Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

attachments_removeProfileImage

shinoka7 6 years ago
parent
dc24ba9dbb
commit
3c6fe961fe
3 changed files with 32 additions and 2 deletions
Split View Show Diff Stats
  1. 30 1
      src/server/routes/attachment.js
  2. 1 0
      src/server/routes/index.js
  3. 1 1
      src/server/views/me/index.html

+ 30 - 1
src/server/routes/attachment.js
View File 

@@ -330,7 +330,7 @@ module.exports = function(crowi, app) {
 
     }
 
 
     try {
 
-      req.user.deleteImage();
 
+      await Attachment.removeWithSubstanceById(id);
 
     }
 
     catch (err) {
 
       return res.status(500).json(ApiResponse.error('Error while deleting file'));
 
@@ -339,5 +339,34 @@ module.exports = function(crowi, app) {
 
     return res.json(ApiResponse.success({}));
 
   };
 
 
+  /**
 
+   * @api {post} /attachments.removeProfileImage Remove profile image attachments
 
+   * @apiGroup Attachment
 
+   * @apiParam {String} attachment_id
 
+   */
 
+  api.removeProfileImage = async function(req, res) {
 
+    const id = req.body.attachment_id;
 
+
 
+    const attachment = await Attachment.findById(id);
 
+
 
+    if (attachment == null) {
 
+      return res.json(ApiResponse.error('attachment not found'));
 
+    }
 
+
 
+    const isDeletable = await isDeletableByUser(req.user, attachment);
 
+    if (!isDeletable) {
 
+      return res.json(ApiResponse.error(`Forbidden to remove the attachment '${attachment.id}'`));
 
+    }
 
+
 
+    try {
 
+      await req.user.deleteImage();
 
+    }
 
+    catch (err) {
 
+      return res.status(500).json(ApiResponse.error('Error while deleting image'));
 
+    }
 
+
 
+    return res.json(ApiResponse.success({}));
 
+  };
 
+
 
   return actions;
 
 };

+ 1 - 0
src/server/routes/index.js
View File 

@@ -218,6 +218,7 @@ module.exports = function(crowi, app) {
 
   app.post('/_api/likes.remove'       , accessTokenParser , loginRequired(crowi, app) , csrf, page.api.unlike);
 
   app.get('/_api/attachments.list'   , accessTokenParser , loginRequired(crowi, app, false) , attachment.api.list);
 
   app.post('/_api/attachments.add'                  , uploads.single('file'), autoReap, accessTokenParser, loginRequired(crowi, app) ,csrf, attachment.api.add);
 
+  app.post('/_api/attachments.removeProfileImage', accessTokenParser, loginRequired(crowi, app), csrf, attachment.api.removeProfileImage);
 
   app.post('/_api/attachments.uploadProfileImage'   , uploads.single('file'), autoReap, accessTokenParser, loginRequired(crowi, app) ,csrf, attachment.api.uploadProfileImage);
 
   app.post('/_api/attachments.remove' , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.remove);
 
   app.get('/_api/attachments.limit'  , accessTokenParser , loginRequired(crowi, app) , csrf, attachment.api.limit);

+ 1 - 1
src/server/views/me/index.html
View File 

@@ -158,7 +158,7 @@
 
             <img src="{{ user|uploadedpicture }}" class="picture picture-lg img-circle" id="settingUserPicture"><br>
 
             </p>
 
             <p>
 
-            <form id="remove-attachment" action="/_api/attachments.remove" method="post" class="form-horizontal"
 
+            <form id="remove-attachment" action="/_api/attachments.removeProfileImage" method="post" class="form-horizontal"
 
                 style="{% if not user.imageAttachment %}display: none{% endif %}">
 
               <input type="hidden" name="_csrf" value="{{ csrf() }}">
 
               <input type="hidden" name="attachment_id" value="{{ user.imageAttachment.id }}">