fix(skydive): migrate author field from ObjectId to UUID string
- Register SkydiverProfile model in mysql.js (fixes startup crash on association)
- Replace $toObjectId with direct string match in all 12 aggregation queries
- Guard toJSONFor on all Mongo models to fall back to MySQL user.toProfileJSONFor()
when author is a UUID string (restores username/image in API responses)
- Pass user to toJSONFor() everywhere instead of null
- Remove dead .populate('author') calls (author: String has no ref)
- Fix ownership check in /last route: compare author string to req.payload.id
instead of the now-absent author.username property
This commit is contained in:
@@ -10,7 +10,6 @@ mailer.setApiKey(process.env.SENDGRID_API_KEY);
|
||||
// Preload application objects on routes with ':application'
|
||||
router.param('application', function (req, res, next, slug) {
|
||||
Application.findOne({ slug: slug })
|
||||
.populate('author')
|
||||
.then(function (application) {
|
||||
if (!application) {
|
||||
return res.sendStatus(404);
|
||||
@@ -52,7 +51,6 @@ router.get('/', auth.required, function (req, res, next) {
|
||||
.skip(Number(offset))
|
||||
.limit(Number(limit))
|
||||
.sort({ createdAt: 'desc' })
|
||||
.populate('author')
|
||||
.exec(),
|
||||
Application.countDocuments(query).exec(),
|
||||
req.payload ? UserService.getUserById(req.payload.id) : null
|
||||
@@ -117,8 +115,7 @@ router.post('/', auth.required, function (req, res, next) {
|
||||
*/
|
||||
router.get('/:application', auth.required, function (req, res, next) {
|
||||
Promise.all([
|
||||
req.payload ? UserService.getUserById(req.payload.id) : null,
|
||||
req.application.populate('author')
|
||||
req.payload ? UserService.getUserById(req.payload.id) : null
|
||||
]).then(function (results) {
|
||||
let user = results[0];
|
||||
return res.json({ application: req.application.toJSONFor(user) });
|
||||
|
||||
@@ -13,7 +13,6 @@ const { UserService } = require('../../../services');
|
||||
// Preload jump objects on routes with ':jump'
|
||||
router.param('jump', function (req, res, next, slug) {
|
||||
Jump.findOne({ slug: slug })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.then(function (jump) {
|
||||
@@ -98,7 +97,6 @@ router.get('/', auth.required, function (req, res, next) {
|
||||
.skip(Number(offset))
|
||||
.limit(Number(limit))
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec(),
|
||||
@@ -107,9 +105,10 @@ router.get('/', auth.required, function (req, res, next) {
|
||||
]).then(function (results) {
|
||||
let jumps = results[0];
|
||||
let jumpsCount = results[1];
|
||||
let user = results[2];
|
||||
return res.json({
|
||||
jumps: jumps.map(function (jump) {
|
||||
return jump.toJSONFor(null);
|
||||
return jump.toJSONFor(user);
|
||||
}),
|
||||
jumpsCount: jumpsCount
|
||||
});
|
||||
@@ -283,7 +282,6 @@ router.get('/last', auth.required, function (req, res, next) {
|
||||
Jump.find({author: user.id})
|
||||
.limit(1)
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec()
|
||||
@@ -292,10 +290,10 @@ router.get('/last', auth.required, function (req, res, next) {
|
||||
return res.status(404).json({ errors: { "Not Found": "aucun saut trouvé" } });
|
||||
}
|
||||
req.lastjump = jumps[0];
|
||||
if (req.lastjump.author.username !== req.payload.username) {
|
||||
if (req.lastjump.author !== req.payload.id) {
|
||||
return res.status(403).json({ errors: { "Forbidden": "Vous ne disposez pas des autorisations suffisantes" } });
|
||||
}
|
||||
return res.json({ jump: req.lastjump.toJSONFor(null) });
|
||||
return res.json({ jump: req.lastjump.toJSONFor(user) });
|
||||
}).catch(next);
|
||||
}).catch(next);
|
||||
});
|
||||
@@ -317,7 +315,7 @@ router.get('/:jump', auth.required, function (req, res, next) {
|
||||
Jump.findOne({numero: (req.jump.numero + 1)}).exec(),
|
||||
]).then(function (results) {
|
||||
return res.json({
|
||||
jump: req.jump.toJSONFor(null),
|
||||
jump: req.jump.toJSONFor(user),
|
||||
prevJump: results[0],
|
||||
nextJump: results[1]
|
||||
});
|
||||
@@ -336,7 +334,7 @@ router.post('/', auth.required, function (req, res, next) {
|
||||
let jump = new Jump(req.body.jump);
|
||||
jump.author = user.id;
|
||||
return jump.save().then(function () {
|
||||
return res.json({ jump: jump.toJSONFor(null) });
|
||||
return res.json({ jump: jump.toJSONFor(user) });
|
||||
});
|
||||
}).catch(next);
|
||||
});
|
||||
@@ -366,7 +364,7 @@ router.post('/data/:jump', auth.required, function (req, res, next) {
|
||||
req.jump.files = files;
|
||||
req.jump.x2data = x2data;
|
||||
Jump.updateOne({_id: req.jump._id}, {files: files, x2data: x2data._id}).then(function () {
|
||||
return res.json({ jump: req.jump.toJSONFor(null) });
|
||||
return res.json({ jump: req.jump.toJSONFor(user) });
|
||||
}).catch(next);
|
||||
}).catch(next);
|
||||
}).catch(next);
|
||||
@@ -492,7 +490,7 @@ router.put('/:jump', auth.required, function (req, res, next) {
|
||||
}
|
||||
|
||||
return req.jump.save().then(function (jump) {
|
||||
return res.json({ jump: jump.toJSONFor(null) });
|
||||
return res.json({ jump: jump.toJSONFor(user) });
|
||||
});
|
||||
}).catch(next);
|
||||
});
|
||||
|
||||
@@ -23,7 +23,6 @@ router.get('/aeronefs', auth.required, function (req, res, next) {
|
||||
.limit(1)
|
||||
.skip(0)
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec(),
|
||||
@@ -37,7 +36,7 @@ router.get('/aeronefs', auth.required, function (req, res, next) {
|
||||
.exec()
|
||||
]).then(function (results) {
|
||||
if (results[0].length) {
|
||||
let lastjump = results[0][0].toJSONFor(null);
|
||||
let lastjump = results[0][0].toJSONFor(user);
|
||||
let aeronefsByImat = results[1].map(function (data) {
|
||||
return { aeronef: data._id.aeronef, imat: data._id.imat, count: data.count };
|
||||
});
|
||||
@@ -79,7 +78,6 @@ router.get('/canopies', auth.required, function (req, res, next) {
|
||||
.limit(1)
|
||||
.skip(0)
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec(),
|
||||
@@ -101,7 +99,7 @@ router.get('/canopies', auth.required, function (req, res, next) {
|
||||
.exec()
|
||||
]).then(function (results) {
|
||||
if (results[0].length) {
|
||||
let lastjump = results[0][0].toJSONFor(null);
|
||||
let lastjump = results[0][0].toJSONFor(user);
|
||||
let canopiesBySize = results[1].map(function (data) {
|
||||
return { taille: data._id.taille, count: data.count };
|
||||
});
|
||||
@@ -146,7 +144,6 @@ router.get('/dropzones', auth.required, function (req, res, next) {
|
||||
.limit(1)
|
||||
.skip(0)
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec(),
|
||||
@@ -160,7 +157,7 @@ router.get('/dropzones', auth.required, function (req, res, next) {
|
||||
.exec()
|
||||
]).then(function (results) {
|
||||
if (results[0].length) {
|
||||
let lastjump = results[0][0].toJSONFor(null);
|
||||
let lastjump = results[0][0].toJSONFor(user);
|
||||
let dropZonesByOaci = results[1].map(function (data) {
|
||||
return { lieu: data._id.lieu, oaci: data._id.oaci, count: data.count };
|
||||
});
|
||||
@@ -197,7 +194,6 @@ router.get('/jumps', auth.required, function (req, res, next) {
|
||||
.limit(1)
|
||||
.skip(0)
|
||||
.sort({ numero: 'desc' })
|
||||
.populate('author')
|
||||
.populate('files')
|
||||
.populate('x2data')
|
||||
.exec(),
|
||||
@@ -223,7 +219,7 @@ router.get('/jumps', auth.required, function (req, res, next) {
|
||||
.exec()
|
||||
]).then(function (results) {
|
||||
if (results[0].length) {
|
||||
let lastjump = results[0][0].toJSONFor(null);
|
||||
let lastjump = results[0][0].toJSONFor(user);
|
||||
let jumpsByYears = results[1].map(function (data) {
|
||||
return { year: data._id.year, count: data.count };
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user