From e43ce5681c1e87b6fcb773fdc7ee8a4001de8b7b Mon Sep 17 00:00:00 2001 From: Chris Myers Date: Tue, 24 Dec 2024 15:27:23 -0700 Subject: [PATCH] Prevent circular collections --- lib/views/addToCollection.js | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/views/addToCollection.js b/lib/views/addToCollection.js index 7ddb89edf..ddf0a602a 100644 --- a/lib/views/addToCollection.js +++ b/lib/views/addToCollection.js @@ -3,6 +3,7 @@ const pug = require('pug') const config = require('../config') const sparql = require('../sparql/sparql') const getOwnedBy = require('../query/ownedBy') +const getUrisFromReq = require('../getUrisFromReq') module.exports = function (req, res) { req.setTimeout(0) // no timeout @@ -18,11 +19,16 @@ module.exports = function (req, res) { } } + const { uri } = getUrisFromReq(req, res) + return sparql.queryJson(collectionQuery, req.user.graphUri).then((collections) => { - collections.map((result) => { + collections = collections.filter((result) => { + return result.subject !== uri + }).map((result) => { result.uri = result.subject result.name = result.name ? result.name : result.uri.toString() delete result.subject + return result }) collections.sort(sortByNames) @@ -64,6 +70,20 @@ module.exports = function (req, res) { memberUri = memberUri.replace('/user/', config.get('databasePrefix') + 'user/') } + if (memberUri === uri) { + if (!req.accepts('text/html')) { + return res.status(400).type('text/plain').send('Cannot make a collection a member of itself') + } else { + const locals = { + config: config.get(), + section: 'errors', + user: req.user, + errors: [ 'Cannot make a collection a member of itself' ] + } + return res.status(400).send(pug.renderFile('templates/views/errors/errors.jade', locals)) + } + } + var templateParams = { uri: uri, memberUri: memberUri