|
1 | 1 | import express, { Request, Response } from 'express'; |
2 | | -import { DB_CONFIG } from '../config'; |
3 | 2 | import { body, check, query, validationResult } from 'express-validator'; |
| 3 | +import knex from 'knex'; |
| 4 | +import multer from 'multer'; |
| 5 | + |
| 6 | +import { DB_CONFIG } from '../config'; |
4 | 7 | import { PhotoService, YtPlaceService, BoatService } from '../services'; |
5 | 8 | import { Photo, SavedFilter } from '../data'; |
6 | | -import multer from 'multer'; |
7 | 9 | import { createThumbnail } from '../utils/image'; |
8 | 10 | import { ReturnValidationErrors } from '../middleware'; |
9 | | -import knex from 'knex'; |
| 11 | +import { authorize } from '../middleware/authorization'; |
| 12 | +import { UserRoles } from '../models'; |
10 | 13 |
|
11 | 14 | const photoService = new PhotoService(DB_CONFIG); |
12 | 15 | const ytPlaceService = new YtPlaceService(DB_CONFIG); |
@@ -249,29 +252,35 @@ photoRouter.post( |
249 | 252 | } |
250 | 253 | ); |
251 | 254 |
|
252 | | -photoRouter.delete('/:id', async (req: Request, res: Response) => { |
253 | | - const { id } = req.params; |
254 | | - const db = knex(DB_CONFIG); |
255 | | - |
256 | | - db.transaction(async (trx) => { |
257 | | - try { |
258 | | - await trx('place.photo').where({ photo_RowId: id }).delete(); |
259 | | - await trx('boat.photo').where({ photo_RowId: id }).delete(); |
260 | | - await trx('aircrash.photo').where({ photo_RowId: id }).delete(); |
261 | | - await trx('person.photo').where({ photoId: id }).delete(); |
262 | | - await trx('burial.photo').where({ photo_RowId: id }).delete(); |
263 | | - await trx('interpretiveSite.photos').where({ photo_RowId: id }).delete(); |
264 | | - await trx('photo').where({ RowID: id }).delete(); |
265 | | - await trx.commit(); |
266 | | - |
267 | | - return res.json({ data: 'successfully deleted' }); |
268 | | - } catch (err) { |
269 | | - console.error('Error deleting photo:', err); |
270 | | - trx.rollback(); |
271 | | - res.status(500).json({ errors: err }); |
272 | | - } |
273 | | - }); |
274 | | -}); |
| 255 | +photoRouter.delete( |
| 256 | + '/:id', |
| 257 | + authorize([UserRoles.ADMINISTRATOR, UserRoles.PHOTO_ADMIN]), |
| 258 | + async (req: Request, res: Response) => { |
| 259 | + const { id } = req.params; |
| 260 | + const db = knex(DB_CONFIG); |
| 261 | + |
| 262 | + db.transaction(async (trx) => { |
| 263 | + try { |
| 264 | + await trx('place.photo').where({ photo_RowId: id }).delete(); |
| 265 | + await trx('boat.photo').where({ photo_RowId: id }).delete(); |
| 266 | + await trx('aircrash.photo').where({ photo_RowId: id }).delete(); |
| 267 | + await trx('person.photo').where({ photoId: id }).delete(); |
| 268 | + await trx('burial.photo').where({ photo_RowId: id }).delete(); |
| 269 | + await trx('interpretiveSite.photos') |
| 270 | + .where({ photo_RowId: id }) |
| 271 | + .delete(); |
| 272 | + await trx('photo').where({ RowID: id }).delete(); |
| 273 | + await trx.commit(); |
| 274 | + |
| 275 | + return res.json({ data: 'successfully deleted' }); |
| 276 | + } catch (err) { |
| 277 | + console.error('Error deleting photo:', err); |
| 278 | + trx.rollback(); |
| 279 | + res.status(500).json({ errors: err }); |
| 280 | + } |
| 281 | + }); |
| 282 | + } |
| 283 | +); |
275 | 284 |
|
276 | 285 | photoRouter.put( |
277 | 286 | '/:id', |
|
0 commit comments