nodebb-plugin-onekite-calendar 2.0.65 → 2.0.66
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/api.js +33 -5
- package/package.json +1 -1
- package/plugin.json +1 -1
package/lib/api.js
CHANGED
|
@@ -765,13 +765,27 @@ api.getReservationDetails = async function (req, res) {
|
|
|
765
765
|
return res.json(out);
|
|
766
766
|
};
|
|
767
767
|
|
|
768
|
+
/**
|
|
769
|
+
* Get detailed information about a special event.
|
|
770
|
+
*
|
|
771
|
+
* This endpoint is publicly accessible (no authentication required).
|
|
772
|
+
* Guests can view all event details including participants, but cannot join (canJoin will be false).
|
|
773
|
+
*
|
|
774
|
+
* @route GET /api/v3/plugins/calendar-onekite/special-events/:eid
|
|
775
|
+
* @param {Object} req - Express request object with req.params.eid and optionally req.uid
|
|
776
|
+
* @param {Object} res - Express response object
|
|
777
|
+
* @returns {Object} Event details including participants list, calendar export links, and permission flags
|
|
778
|
+
*
|
|
779
|
+
* @since 1.0.0 Modified to allow unauthenticated access (guests can view)
|
|
780
|
+
*/
|
|
768
781
|
api.getSpecialEventDetails = async function (req, res) {
|
|
769
782
|
const uid = req.uid;
|
|
770
|
-
|
|
783
|
+
// Guests (uid = null/undefined/0) can view event details but cannot join.
|
|
784
|
+
// Authenticated users get canJoin=true if they meet participation requirements.
|
|
771
785
|
|
|
772
786
|
const settings = await getSettings();
|
|
773
|
-
const canMod = await canValidate(uid, settings);
|
|
774
|
-
const canSpecialDelete = await canDeleteSpecial(uid, settings);
|
|
787
|
+
const canMod = uid ? await canValidate(uid, settings) : false;
|
|
788
|
+
const canSpecialDelete = uid ? await canDeleteSpecial(uid, settings) : false;
|
|
775
789
|
|
|
776
790
|
const eid = String(req.params.eid || '').trim();
|
|
777
791
|
if (!eid) return res.status(400).json({ error: 'missing-eid' });
|
|
@@ -977,12 +991,26 @@ api.deleteSpecialEvent = async function (req, res) {
|
|
|
977
991
|
res.json({ ok: true });
|
|
978
992
|
};
|
|
979
993
|
|
|
994
|
+
/**
|
|
995
|
+
* Get detailed information about an outing (prévision de sortie).
|
|
996
|
+
*
|
|
997
|
+
* This endpoint is publicly accessible (no authentication required).
|
|
998
|
+
* Guests can view all outing details including participants, but cannot join (canJoin will be false).
|
|
999
|
+
*
|
|
1000
|
+
* @route GET /api/v3/plugins/calendar-onekite/outings/:oid
|
|
1001
|
+
* @param {Object} req - Express request object with req.params.oid and optionally req.uid
|
|
1002
|
+
* @param {Object} res - Express response object
|
|
1003
|
+
* @returns {Object} Outing details including participants list, calendar export links, and permission flags
|
|
1004
|
+
*
|
|
1005
|
+
* @since 1.0.0 Modified to allow unauthenticated access (guests can view)
|
|
1006
|
+
*/
|
|
980
1007
|
api.getOutingDetails = async function (req, res) {
|
|
981
1008
|
const uid = req.uid;
|
|
982
|
-
|
|
1009
|
+
// Guests (uid = null/undefined/0) can view outing details but cannot join.
|
|
1010
|
+
// Only authenticated users in authorized groups can join outings (canRequest).
|
|
983
1011
|
|
|
984
1012
|
const settings = await getSettings();
|
|
985
|
-
const canMod = await canValidate(uid, settings);
|
|
1013
|
+
const canMod = uid ? await canValidate(uid, settings) : false;
|
|
986
1014
|
|
|
987
1015
|
const oid = String(req.params.oid || '').trim();
|
|
988
1016
|
if (!oid) return res.status(400).json({ error: 'missing-oid' });
|
package/package.json
CHANGED
package/plugin.json
CHANGED