server/api/controllers/attachments/create.js

/*!
 * Copyright (c) 2024 PLANKA Software GmbH
 * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
 */

/**
 * @swagger
 * /cards/{cardId}/attachments:
 *   post:
 *     summary: Create attachment
 *     description: Creates an attachment on a card. Requires board editor permissions.
 *     tags:
 *       - Attachments
 *     parameters:
 *       - name: cardId
 *         in: path
 *         required: true
 *         description: ID of the card to create the attachment on
 *         schema:
 *           type: string
 *           example: "1357158568008091264"
 *     requestBody:
 *       required: true
 *       content:
 *         application/json:
 *           schema:
 *             type: object
 *             required:
 *               - type
 *               - url
 *               - name
 *             properties:
 *               type:
 *                 type: string
 *                 enum: [link]
 *                 description: Type of the attachment
 *                 example: link
 *               url:
 *                 type: string
 *                 maxLength: 2048
 *                 description: URL for the link attachment
 *                 example: https://google.com/search?q=planka
 *               name:
 *                 type: string
 *                 maxLength: 128
 *                 description: Name/title of the attachment
 *                 example: Google Link
 *         multipart/form-data:
 *           schema:
 *             type: object
 *             required:
 *               - type
 *               - file
 *               - name
 *             properties:
 *               type:
 *                 type: string
 *                 enum: [file]
 *                 description: Type of the attachment
 *                 example: file
 *               file:
 *                 type: string
 *                 format: binary
 *                 description: File to upload
 *               name:
 *                 type: string
 *                 maxLength: 128
 *                 description: Name/title of the attachment
 *                 example: Important Document
 *               requestId:
 *                 type: string
 *                 maxLength: 128
 *                 description: Request ID for tracking
 *                 example: req_123456
 *     responses:
 *       200:
 *         description: Attachment created successfully
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *               required:
 *                 - item
 *               properties:
 *                 item:
 *                   $ref: '#/components/schemas/Attachment'
 *       400:
 *         $ref: '#/components/responses/ValidationError'
 *       401:
 *         $ref: '#/components/responses/Unauthorized'
 *       403:
 *         $ref: '#/components/responses/Forbidden'
 *       404:
 *         $ref: '#/components/responses/NotFound'
 *       422:
 *         description: Upload or validation error
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *               required:
 *                 - code
 *                 - message
 *               properties:
 *                 code:
 *                   type: string
 *                   description: Error code
 *                   example: E_UNPROCESSABLE_ENTITY
 *                 message:
 *                   type: string
 *                   enum:
 *                     - No file was uploaded
 *                     - Url must be present
 *                   description: Specific error message
 *                   example: No file was uploaded
 */

const { isUrl } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');

const Errors = {
  NOT_ENOUGH_RIGHTS: {
    notEnoughRights: 'Not enough rights',
  },
  CARD_NOT_FOUND: {
    cardNotFound: 'Card not found',
  },
  NO_FILE_WAS_UPLOADED: {
    noFileWasUploaded: 'No file was uploaded',
  },
  URL_MUST_BE_PRESENT: {
    urlMustBePresent: 'Url must be present',
  },
};

module.exports = {
  inputs: {
    cardId: {
      ...idInput,
      required: true,
    },
    type: {
      type: 'string',
      isIn: Object.values(Attachment.Types),
      required: true,
    },
    url: {
      type: 'string',
      maxLength: 2048,
      custom: isUrl,
    },
    name: {
      type: 'string',
      maxLength: 128,
      required: true,
    },
    requestId: {
      type: 'string',
      isNotEmptyString: true,
      maxLength: 128,
    },
  },

  exits: {
    notEnoughRights: {
      responseType: 'forbidden',
    },
    cardNotFound: {
      responseType: 'notFound',
    },
    noFileWasUploaded: {
      responseType: 'unprocessableEntity',
    },
    uploadError: {
      responseType: 'unprocessableEntity',
    },
    urlMustBePresent: {
      responseType: 'unprocessableEntity',
    },
  },

  async fn(inputs, exits) {
    const { currentUser } = this.req;

    const { card, list, board, project } = await sails.helpers.cards
      .getPathToProjectById(inputs.cardId)
      .intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);

    const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(
      board.id,
      currentUser.id,
    );

    if (!boardMembership) {
      throw Errors.CARD_NOT_FOUND; // Forbidden
    }

    if (boardMembership.role !== BoardMembership.Roles.EDITOR) {
      throw Errors.NOT_ENOUGH_RIGHTS;
    }

    let data;
    if (inputs.type === Attachment.Types.FILE) {
      let files;
      try {
        files = await sails.helpers.utils.receiveFile(this.req.file('file'));
      } catch (error) {
        return exits.uploadError(error.message); // TODO: add error
      }

      if (files.length === 0) {
        throw Errors.NO_FILE_WAS_UPLOADED;
      }

      const file = _.last(files);
      data = await sails.helpers.attachments.processUploadedFile(file);
    } else if (inputs.type === Attachment.Types.LINK) {
      if (!inputs.url) {
        throw Errors.URL_MUST_BE_PRESENT;
      }

      data = await sails.helpers.attachments.processLink(inputs.url);
    }

    const values = {
      ..._.pick(inputs, ['type', 'name']),
      data,
    };

    const attachment = await sails.helpers.attachments.createOne.with({
      project,
      board,
      list,
      values: {
        ...values,
        card,
        creatorUser: currentUser,
      },
      requestId: inputs.requestId,
      request: this.req,
    });

    return exits.success({
      item: sails.helpers.attachments.presentOne(attachment),
    });
  },
};
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`/*!`
			`* Copyright (c) 2024 PLANKA Software GmbH`
			`* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md`
			`*/`

docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`/**`
			`* @swagger`
docs: Add base path for API endpoints to Swagger 2025-09-08 18:25:26 +02:00			`* /cards/{cardId}/attachments:`
docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`* post:`
			`* summary: Create attachment`
			`* description: Creates an attachment on a card. Requires board editor permissions.`
			`* tags:`
			`* - Attachments`
			`* parameters:`
			`* - name: cardId`
			`* in: path`
			`* required: true`
			`* description: ID of the card to create the attachment on`
			`* schema:`
			`* type: string`
docs: Quote example ids in Swagger 2025-09-08 19:14:31 +02:00			`* example: "1357158568008091264"`
docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`* requestBody:`
			`* required: true`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - type`
			`* - url`
			`* - name`
			`* properties:`
			`* type:`
			`* type: string`
			`* enum: [link]`
			`* description: Type of the attachment`
			`* example: link`
			`* url:`
			`* type: string`
			`* maxLength: 2048`
			`* description: URL for the link attachment`
			`* example: https://google.com/search?q=planka`
			`* name:`
			`* type: string`
			`* maxLength: 128`
			`* description: Name/title of the attachment`
			`* example: Google Link`
			`* multipart/form-data:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - type`
			`* - file`
			`* - name`
			`* properties:`
			`* type:`
			`* type: string`
			`* enum: [file]`
			`* description: Type of the attachment`
			`* example: file`
			`* file:`
			`* type: string`
			`* format: binary`
			`* description: File to upload`
			`* name:`
			`* type: string`
			`* maxLength: 128`
			`* description: Name/title of the attachment`
			`* example: Important Document`
			`* requestId:`
			`* type: string`
			`* maxLength: 128`
			`* description: Request ID for tracking`
			`* example: req_123456`
			`* responses:`
			`* 200:`
			`* description: Attachment created successfully`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - item`
			`* properties:`
			`* item:`
			`* $ref: '#/components/schemas/Attachment'`
			`* 400:`
			`* $ref: '#/components/responses/ValidationError'`
			`* 401:`
			`* $ref: '#/components/responses/Unauthorized'`
			`* 403:`
			`* $ref: '#/components/responses/Forbidden'`
			`* 404:`
			`* $ref: '#/components/responses/NotFound'`
			`* 422:`
			`* description: Upload or validation error`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - code`
			`* - message`
			`* properties:`
			`* code:`
			`* type: string`
			`* description: Error code`
			`* example: E_UNPROCESSABLE_ENTITY`
			`* message:`
			`* type: string`
			`* enum:`
			`* - No file was uploaded`
			`* - Url must be present`
			`* description: Specific error message`
			`* example: No file was uploaded`
			`*/`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const { isUrl } = require('../../../utils/validators');`
			`const { idInput } = require('../../../utils/inputs');`

Add file attachments 2020-04-21 05:04:34 +05:00			`const Errors = {`
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`NOT_ENOUGH_RIGHTS: {`
			`notEnoughRights: 'Not enough rights',`
			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`CARD_NOT_FOUND: {`
			`cardNotFound: 'Card not found',`
			`},`
fix: Change mechanics of file uploading 2022-08-26 02:45:27 +02:00			`NO_FILE_WAS_UPLOADED: {`
			`noFileWasUploaded: 'No file was uploaded',`
			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`URL_MUST_BE_PRESENT: {`
			`urlMustBePresent: 'Url must be present',`
			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`};`

			`module.exports = {`
			`inputs: {`
			`cardId: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`...idInput,`
			`required: true,`
			`},`
			`type: {`
			`type: 'string',`
			`isIn: Object.values(Attachment.Types),`
			`required: true,`
			`},`
			`url: {`
Add file attachments 2020-04-21 05:04:34 +05:00			`type: 'string',`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`maxLength: 2048,`
			`custom: isUrl,`
			`},`
			`name: {`
			`type: 'string',`
			`maxLength: 128,`
Add file attachments 2020-04-21 05:04:34 +05:00			`required: true,`
			`},`
Fix attachment duplication on add 2020-04-23 05:56:02 +05:00			`requestId: {`
			`type: 'string',`
			`isNotEmptyString: true,`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`maxLength: 128,`
Fix attachment duplication on add 2020-04-23 05:56:02 +05:00			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`},`

			`exits: {`
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`notEnoughRights: {`
			`responseType: 'forbidden',`
			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`cardNotFound: {`
			`responseType: 'notFound',`
			`},`
fix: Change mechanics of file uploading 2022-08-26 02:45:27 +02:00			`noFileWasUploaded: {`
			`responseType: 'unprocessableEntity',`
			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`uploadError: {`
			`responseType: 'unprocessableEntity',`
			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`urlMustBePresent: {`
			`responseType: 'unprocessableEntity',`
			`},`
Add file attachments 2020-04-21 05:04:34 +05:00			`},`

			`async fn(inputs, exits) {`
			`const { currentUser } = this.req;`

feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`const { card, list, board, project } = await sails.helpers.cards`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`.getPathToProjectById(inputs.cardId)`
Add file attachments 2020-04-21 05:04:34 +05:00			`.intercept('pathNotFound', () => Errors.CARD_NOT_FOUND);`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const boardMembership = await BoardMembership.qm.getOneByBoardIdAndUserId(`
			`board.id,`
			`currentUser.id,`
			`);`
Add file attachments 2020-04-21 05:04:34 +05:00
feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`if (!boardMembership) {`
Add file attachments 2020-04-21 05:04:34 +05:00			`throw Errors.CARD_NOT_FOUND; // Forbidden`
			`}`

feat: Permissions for board members Closes #262 2022-08-19 14:00:40 +02:00			`if (boardMembership.role !== BoardMembership.Roles.EDITOR) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`let data;`
			`if (inputs.type === Attachment.Types.FILE) {`
			`let files;`
			`try {`
feat: Track storage usage 2025-08-23 00:03:20 +02:00			`files = await sails.helpers.utils.receiveFile(this.req.file('file'));`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`} catch (error) {`
			`return exits.uploadError(error.message); // TODO: add error`
			`}`

			`if (files.length === 0) {`
			`throw Errors.NO_FILE_WAS_UPLOADED;`
			`}`

			`const file = _.last(files);`
			`data = await sails.helpers.attachments.processUploadedFile(file);`
			`} else if (inputs.type === Attachment.Types.LINK) {`
			`if (!inputs.url) {`
			`throw Errors.URL_MUST_BE_PRESENT;`
			`}`
Add file attachments 2020-04-21 05:04:34 +05:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`data = await sails.helpers.attachments.processLink(inputs.url);`
fix: Change mechanics of file uploading 2022-08-26 02:45:27 +02:00			`}`
Add file attachments 2020-04-21 05:04:34 +05:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const values = {`
			`..._.pick(inputs, ['type', 'name']),`
			`data,`
			`};`
Add file attachments 2020-04-21 05:04:34 +05:00
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`const attachment = await sails.helpers.attachments.createOne.with({`
feat: Webhooks configuration, all events support, refactoring 2024-06-12 00:51:36 +02:00			`project,`
			`board,`
			`list,`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`values: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`...values,`
ref: Remove board types, refactoring 2022-12-26 21:10:50 +01:00			`card,`
			`creatorUser: currentUser,`
			`},`
			`requestId: inputs.requestId,`
			`request: this.req,`
			`});`
Add file attachments 2020-04-21 05:04:34 +05:00
fix: Change mechanics of file uploading 2022-08-26 02:45:27 +02:00			`return exits.success({`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`item: sails.helpers.attachments.presentOne(attachment),`
fix: Change mechanics of file uploading 2022-08-26 02:45:27 +02:00			`});`
Add file attachments 2020-04-21 05:04:34 +05:00			`},`
			`};`