TiddlyWiki#8756 main page recipes

webplusai · Nov 20, 2024 · 644dc00 · 644dc00
1 parent a697a66
commit 644dc00
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-recipe.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/post-recipe.js
@@ -32,7 +32,7 @@ exports.entityName = "recipe"
 
 exports.handler = function(request,response,state) {
 	if(state.data.recipe_name && state.data.bag_names) {
-		const result = $tw.mws.store.createRecipe(state.data.recipe_name,$tw.utils.parseStringArray(state.data.bag_names),state.data.description);
+		const result = $tw.mws.store.createRecipe(state.data.recipe_name,$tw.utils.parseStringArray(state.data.bag_names),state.data.description,state.authenticatedUser?.user_id);
 		if(!result) {
 			state.sendResponse(302,{
 				"Content-Type": "text/plain",

diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/put-recipe.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/put-recipe.js
@@ -25,7 +25,7 @@ exports.handler = function (request, response, state) {
 	var recipe_name = $tw.utils.decodeURIComponentSafe(state.params[0]),
 		data = $tw.utils.parseJSONSafe(state.data);
 	if(recipe_name && data) {
-		var result = $tw.mws.store.createRecipe(recipe_name, data.bag_names, data.description);
+		var result = $tw.mws.store.createRecipe(recipe_name, data.bag_names, data.description, state.authenticatedUser?.user_id);
 		if(!result) {
 			state.sendResponse(204, {
 				"Content-Type": "text/plain"

diff --git a/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js b/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
@@ -137,7 +137,9 @@ SqlTiddlerDatabase.prototype.createTables = function() {
 		CREATE TABLE IF NOT EXISTS recipes (
 			recipe_id INTEGER PRIMARY KEY AUTOINCREMENT,
 			recipe_name TEXT UNIQUE NOT NULL,
-			description TEXT NOT NULL
+			description TEXT NOT NULL,
+			owner_id INTEGER,
+			FOREIGN KEY (owner_id) REFERENCES users(user_id)
 		)
 	`,`
 		-- ...and recipes also have an ordered list of bags
@@ -260,7 +262,7 @@ SqlTiddlerDatabase.prototype.listRecipes = function() {
 Create or update a recipe
 Returns the recipe_id of the recipe
 */
-SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,description) {
+SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,description,owner_id) {
 	// Run the queries
 	this.engine.runStatement(`
 		-- Delete existing recipe_bags entries for this recipe
@@ -270,11 +272,12 @@ SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,descr
 	});
 	const updateRecipes = this.engine.runStatement(`
 		-- Create the entry in the recipes table if required
-		INSERT OR REPLACE INTO recipes (recipe_name, description)
-		VALUES ($recipe_name, $description)
+		INSERT OR REPLACE INTO recipes (recipe_name, description, owner_id)
+		VALUES ($recipe_name, $description, $owner_id)
 	`,{
 		$recipe_name: recipe_name,
-		$description: description
+		$description: description,
+		$owner_id: owner_id
 	});
 	this.engine.runStatement(`
 		INSERT INTO recipe_bags (recipe_id, bag_id, position)
@@ -486,6 +489,18 @@ SqlTiddlerDatabase.prototype.getRecipeTiddler = function(title,recipe_name) {
 Checks if a user has permission to access a recipe
 */
 SqlTiddlerDatabase.prototype.hasRecipePermission = function(userId, recipeName, permissionName) {
+	// check if the user is the owner of the entity
+	const recipe = this.engine.runStatementGet(`
+		SELECT owner_id 
+		FROM recipes 
+		WHERE recipe_name = $recipe_name
+		`, {
+			$recipe_name: recipeName
+		});
+
+	if(recipe?.owner_id) {
+		return recipe.owner_id === userId;
+	}
 	return this.checkACLPermission(userId, "recipe", recipeName, permissionName)
 };
 
@@ -556,7 +571,7 @@ SqlTiddlerDatabase.prototype.checkACLPermission = function(userId, entityType, e
 		$permission_id: aclRecord.permission_id
 	});
 
-	const hasPermission = result !== undefined;
+	let hasPermission = result !== undefined;
 
 	return hasPermission;
 };