@@ -15,6 +15,7 @@ const { UsernameNotifSelector } = require('../services/NotificationService');
1515const { quot } = require ( '../util/strutil' ) ;
1616const { UtilFn } = require ( '../util/fnutil' ) ;
1717const { WorkList } = require ( '../util/workutil' ) ;
18+ const { DB_WRITE } = require ( '../services/database/consts' ) ;
1819
1920const router = express . Router ( ) ;
2021
@@ -29,6 +30,8 @@ const v0_2 = async (req, res) => {
2930
3031 const actor = Context . get ( 'actor' ) ;
3132
33+ const db = req . services . get ( 'database' ) . get ( 'share' , DB_WRITE ) ;
34+
3235 // === Request Validators ===
3336
3437 const validate_mode = UtilFn ( mode => {
@@ -372,11 +375,6 @@ const v0_2 = async (req, res) => {
372375 continue ;
373376 }
374377
375- // Process: conditionally add permission for subdomain
376- for ( const item of shares_work . list ( ) ) {
377- // NEXT
378- }
379-
380378 shares_work . clear_invalid ( ) ;
381379
382380 for ( const item of shares_work . list ( ) ) {
@@ -410,11 +408,49 @@ const v0_2 = async (req, res) => {
410408
411409 shares_work . clear_invalid ( ) ;
412410
411+ // Fetch app info for app shares
413412 for ( const item of shares_work . list ( ) ) {
414413 if ( item . type !== 'app' ) continue ;
415- const app = await get_app ( { } ) ;
414+ const { thing } = item ;
415+
416+ const app = await get_app ( thing . uid ?
417+ { uid : thing . uid } : { name : thing . name } ) ;
418+ if ( ! app ) {
419+ item . invalid = true ;
420+ result . shares [ item . i ] =
421+ // note: since we're reporting `entity_not_found`
422+ // we will report the id as an entity-storage-compatible
423+ // identifier.
424+ APIError . create ( 'entity_not_found' , null , {
425+ identifier : thing . uid
426+ ? { uid : thing . uid }
427+ : { id : { name : thing . name } }
428+ } ) ;
429+ }
430+ item . app = app ;
416431 }
417432
433+ shares_work . clear_invalid ( ) ;
434+
435+ // Process: conditionally add permission for subdomain
436+ for ( const item of shares_work . list ( ) ) {
437+ if ( item . type !== 'app' ) continue ;
438+ const [ subdomain ] = await db . read (
439+ `SELECT * FROM subdomains WHERE associated_app_id = ? ` +
440+ `AND user_id = ? LIMIT 1` ,
441+ [ item . app . id , actor . type . user . id ]
442+ ) ;
443+ if ( ! subdomain ) continue ;
444+
445+ // The subdomain is also owned by this user, so we'll
446+ // add a permission for that as well
447+
448+ const site_selector = `uid#${ subdomain . uuid } ` ;
449+ item . share_intent . permissions . push (
450+ PermissionUtil . join ( 'site' , site_selector , 'access' )
451+ )
452+ }
453+
418454 shares_work . clear_invalid ( ) ;
419455
420456 // Mark files as successful; further errors will be
0 commit comments