|
@@ -18,6 +18,7 @@ module.exports = (crowi) => {
|
|
|
|
|
|
|
|
const loginRequired = crowi.require('../middlewares/login-required')(crowi, true, loginRequiredFallback);
|
|
const loginRequired = crowi.require('../middlewares/login-required')(crowi, true, loginRequiredFallback);
|
|
|
const accessTokenParser = crowi.require('../middlewares/access-token-parser')(crowi);
|
|
const accessTokenParser = crowi.require('../middlewares/access-token-parser')(crowi);
|
|
|
|
|
+ const { serializeUserSecurely } = crowi.require('../models/serializers/user-serializer');
|
|
|
|
|
|
|
|
const router = express.Router();
|
|
const router = express.Router();
|
|
|
|
|
|
|
@@ -97,12 +98,6 @@ module.exports = (crowi) => {
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- let creatorPopulateOpt;
|
|
|
|
|
- // set populate option for backward compatibility against to GROWI <= v4.0.x
|
|
|
|
|
- if (User.IMAGE_POPULATION != null) {
|
|
|
|
|
- creatorPopulateOpt = User.IMAGE_POPULATION;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
// convert ObjectId
|
|
// convert ObjectId
|
|
|
const orConditions = [{ originalName: fileNameOrId }];
|
|
const orConditions = [{ originalName: fileNameOrId }];
|
|
|
if (ObjectId.isValid(fileNameOrId)) {
|
|
if (ObjectId.isValid(fileNameOrId)) {
|
|
@@ -114,7 +109,7 @@ module.exports = (crowi) => {
|
|
|
page: page._id,
|
|
page: page._id,
|
|
|
$or: orConditions,
|
|
$or: orConditions,
|
|
|
})
|
|
})
|
|
|
- .populate({ path: 'creator', select: User.USER_PUBLIC_FIELDS, populate: creatorPopulateOpt });
|
|
|
|
|
|
|
+ .populate('creator');
|
|
|
|
|
|
|
|
// not found
|
|
// not found
|
|
|
if (attachment == null) {
|
|
if (attachment == null) {
|
|
@@ -132,6 +127,9 @@ module.exports = (crowi) => {
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ // serialize User data
|
|
|
|
|
+ attachment.creator = serializeUserSecurely(attachment.creator);
|
|
|
|
|
+
|
|
|
res.status(200).send({ attachment });
|
|
res.status(200).send({ attachment });
|
|
|
});
|
|
});
|
|
|
|
|
|
|
@@ -208,9 +206,16 @@ module.exports = (crowi) => {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
const attachments = await query
|
|
const attachments = await query
|
|
|
- .populate({ path: 'creator', select: User.USER_PUBLIC_FIELDS })
|
|
|
|
|
|
|
+ .populate('creator')
|
|
|
.exec();
|
|
.exec();
|
|
|
|
|
|
|
|
|
|
+ // serialize User data
|
|
|
|
|
+ attachments.forEach((doc) => {
|
|
|
|
|
+ if (doc.creator != null && doc.creator instanceof User) {
|
|
|
|
|
+ doc.creator = serializeUserSecurely(doc.creator);
|
|
|
|
|
+ }
|
|
|
|
|
+ });
|
|
|
|
|
+
|
|
|
res.status(200).send({ attachments });
|
|
res.status(200).send({ attachments });
|
|
|
});
|
|
});
|
|
|
|
|
|
Yuki Takei