From dbab83e315bb31a77f254a8e85d48b934537f4e1 Mon Sep 17 00:00:00 2001
From: Dimitrie Stefanescu <didimitrie@gmail.com>
Date: Tue, 16 Mar 2021 08:16:08 +0000
Subject: [PATCH] feat(server): checking in code

---
 .../modules/serverinvites/services/index.js   | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/packages/server/modules/serverinvites/services/index.js b/packages/server/modules/serverinvites/services/index.js
index 5c0fe9838..f9170370d 100644
--- a/packages/server/modules/serverinvites/services/index.js
+++ b/packages/server/modules/serverinvites/services/index.js
@@ -21,26 +21,26 @@ module.exports = {
     let existingInvite = await module.exports.getInviteByEmail( { email } )
     if ( existingInvite ) throw new Error( 'Already invited!' )
 
-    let hasTarget = resourceTarget || resourceId || role
-    if ( hasTarget ) {
-      if ( !resourceTarget || !resourceId || !role ) throw new Error( 'Invalid invite resource targets' )
-      // TODO: Check permissions on resource.
-      // Only resource owners should be able to invite others and grant them permissions
-    }
+    // TODO: currently disabled, to do in the future
+    // let hasTarget = resourceTarget || resourceId || role
+    // if ( hasTarget ) {
+    //   if ( !resourceTarget || !resourceId || !role ) throw new Error( 'Invalid invite resource targets' )
+    //   // TODO: Check permissions on resource.
+    //   // Only resource owners should be able to invite others and grant them permissions
+    // }
 
     let inviter = await getUserById( { id: inviterId } )
     let invite = {
       id: crs( { length:20 } ),
       email,
       inviterId: inviterId,
-      message,
-      resourceTarget,
-      resourceId,
-      role
+      message
     }
 
     // insert into table
 
+    await Invites().insert( invite )
+
     // send email with correct link
   },
 
@@ -52,13 +52,16 @@ module.exports = {
     return await Invites().where( { email: email } ).select( '*' ).first()
   },
 
-  async useInvite( { id } ) {
+  async useInvite( { id, email } ) {
     // TODO
     // send email to inviter that their invite was accepted?
     // add the new user to the respective resource ACL
     let invite = await module.exports.getInviteById( { id } )
     if ( !invite ) throw new Error( 'Invite not found' )
+    if ( invite.email !== email ) throw new Error( 'Invalid request' )
 
     // TODO: update invite 'used' -> true
   }
 }
+
+