await BackgroundImage.qm.getByProjectIds(projectIds);
membershipBoards = membershipBoards.filter((membershipBoard) =>
membershipProjectIds.includes(membershipBoard.projectId),
const baseCustomFieldGroups = await BaseCustomFieldGroup.qm.getByProjectIds(projectIds);
const baseCustomFieldGroupsIds = sails.helpers.utils.mapRecords(baseCustomFieldGroups);
const customFields =
await CustomField.qm.getByBaseCustomFieldGroupIds(baseCustomFieldGroupsIds);
let notificationServices = [];
if (managerProjectIds.length > 0) {
const managerProjectIdsSet = new Set(managerProjectIds);
const managerBoardIds = boards.flatMap((board) =>
managerProjectIdsSet.has(board.projectId) ? board.id : [],
);
notificationServices = await NotificationService.qm.getByBoardIds(managerBoardIds);
}
const isFavoriteByProjectId = projectFavorites.reduce(
(result, projectFavorite) => ({
...result,
[projectFavorite.projectId]: true,
}),
{},
);
const boards = [...managerBoards, ...membershipBoards];
const boardIds = sails.helpers.utils.mapRecords(boards);
boardMemberships = boardMemberships.filter((boardMembership) =>
boardIds.includes(boardMembership.boardId),
);
projects.forEach((project) => {
// eslint-disable-next-line no-param-reassign
project.isFavorite = isFavoriteByProjectId[project.id] || false;
});
return {
items: projects,
included: {
users,
projectManagers,
baseCustomFieldGroups,
boards,
boardMemberships,
customFields,
notificationServices,
users: sails.helpers.users.presentMany(users, currentUser),
backgroundImages: sails.helpers.backgroundImages.presentMany(backgroundImages),
},
};
},

70
server/api/controllers/projects/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
@ -7,8 +14,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -22,43 +28,67 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const project = await Project.findOne(inputs.id);
const project = await Project.qm.getOneById(inputs.id);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
}
let boards = await sails.helpers.projects.getBoards(project.id);
let boardIds = sails.helpers.utils.mapRecords(boards);
const boardMemberships = await sails.helpers.boardMemberships.getMany({
boardId: boardIds,
userId: currentUser.id,
});
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
if (!isProjectManager) {
if (boardMemberships.length === 0) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
const boardMemberships = await BoardMembership.qm.getByProjectIdAndUserId(
project.id,
currentUser.id,
);
boardIds = sails.helpers.utils.mapRecords(boardMemberships, 'boardId');
boards = boards.filter((board) => boardIds.includes(board.id));
let boards;
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
if (!isProjectManager) {
if (boardMemberships.length === 0) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
const boardIds = sails.helpers.utils.mapRecords(boardMemberships, 'boardId');
boards = await Board.qm.getByIds(boardIds);
}
}
const projectManagers = await sails.helpers.projects.getProjectManagers(project.id);
if (!boards) {
boards = await Board.qm.getByProjectId(project.id);
}
project.isFavorite = await sails.helpers.users.isProjectFavorite(currentUser.id, project.id);
const projectManagers = await ProjectManager.qm.getByProjectId(project.id);
const userIds = sails.helpers.utils.mapRecords(projectManagers, 'userId');
const users = await sails.helpers.users.getMany(userIds);
const users = await User.qm.getByIds(userIds);
const backgroundImages = await BackgroundImage.qm.getByProjectId(project.id);
const baseCustomFieldGroups = await BaseCustomFieldGroup.qm.getByProjectId(project.id);
const baseCustomFieldGroupsIds = sails.helpers.utils.mapRecords(baseCustomFieldGroups);
const customFields =
await CustomField.qm.getByBaseCustomFieldGroupIds(baseCustomFieldGroupsIds);
let notificationServices = [];
if (isProjectManager) {
boardIds = sails.helpers.utils.mapRecords(boards);
notificationServices = await NotificationService.qm.getByBoardIds(boardIds);
}
return {
item: project,
included: {
users,
projectManagers,
baseCustomFieldGroups,
boards,
boardMemberships,
customFields,
notificationServices,
users: sails.helpers.users.presentMany(users, currentUser),
backgroundImages: sails.helpers.backgroundImages.presentMany(backgroundImages),
},
};
},

239
server/api/controllers/projects/update.js
View file

@ -1,89 +1,230 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
PROJECT_NOT_FOUND: {
projectNotFound: 'Project not found',
},
OWNER_PROJECT_MANAGER_NOT_FOUND: {
ownerProjectManagerNotFound: 'Owner project manager not found',
},
BACKGROUND_IMAGE_NOT_FOUND: {
backgroundImageNotFound: 'Background image not found',
},
PROJECT_ALREADY_HAS_OWNER_PROJECT_MANAGER: {
projectAlreadyHasOwnerProjectManager: 'Project already has owner project manager',
},
OWNER_PROJECT_MANAGER_MUST_BE_LAST_MANAGER: {
ownerProjectManagerMustBeLastManager: 'Owner project manager must be last manager',
},
BACKGROUND_IMAGE_MUST_BE_PRESENT: {
backgroundImageMustBePresent: 'Background image must be present',
},
BACKGROUND_GRADIENT_MUST_BE_PRESENT: {
backgroundGradientMustBePresent: 'Background gradient must be present',
},
};
const backgroundValidator = (value) => {
if (_.isNull(value)) {
return true;
}
if (!_.isPlainObject(value)) {
return false;
}
if (!Object.values(Project.BackgroundTypes).includes(value.type)) {
return false;
}
if (
value.type === Project.BackgroundTypes.GRADIENT &&
_.size(value) === 2 &&
Project.BACKGROUND_GRADIENTS.includes(value.name)
) {
return true;
}
if (value.type === Project.BackgroundTypes.IMAGE && _.size(value) === 1) {
return true;
}
return false;
};
const backgroundImageValidator = (value) => _.isNull(value);
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
ownerProjectManagerId: {
...idInput,
allowNull: true,
},
backgroundImageId: {
...idInput,
allowNull: true,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
background: {
type: 'json',
custom: backgroundValidator,
description: {
type: 'string',
isNotEmptyString: true,
maxLength: 1024,
allowNull: true,
},
backgroundImage: {
type: 'json',
custom: backgroundImageValidator,
backgroundType: {
type: 'string',
isIn: Object.values(Project.BackgroundTypes),
allowNull: true,
},
backgroundGradient: {
type: 'string',
isIn: Project.BACKGROUND_GRADIENTS,
allowNull: true,
},
isHidden: {
type: 'boolean',
},
isFavorite: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
projectNotFound: {
responseType: 'notFound',
},
ownerProjectManagerNotFound: {
responseType: 'notFound',
},
backgroundImageNotFound: {
responseType: 'notFound',
},
projectAlreadyHasOwnerProjectManager: {
responseType: 'conflict',
},
ownerProjectManagerMustBeLastManager: {
responseType: 'unprocessableEntity',
},
backgroundImageMustBePresent: {
responseType: 'unprocessableEntity',
},
backgroundGradientMustBePresent: {
responseType: 'unprocessableEntity',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let project = await Project.findOne(inputs.id);
let project = await Project.qm.getOneById(inputs.id);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;
}
const isProjectManager = await sails.helpers.users.isProjectManager(currentUser.id, project.id);
const projectManager = await ProjectManager.qm.getOneByProjectIdAndUserId(
project.id,
currentUser.id,
);
if (!isProjectManager) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
const availableInputKeys = ['id', 'isFavorite'];
if (project.ownerProjectManagerId) {
if (projectManager) {
if (!_.isNil(inputs.ownerProjectManagerId)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
availableInputKeys.push('ownerProjectManagerId', 'isHidden');
}
} else if (currentUser.role === User.Roles.ADMIN) {
availableInputKeys.push('ownerProjectManagerId', 'isHidden');
} else if (projectManager) {
availableInputKeys.push('isHidden');
}
const values = _.pick(inputs, ['name', 'background', 'backgroundImage']);
if (projectManager) {
availableInputKeys.push(
'backgroundImageId',
'name',
'description',
'backgroundType',
'backgroundGradient',
);
}
project = await sails.helpers.projects.updateOne.with({
values,
record: project,
actorUser: currentUser,
request: this.req,
});
if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let nextOwnerProjectManager;
if (inputs.ownerProjectManagerId) {
nextOwnerProjectManager = await ProjectManager.qm.getOneById(inputs.ownerProjectManagerId, {
projectId: project.id,
});
if (!nextOwnerProjectManager) {
throw Errors.OWNER_PROJECT_MANAGER_NOT_FOUND;
}
delete inputs.ownerProjectManagerId; // eslint-disable-line no-param-reassign
}
let nextBackgroundImage;
if (inputs.backgroundImageId) {
nextBackgroundImage = await BackgroundImage.qm.getOneById(inputs.backgroundImageId, {
projectId: project.id,
});
if (!nextBackgroundImage) {
throw Errors.BACKGROUND_IMAGE_NOT_FOUND;
}
delete inputs.backgroundImageId; // eslint-disable-line no-param-reassign
}
if (!_.isUndefined(inputs.isFavorite)) {
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
if (!projectManager) {
const boardMembershipsTotal =
await sails.helpers.projects.getBoardMembershipsTotalByIdAndUserId(
project.id,
currentUser.id,
);
if (boardMembershipsTotal === 0) {
throw Errors.PROJECT_NOT_FOUND; // Forbidden
}
}
}
}
const values = _.pick(inputs, [
'ownerProjectManagerId',
'backgroundImageId',
'name',
'description',
'backgroundType',
'backgroundGradient',
'isHidden',
'isFavorite',
]);
project = await sails.helpers.projects.updateOne
.with({
record: project,
values: {
...values,
ownerProjectManager: nextOwnerProjectManager,
backgroundImage: nextBackgroundImage,
},
actorUser: currentUser,
request: this.req,
})
.intercept(
'ownerProjectManagerInValuesMustBeLastManager',
() => Errors.OWNER_PROJECT_MANAGER_MUST_BE_LAST_MANAGER,
)
.intercept(
'backgroundImageInValuesMustBePresent',
() => Errors.BACKGROUND_IMAGE_MUST_BE_PRESENT,
)
.intercept(
'backgroundGradientInValuesMustBePresent',
() => Errors.BACKGROUND_GRADIENT_MUST_BE_PRESENT,
)
.intercept(
'alreadyHasOwnerProjectManager',
() => Errors.PROJECT_ALREADY_HAS_OWNER_PROJECT_MANAGER,
);
if (!project) {
throw Errors.PROJECT_NOT_FOUND;

47
server/api/controllers/show-config.js
View file

@ -1,47 +0,0 @@
const Errors = {
INVALID_OIDC_CONFIGURATION: {
invalidOidcConfiguration: 'Invalid OIDC configuration',
},
};
module.exports = {
exits: {
invalidOidcConfiguration: {
responseType: 'serverError',
},
},
async fn() {
let oidc = null;
if (sails.hooks.oidc.isActive()) {
let oidcClient;
try {
oidcClient = await sails.hooks.oidc.getClient();
} catch (error) {
sails.log.warn(`Error while initializing OIDC client: ${error}`);
throw Errors.INVALID_OIDC_CONFIGURATION;
}
const authorizationUrlParams = {
scope: sails.config.custom.oidcScopes,
};
if (!sails.config.custom.oidcUseDefaultResponseMode) {
authorizationUrlParams.response_mode = sails.config.custom.oidcResponseMode;
}
oidc = {
authorizationUrl: oidcClient.authorizationUrl(authorizationUrlParams),
endSessionUrl: oidcClient.issuer.end_session_endpoint ? oidcClient.endSessionUrl({}) : null,
isEnforced: sails.config.custom.oidcEnforced,
};
}
return {
item: {
oidc,
allowAllToCreateProjects: sails.config.custom.allowAllToCreateProjects,
},
};
},
};

85
server/api/controllers/task-lists/create.js Executable file
View file

@ -0,0 +1,85 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
},
};
module.exports = {
inputs: {
cardId: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
showOnFrontOfCard: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
cardNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getPathToProjectById(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name', 'showOnFrontOfCard']);
const taskList = await sails.helpers.taskLists.createOne.with({
project,
board,
list,
values: {
...values,
card,
},
actorUser: currentUser,
request: this.req,
});
return {
item: taskList,
};
},
};

75
server/api/controllers/task-lists/delete.js Executable file
View file

@ -0,0 +1,75 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
TASK_LIST_NOT_FOUND: {
taskListNotFound: 'Task list not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
taskListNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.taskLists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.TASK_LIST_NOT_FOUND);
let { taskList } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.TASK_LIST_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
taskList = await sails.helpers.taskLists.deleteOne.with({
project,
board,
list,
card,
record: taskList,
actorUser: currentUser,
request: this.req,
});
if (!taskList) {
throw Errors.TASK_LIST_NOT_FOUND;
}
return {
item: taskList,
};
},
};

62
server/api/controllers/task-lists/show.js Normal file
View file

@ -0,0 +1,62 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
TASK_LIST_NOT_FOUND: {
taskListNotFound: 'Task list not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
},
exits: {
taskListNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const { taskList, board, project } = await sails.helpers.taskLists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.TASK_LIST_NOT_FOUND);
if (currentUser.role !== User.Roles.ADMIN || project.ownerProjectManagerId) {
const isProjectManager = await sails.helpers.users.isProjectManager(
currentUser.id,
project.id,
);
if (!isProjectManager) {
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.TASK_LIST_NOT_FOUND; // Forbidden
}
}
}
const tasks = await Task.qm.getByTaskListId(taskList.id);
return {
item: taskList,
included: {
tasks,
},
};
},
};

90
server/api/controllers/task-lists/update.js Executable file
View file

@ -0,0 +1,90 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
TASK_LIST_NOT_FOUND: {
taskListNotFound: 'Task list not found',
},
};
module.exports = {
inputs: {
id: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
showOnFrontOfCard: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
taskListNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const pathToProject = await sails.helpers.taskLists
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.TASK_LIST_NOT_FOUND);
let { taskList } = pathToProject;
const { card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.TASK_LIST_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name', 'showOnFrontOfCard']);
taskList = await sails.helpers.taskLists.updateOne.with({
values,
project,
board,
list,
card,
record: taskList,
actorUser: currentUser,
request: this.req,
});
if (!taskList) {
throw Errors.TASK_LIST_NOT_FOUND;
}
return {
item: taskList,
};
},
};

39
server/api/controllers/tasks/create.js
View file

@ -1,25 +1,33 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
CARD_NOT_FOUND: {
cardNotFound: 'Card not found',
TASK_LIST_NOT_FOUND: {
taskListNotFound: 'Task list not found',
},
};
module.exports = {
inputs: {
cardId: {
type: 'string',
regex: /^[0-9]+$/,
taskListId: {
...idInput,
required: true,
},
position: {
type: 'number',
min: 0,
required: true,
},
name: {
type: 'string',
maxLength: 1024,
required: true,
},
isCompleted: {
@ -31,7 +39,7 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
cardNotFound: {
taskListNotFound: {
responseType: 'notFound',
},
},
@ -39,17 +47,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const { card, list, board, project } = await sails.helpers.cards
.getProjectPath(inputs.cardId)
.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);
const { taskList, card, list, board, project } = await sails.helpers.taskLists
.getPathToProjectById(inputs.taskListId)
.intercept('pathNotFound', () => Errors.TASK_LIST_NOT_FOUND);
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.CARD_NOT_FOUND; // Forbidden
throw Errors.TASK_LIST_NOT_FOUND; // Forbidden
}
if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
@ -62,9 +70,10 @@ module.exports = {
project,
board,
list,
card,
values: {
...values,
card,
taskList,
},
actorUser: currentUser,
request: this.req,

27
server/api/controllers/tasks/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,17 +34,17 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.tasks
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.tasks
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.TASK_NOT_FOUND);
let { task } = path;
const { card, list, board, project } = path;
let { task } = pathToProject;
const { taskList, card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.TASK_NOT_FOUND; // Forbidden
@ -53,6 +59,7 @@ module.exports = {
board,
list,
card,
taskList,
record: task,
actorUser: currentUser,
request: this.req,

75
server/api/controllers/tasks/update.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -5,21 +12,33 @@ const Errors = {
TASK_NOT_FOUND: {
taskNotFound: 'Task not found',
},
TASK_LIST_NOT_FOUND: {
taskListNotFound: 'Task list not found',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
};
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
taskListId: idInput,
assigneeUserId: {
...idInput,
allowNull: true,
},
position: {
type: 'number',
min: 0,
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 1024,
},
isCompleted: {
type: 'boolean',
@ -33,22 +52,28 @@ module.exports = {
taskNotFound: {
responseType: 'notFound',
},
taskListNotFound: {
responseType: 'notFound',
},
userNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
const path = await sails.helpers.tasks
.getProjectPath(inputs.id)
const pathToProject = await sails.helpers.tasks
.getPathToProjectById(inputs.id)
.intercept('pathNotFound', () => Errors.TASK_NOT_FOUND);
let { task } = path;
const { card, list, board, project } = path;
let { task } = pathToProject;
const { taskList, card, list, board, project } = pathToProject;
const boardMembership = await BoardMembership.findOne({
boardId: board.id,
userId: currentUser.id,
});
const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
board.id,
currentUser.id,
);
if (!boardMembership) {
throw Errors.TASK_NOT_FOUND; // Forbidden
@ -58,15 +83,41 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const values = _.pick(inputs, ['position', 'name', 'isCompleted']);
let nextTaskList;
if (!_.isUndefined(inputs.taskListId)) {
nextTaskList = await TaskList.qm.getOneById(inputs.taskListId, {
cardId: card.id,
});
if (!nextTaskList) {
throw Errors.TASK_LIST_NOT_FOUND;
}
}
if (inputs.assigneeUserId) {
const isBoardMember = await sails.helpers.users.isBoardMember(
inputs.assigneeUserId,
board.id,
);
if (!isBoardMember) {
throw Errors.USER_NOT_FOUND;
}
}
const values = _.pick(inputs, ['assigneeUserId', 'position', 'name', 'isCompleted']);
task = await sails.helpers.tasks.updateOne.with({
values,
project,
board,
list,
card,
taskList,
record: task,
values: {
...values,
taskList: nextTaskList,
},
actorUser: currentUser,
request: this.req,
});

41
server/api/controllers/users/create.js
View file

@ -1,4 +1,9 @@
const zxcvbn = require('zxcvbn');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { isPassword } = require('../../../utils/validators');
const Errors = {
NOT_ENOUGH_RIGHTS: {
@ -10,24 +15,33 @@ const Errors = {
USERNAME_ALREADY_IN_USE: {
usernameAlreadyInUse: 'Username already in use',
},
ACTIVE_LIMIT_REACHED: {
activeLimitReached: 'Active limit reached',
},
};
const passwordValidator = (value) => zxcvbn(value).score >= 2; // TODO: move to config
module.exports = {
inputs: {
email: {
type: 'string',
maxLength: 256,
isEmail: true,
required: true,
},
password: {
type: 'string',
custom: passwordValidator,
maxLength: 256,
custom: isPassword,
required: true,
},
role: {
type: 'string',
isIn: Object.values(User.Roles),
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
username: {
@ -41,11 +55,13 @@ module.exports = {
phone: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
organization: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
language: {
@ -56,6 +72,12 @@ module.exports = {
subscribeToOwnCards: {
type: 'boolean',
},
subscribeToCardWhenCommenting: {
type: 'boolean',
},
turnOffRecentCardHighlighting: {
type: 'boolean',
},
},
exits: {
@ -68,6 +90,9 @@ module.exports = {
usernameAlreadyInUse: {
responseType: 'conflict',
},
activeLimitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
@ -80,12 +105,15 @@ module.exports = {
const values = _.pick(inputs, [
'email',
'password',
'role',
'name',
'username',
'phone',
'organization',
'language',
'subscribeToOwnCards',
'subscribeToCardWhenCommenting',
'turnOffRecentCardHighlighting',
]);
const user = await sails.helpers.users.createOne
@ -95,10 +123,11 @@ module.exports = {
request: this.req,
})
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE);
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
.intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

14
server/api/controllers/users/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,7 +34,7 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -49,7 +55,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

27
server/api/controllers/users/index.js
View file

@ -1,9 +1,32 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
};
module.exports = {
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
},
async fn() {
const users = await sails.helpers.users.getMany();
const { currentUser } = this.req;
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const users = await User.qm.getAll();
return {
items: users,
items: sails.helpers.users.presentMany(users, currentUser),
};
},
};

37
server/api/controllers/users/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { ID_REGEX, MAX_STRING_ID, isIdInRange } = require('../../../utils/validators');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
@ -6,11 +13,17 @@ const Errors = {
const CURRENT_USER_ID = 'me';
const ID_OR_CURRENT_USER_ID_REGEX = new RegExp(`${ID_REGEX}|^${CURRENT_USER_ID}$`);
const isCurrentUserIdOrIdInRange = (value) => value === CURRENT_USER_ID || isIdInRange(value);
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+|me$/,
maxLength: MAX_STRING_ID.length,
regex: ID_OR_CURRENT_USER_ID_REGEX,
custom: isCurrentUserIdOrIdInRange,
required: true,
},
subscribe: {
@ -19,21 +32,30 @@ module.exports = {
},
exits: {
boardNotFound: {
userNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let user;
if (inputs.id === CURRENT_USER_ID) {
({ currentUser: user } = this.req);
let notificationServices = [];
if (inputs.id === CURRENT_USER_ID || inputs.id === currentUser.id) {
user = currentUser;
notificationServices = await NotificationService.qm.getByUserId(currentUser.id);
if (inputs.subscribe && this.req.isSocket) {
sails.sockets.join(this.req, `user:${user.id}`);
}
} else {
user = await sails.helpers.users.getOne(inputs.id);
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -41,7 +63,10 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
included: {
notificationServices,
},
};
},
};

30
server/api/controllers/users/update-avatar.js
View file

@ -1,4 +1,9 @@
const rimraf = require('rimraf');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
@ -15,8 +20,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -40,8 +44,8 @@ module.exports = {
const { currentUser } = this.req;
let user;
if (currentUser.isAdmin) {
user = await sails.helpers.users.getOne(inputs.id);
if (currentUser.role === User.Roles.ADMIN) {
user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -65,22 +69,14 @@ module.exports = {
const file = _.last(files);
const fileData = await sails.helpers.users
const avatar = await sails.helpers.users
.processUploadedAvatarFile(file)
.intercept('fileIsNotImage', () => {
try {
rimraf.sync(file.fd);
} catch (error) {
console.warn(error.stack); // eslint-disable-line no-console
}
return Errors.FILE_IS_NOT_IMAGE;
});
.intercept('fileIsNotImage', () => Errors.FILE_IS_NOT_IMAGE);
user = await sails.helpers.users.updateOne.with({
record: user,
values: {
avatar: fileData,
avatar,
},
actorUser: currentUser,
request: this.req,
@ -91,7 +87,7 @@ module.exports = {
}
return exits.success({
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
});
},
};

43
server/api/controllers/users/update-email.js
View file

@ -1,15 +1,22 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const bcrypt = require('bcrypt');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
EMAIL_ALREADY_IN_USE: {
emailAlreadyInUse: 'Email already in use',
},
@ -18,18 +25,19 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
email: {
type: 'string',
maxLength: 256,
isEmail: true,
required: true,
},
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -37,12 +45,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
emailAlreadyInUse: {
responseType: 'conflict',
},
@ -55,25 +63,26 @@ module.exports = {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
} else if (!currentUser.isAdmin) {
} else if (currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
if (user.email === sails.config.custom.defaultAdminEmail || user.isSsoUser) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.INVALID_CURRENT_PASSWORD;
if (inputs.id === currentUser.id) {
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
const values = _.pick(inputs, ['email']);
@ -92,7 +101,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

58
server/api/controllers/users/update-password.js
View file

@ -1,37 +1,42 @@
const bcrypt = require('bcrypt');
const zxcvbn = require('zxcvbn');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const bcrypt = require('bcrypt');
const { isPassword } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');
const { getRemoteAddress } = require('../../../utils/remote-address');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
};
const passwordValidator = (value) => zxcvbn(value).score >= 2; // TODO: move to config
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
password: {
type: 'string',
custom: passwordValidator,
maxLength: 256,
custom: isPassword,
required: true,
},
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -39,12 +44,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
@ -54,25 +59,26 @@ module.exports = {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
} else if (!currentUser.isAdmin) {
} else if (currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
if (user.email === sails.config.custom.defaultAdminEmail || user.isSsoUser) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.INVALID_CURRENT_PASSWORD;
if (inputs.id === currentUser.id) {
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
const values = _.pick(inputs, ['password']);
@ -91,10 +97,10 @@ module.exports = {
if (user.id === currentUser.id) {
const { token: accessToken } = sails.helpers.utils.createJwtToken(
user.id,
user.passwordUpdatedAt,
user.passwordChangedAt,
);
await Session.create({
await Session.qm.createOne({
accessToken,
httpOnlyToken: currentSession.httpOnlyToken,
userId: user.id,
@ -103,7 +109,7 @@ module.exports = {
});
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
included: {
accessTokens: [accessToken],
},
@ -111,7 +117,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

40
server/api/controllers/users/update-username.js
View file

@ -1,15 +1,22 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const bcrypt = require('bcrypt');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
USERNAME_ALREADY_IN_USE: {
usernameAlreadyInUse: 'Username already in use',
},
@ -18,11 +25,11 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
username: {
type: 'string',
isNotEmptyString: true,
minLength: 3,
maxLength: 16,
@ -32,6 +39,7 @@ module.exports = {
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -39,12 +47,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
usernameAlreadyInUse: {
responseType: 'conflict',
},
@ -53,11 +61,11 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
if (inputs.id !== currentUser.id && !currentUser.isAdmin) {
if (inputs.id !== currentUser.id && currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -67,12 +75,18 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (user.isSso) {
if (user.isSsoUser) {
if (!sails.config.custom.oidcIgnoreUsername) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
} else if (inputs.id === currentUser.id) {
if (!inputs.currentPassword || !bcrypt.compareSync(inputs.currentPassword, user.password)) {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
@ -93,7 +107,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

124
server/api/controllers/users/update.js
View file

@ -1,37 +1,51 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
ACTIVE_LIMIT_REACHED: {
activeLimitReached: 'Active limit reached',
},
};
const avatarUrlValidator = (value) => _.isNull(value);
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
isAdmin: {
type: 'boolean',
role: {
type: 'string',
isIn: Object.values(User.Roles),
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
avatarUrl: {
avatar: {
type: 'json',
custom: avatarUrlValidator,
custom: _.isNull,
},
phone: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
organization: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
language: {
@ -42,69 +56,115 @@ module.exports = {
subscribeToOwnCards: {
type: 'boolean',
},
subscribeToCardWhenCommenting: {
type: 'boolean',
},
turnOffRecentCardHighlighting: {
type: 'boolean',
},
enableFavoritesByDefault: {
type: 'boolean',
},
defaultEditorMode: {
type: 'string',
isIn: Object.values(User.EditorModes),
},
defaultHomeView: {
type: 'string',
isIn: Object.values(User.HomeViews),
},
defaultProjectsOrder: {
type: 'string',
isIn: Object.values(User.ProjectOrders),
},
isDeactivated: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
activeLimitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
const { currentUser } = this.req;
if (!currentUser.isAdmin) {
if (inputs.id !== currentUser.id) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
delete inputs.isAdmin; // eslint-disable-line no-param-reassign
const availableInputKeys = ['id', 'name', 'avatar', 'phone', 'organization'];
if (inputs.id === currentUser.id) {
availableInputKeys.push(...User.PERSONAL_FIELD_NAMES);
} else if (currentUser.role === User.Roles.ADMIN) {
availableInputKeys.push('role', 'isDeactivated');
} else {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
// TODO: refactor
if (user.email === sails.config.custom.defaultAdminEmail) {
/* eslint-disable no-param-reassign */
delete inputs.isAdmin;
delete inputs.name;
/* eslint-enable no-param-reassign */
} else if (user.isSso) {
if (!sails.config.custom.oidcIgnoreRoles) {
delete inputs.isAdmin; // eslint-disable-line no-param-reassign
if (inputs.role || inputs.name) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
} else if (user.isSsoUser) {
if (!sails.config.custom.oidcIgnoreRoles && inputs.role) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
delete inputs.name; // eslint-disable-line no-param-reassign
if (inputs.name) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const values = {
..._.pick(inputs, [
'isAdmin',
'role',
'name',
'avatar',
'phone',
'organization',
'language',
'subscribeToOwnCards',
'subscribeToCardWhenCommenting',
'turnOffRecentCardHighlighting',
'enableFavoritesByDefault',
'defaultEditorMode',
'defaultHomeView',
'defaultProjectsOrder',
'isDeactivated',
]),
avatar: inputs.avatarUrl,
};
user = await sails.helpers.users.updateOne.with({
values,
record: user,
actorUser: currentUser,
request: this.req,
});
user = await sails.helpers.users.updateOne
.with({
values,
record: user,
actorUser: currentUser,
request: this.req,
})
.intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};