34 lines
1 KiB
JavaScript
34 lines
1 KiB
JavaScript
'use strict'
|
|
/** @typedef {import('@adonisjs/framework/src/Request')} Request */
|
|
/** @typedef {import('@adonisjs/framework/src/Response')} Response */
|
|
/** @typedef {import('@adonisjs/framework/src/View')} View */
|
|
const Book = use('App/Models/Book');
|
|
const UserChildUtils = use('App/Utils/UserChildUtils');
|
|
class BookPageAuth {
|
|
/**
|
|
* @param {object} ctx
|
|
* @param {Request} ctx.request
|
|
* @param {Function} next
|
|
*/
|
|
async handle(ctx, next) {
|
|
const {request, auth, response, book, call} = ctx;
|
|
// call next to advance the request
|
|
const user = auth.user;
|
|
if (book.user_id) {
|
|
// Belongs to a user. Check if the book user has a connection with this
|
|
// user
|
|
if (book.user_id === user.id) {
|
|
await next();
|
|
} else if (call.parent_id === user.id || call.guest_id === user.id) {
|
|
await next();
|
|
} else {
|
|
response.status(403);
|
|
response.send({code: 403, message: 'Book is private'});
|
|
}
|
|
} else {
|
|
await next();
|
|
}
|
|
}
|
|
}
|
|
|
|
module.exports = BookPageAuth
|