Merge branch 'master' into horizontalSpace

2025-12-29 09:02:37 +00:00 · 2024-12-19 17:45:51 -06:00
parent 6301a66fd3 980a7bd57e
commit d629fa1731
5 changed files with 21 additions and 18 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -57,7 +57,7 @@
        "eslint": "^9.17.0",
        "eslint-plugin-jest": "^28.9.0",
        "eslint-plugin-react": "^7.37.2",
-        "globals": "^15.13.0",
+        "globals": "^15.14.0",
        "jest": "^29.7.0",
        "jest-expect-message": "^1.1.3",
        "jsdom-global": "^3.0.2",
@@ -6714,11 +6714,10 @@
      }
    },
    "node_modules/globals": {
-      "version": "15.13.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-15.13.0.tgz",
-      "integrity": "sha512-49TewVEz0UxZjr1WYYsWpPrhyC/B/pA8Bq0fUmet2n+eR7yn0IvNzNaoBwnK6mdkzcN+se7Ez9zUgULTz2QH4g==",
+      "version": "15.14.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-15.14.0.tgz",
+      "integrity": "sha512-OkToC372DtlQeje9/zHIo5CT8lRP/FUgEOKBEhU4e0abL7J7CD24fD9ohiLN5hagG/kWCYj4K5oaxxtj2Z0Dig==",
      "dev": true,
-      "license": "MIT",
      "engines": {
        "node": ">=18"
      },
--- a/package.json
+++ b/package.json
@@ -130,7 +130,7 @@
    "eslint": "^9.17.0",
    "eslint-plugin-jest": "^28.9.0",
    "eslint-plugin-react": "^7.37.2",
-    "globals": "^15.13.0",
+    "globals": "^15.14.0",
    "jest": "^29.7.0",
    "jest-expect-message": "^1.1.3",
    "jsdom-global": "^3.0.2",
--- a/server/admin.api.js
+++ b/server/admin.api.js
@@ -1,5 +1,5 @@
-import {model as HomebrewModel }     from './homebrew.model.js';
-import {model as NotificationModel } from './notifications.model.js';
+import { model as HomebrewModel }     from './homebrew.model.js';
+import { model as NotificationModel } from './notifications.model.js';
 import express    from 'express';
 import Moment     from 'moment';
 import zlib       from 'zlib';
@@ -108,6 +108,9 @@ router.put('/admin/clean/script/:id', asyncHandler(HomebrewAPI.getBrew('admin',

 	req.body = brew;

+	// Remove Account from request to prevent Admin user from being added to brew as an Author
+	req.account = undefined;
+
 	return await HomebrewAPI.updateBrew(req, res);
 });

--- a/server/app.js
+++ b/server/app.js
@@ -351,11 +351,12 @@ app.get('/user/:username', async (req, res, next)=>{
 //Change author name on brews
 app.put('/api/user/rename', async (req, res)=>{
 	const { username, newUsername } = req.body;
-	console.log(req.account);
+	const ownAccount = req.account && (req.account.username == newUsername);
 	
-	if(!username || !newUsername) {
+	if(!username || !newUsername)
 		return res.status(400).json({ error: 'Username and newUsername are required.' });
-	}
+	if(!ownAccount)
+		return res.status(403).json({ error: 'Must be logged in to change your username' });
 	try {
 		const brews = await HomebrewModel.getByUser(username, true, ['authors']);
 		const renamePromises = brews.map(async (brew)=>{
--- a/server/homebrew.api.js
+++ b/server/homebrew.api.js
@@ -106,12 +106,12 @@ const api = {
 			stub = stub?.toObject();
 			googleId ??= stub?.googleId;

-			const isOwner   = stub?.authors?.length === 0 || stub?.authors?.[0] === req.account?.username;
+			const isOwner   = (accessType == 'edit' && (!stub || stub?.authors?.length === 0)) || stub?.authors?.[0] === req.account?.username;
 			const isAuthor  = stub?.authors?.includes(req.account?.username);
 			const isInvited = stub?.invitedAuthors?.includes(req.account?.username);

 			if(accessType === 'edit' && !(isOwner || isAuthor || isInvited)) {
-				const accessError = { name: 'Access Error', status: 401, authors: stub.authors, brewTitle: stub.title, shareId: stub.shareId };
+				const accessError = { name: 'Access Error', status: 401, authors: stub?.authors, brewTitle: stub?.title, shareId: stub?.shareId };
 				if(req.account)
 					throw { ...accessError, message: 'User is not an Author', HBErrorCode: '03' };
 				else
@@ -119,13 +119,13 @@ const api = {
 			}

 			if(stub?.lock?.locked && accessType != 'edit') {
-				throw { HBErrorCode: '51', code: stub.lock.code, message: stub.lock.shareMessage, brewId: stub.shareId, brewTitle: stub.title };
+				throw { HBErrorCode: '51', code: stub?.lock.code, message: stub?.lock.shareMessage, brewId: stub?.shareId, brewTitle: stub?.title };
 			}

-			// If there is a google id, try to find the google brew
-			if(!stubOnly && googleId) {
-				const oAuth2Client = isOwner? GoogleActions.authCheck(req.account, res) : undefined;
-				
+			// If there's a google id, get it if requesting the full brew or if no stub found yet
+			if(googleId && (!stubOnly || !stub)) {
+				const oAuth2Client = isOwner ? GoogleActions.authCheck(req.account, res) : undefined;
+
 				const googleBrew = await GoogleActions.getGoogleBrew(oAuth2Client, googleId, id, accessType)
 					.catch((googleError)=>{
 						const reason = googleError.errors?.[0].reason;