|
@@ -249,21 +249,25 @@ module.exports = (crowi) => {
|
|
|
*/
|
|
*/
|
|
|
router.delete('/:id', loginRequired, csrf, validator.deleteShareLink, apiV3FormValidator, async(req, res) => {
|
|
router.delete('/:id', loginRequired, csrf, validator.deleteShareLink, apiV3FormValidator, async(req, res) => {
|
|
|
const { id } = req.params;
|
|
const { id } = req.params;
|
|
|
|
|
+ const { user } = req;
|
|
|
|
|
|
|
|
try {
|
|
try {
|
|
|
- const deletedShareLink = await ShareLink.findOne({ _id: id });
|
|
|
|
|
|
|
+ const shareLinkToDelete = await ShareLink.findOne({ _id: id });
|
|
|
|
|
|
|
|
// check permission
|
|
// check permission
|
|
|
- const page = await Page.findByIdAndViewer(deletedShareLink.relatedPage, req.user);
|
|
|
|
|
- if (page == null) {
|
|
|
|
|
- const msg = 'Page is not found or forbidden';
|
|
|
|
|
- logger.error('Error', msg);
|
|
|
|
|
- return res.apiv3Err(new ErrorV3(msg, 'delete-shareLink-failed'));
|
|
|
|
|
|
|
+ if (!user.isAdmin) {
|
|
|
|
|
+ const page = await Page.findByIdAndViewer(shareLinkToDelete.relatedPage, user);
|
|
|
|
|
+ const isPageExists = (await Page.count({ _id: shareLinkToDelete.relatedPage }) > 0);
|
|
|
|
|
+ if (page == null && isPageExists) {
|
|
|
|
|
+ const msg = 'Page is not found or forbidden';
|
|
|
|
|
+ logger.error('Error', msg);
|
|
|
|
|
+ return res.apiv3Err(new ErrorV3(msg, 'delete-shareLink-failed'));
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// remove
|
|
// remove
|
|
|
- await deletedShareLink.remove();
|
|
|
|
|
- return res.apiv3({ deletedShareLink });
|
|
|
|
|
|
|
+ await shareLinkToDelete.remove();
|
|
|
|
|
+ return res.apiv3({ deletedShareLink: shareLinkToDelete });
|
|
|
}
|
|
}
|
|
|
catch (err) {
|
|
catch (err) {
|
|
|
const msg = 'Error occurred in delete share link';
|
|
const msg = 'Error occurred in delete share link';
|
Yuki Takei