5 files changed, 31 insertions, 33 deletions

diff --git a/.vscode/launch.json b/.vscode/launch.json
index e1c5c6f94..d09ba3435 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
             "name": "Launch Chrome against localhost",
             "sourceMaps": true,
             "breakOnLoad": true,
-            "url": "http://localhost:1050/logout",
+            "url": "http://localhost:1050/login",
             "webRoot": "${workspaceFolder}",
             "runtimeArgs": [
                 "--experimental-modules"
diff --git a/src/client/DocServer.ts b/src/client/DocServer.ts
index 4dea4f11c..e48654372 100644
--- a/src/client/DocServer.ts
+++ b/src/client/DocServer.ts
@@ -144,7 +144,7 @@ export namespace DocServer {
      * the server if the document has not been cached.
      * @param id the id of the requested document
      */
-    const _GetRefFieldImpl = (id: string, mongoCollection?: string): Promise<Opt<RefField>> => {
+    const _GetRefFieldImpl = (id: string): Promise<Opt<RefField>> => {
         // an initial pass through the cache to determine whether the document needs to be fetched,
         // is already in the process of being fetched or already exists in the
         // cache
@@ -155,7 +155,7 @@ export namespace DocServer {
             // synchronously, we emit a single callback to the server requesting the serialized (i.e. represented by a string)
             // field for the given ids. This returns a promise, which, when resolved, indicates the the JSON serialized version of
             // the field has been returned from the server
-            const getSerializedField = Utils.EmitCallback(_socket, MessageStore.GetRefField, { id, mongoCollection });
+            const getSerializedField = Utils.EmitCallback(_socket, MessageStore.GetRefField, id);
 
             // when the serialized RefField has been received, go head and begin deserializing it into an object.
             // Here, once deserialized, we also invoke .proto to 'load' the document's prototype, which ensures that all
@@ -190,8 +190,8 @@ export namespace DocServer {
 
     let _GetRefField: (id: string, mongoCollection?: string) => Promise<Opt<RefField>> = errorFunc;
 
-    export function GetRefField(id: string, mongoCollection = "newDocuments"): Promise<Opt<RefField>> {
-        return _GetRefField(id, mongoCollection);
+    export function GetRefField(id: string): Promise<Opt<RefField>> {
+        return _GetRefField(id);
     }
 
     export async function getYoutubeChannels() {
diff --git a/src/server/Message.ts b/src/server/Message.ts
index 86219d99a..aaee143e8 100644
--- a/src/server/Message.ts
+++ b/src/server/Message.ts
@@ -22,7 +22,6 @@ export interface Transferable {
     readonly id: string;
     readonly type: Types;
     readonly data?: any;
-    readonly mongoCollection?: string;
 }
 
 export enum YoutubeQueryTypes {
@@ -43,10 +42,6 @@ export interface Diff extends Reference {
     readonly diff: any;
 }
 
-export interface SourceSpecified extends Reference {
-    readonly mongoCollection?: string;
-}
-
 export namespace MessageStore {
     export const Foo = new Message<string>("Foo");
     export const Bar = new Message<string>("Bar");
@@ -56,7 +51,7 @@ export namespace MessageStore {
     export const GetDocument = new Message<string>("Get Document");
     export const DeleteAll = new Message<any>("Delete All");
 
-    export const GetRefField = new Message<SourceSpecified>("Get Ref Field");
+    export const GetRefField = new Message<string>("Get Ref Field");
     export const GetRefFields = new Message<string[]>("Get Ref Fields");
     export const UpdateField = new Message<Diff>("Update Ref Field");
     export const CreateField = new Message<Reference>("Create Ref Field");
diff --git a/src/server/credentials/google_docs_token.json b/src/server/credentials/google_docs_token.json
deleted file mode 100644
index 8bd62bdfa..000000000
--- a/src/server/credentials/google_docs_token.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-    "access_token": "ya29.ImCOBwXgckGbyHNLMX7r-13B5VDgxfzF5mQ7lFJ0FX5GF5EuAPBBN5_ijLnNLC4yw4xtFjJOkEtKiYr-60OIm4oOnowEJpZMyRGxFMy_Q8MTnzDpeN-7Di_baUzcu7m_KWM",
-    "refresh_token": "1/HTv_xFHszu2Nf3iiFrUTaeKzC_Vp2-6bpIB06xW_WHI",
-    "scope": "https://www.googleapis.com/auth/presentations.readonly https://www.googleapis.com/auth/documents.readonly https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/documents https://www.googleapis.com/auth/photoslibrary https://www.googleapis.com/auth/photoslibrary.appendonly https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/presentations https://www.googleapis.com/auth/photoslibrary.sharing",
-    "token_type": "Bearer",
-    "expiry_date": 1569366907812
-}
\ No newline at end of file
diff --git a/src/server/index.ts b/src/server/index.ts
index 9a778b88c..7ebb374e9 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -21,15 +21,15 @@ import * as wdm from 'webpack-dev-middleware';
 import * as whm from 'webpack-hot-middleware';
 import { Utils } from '../Utils';
 import { getForgot, getLogin, getLogout, getReset, getSignup, postForgot, postLogin, postReset, postSignup } from './authentication/controllers/user_controller';
-import User, { DashUserModel } from './authentication/models/user_model';
+import { DashUserModel } from './authentication/models/user_model';
 import { Client } from './Client';
 import { Database } from './database';
-import { MessageStore, Transferable, Types, Diff, YoutubeQueryTypes as YoutubeQueryType, YoutubeQueryInput, SourceSpecified } from "./Message";
+import { MessageStore, Transferable, Types, Diff, YoutubeQueryTypes as YoutubeQueryType, YoutubeQueryInput } from "./Message";
 import { RouteStore } from './RouteStore';
 import v4 = require('uuid/v4');
 const app = express();
 const config = require('../../webpack.config');
-import { createCanvas, loadImage, Canvas } from "canvas";
+import { createCanvas } from "canvas";
 const compiler = webpack(config);
 const port = 1050; // default port to listen
 const serverPort = 4321;
@@ -162,7 +162,8 @@ app.get("/buxton", (req, res) => {
 const STATUS = {
     OK: 200,
     BAD_REQUEST: 400,
-    EXECUTION_ERROR: 500
+    EXECUTION_ERROR: 500,
+    PERMISSION_DENIED: 403
 };
 
 const command_line = (command: string, fromDirectory?: string) => {
@@ -202,7 +203,7 @@ app.get("/version", (req, res) => {
 // SEARCH
 const solrURL = "http://localhost:8983/solr/#/dash";
 
-// GETTERSå
+// GETTERS
 
 app.get("/search", async (req, res) => {
     const solrQuery: any = {};
@@ -671,8 +672,7 @@ addSecureRoute(
     Method.GET,
     (user, res, req) => {
         if (release) {
-            res.send("no");
-            return;
+            return _permission_denied(res, deletionPermissionError);
         }
         deleteFields().then(() => res.redirect(RouteStore.home));
     },
@@ -682,10 +682,9 @@ addSecureRoute(
 
 addSecureRoute(
     Method.GET,
-    (user, res, req) => {
+    (_user, res, _req) => {
         if (release) {
-            res.send("no");
-            return;
+            return _permission_denied(res, deletionPermissionError);
         }
         deleteAll().then(() => res.redirect(RouteStore.home));
     },
@@ -777,8 +776,8 @@ function setField(socket: Socket, newValue: Transferable) {
     }
 }
 
-function GetRefField([args, callback]: [SourceSpecified, (result?: Transferable) => void]) {
-    Database.Instance.getDocument(args.id, callback, args.mongoCollection || "newDocuments");
+function GetRefField([id, callback]: [string, (result?: Transferable) => void]) {
+    Database.Instance.getDocument(id, callback, "newDocuments");
 }
 
 function GetRefFields([ids, callback]: [string[], (result?: Transferable[]) => void]) {
@@ -798,11 +797,10 @@ function HandleYoutubeQuery([query, callback]: [YoutubeQueryInput, (result?: any
 }
 
 const credentialsPath = path.join(__dirname, "./credentials/google_docs_credentials.json");
-const tokenPath = path.join(__dirname, "./credentials/google_docs_token.json");
 
 const EndpointHandlerMap = new Map<GoogleApiServerUtils.Action, GoogleApiServerUtils.ApiRouter>([
     ["create", (api, params) => api.create(params)],
-    ["retrieve", (api, params) => api.get(params, { params: "fields=inlineObjects" })],
+    ["retrieve", (api, params) => api.get(params)],
     ["update", (api, params) => api.batchUpdate(params)],
 ]);
 
@@ -885,13 +883,20 @@ const prefix = "google_photos_";
 
 const downloadError = "Encountered an error while executing downloads.";
 const requestError = "Unable to execute download: the body's media items were malformed.";
+const deletionPermissionError = "Cannot perform specialized delete outside of the development environment!";
 
-app.get("/deleteWithAux", async (req, res) => {
+app.get("/deleteWithAux", async (_req, res) => {
+    if (release) {
+        return _permission_denied(res, deletionPermissionError);
+    }
     await Database.Auxiliary.DeleteAll();
     res.redirect(RouteStore.delete);
 });
 
 app.get("/deleteWithGoogleCredentials", async (req, res) => {
+    if (release) {
+        return _permission_denied(res, deletionPermissionError);
+    }
     await Database.Auxiliary.GoogleAuthenticationToken.DeleteAll();
     res.redirect(RouteStore.delete);
 });
@@ -939,6 +944,11 @@ const _invalid = (res: Response, message: string) => {
     res.status(STATUS.BAD_REQUEST).send();
 };
 
+const _permission_denied = (res: Response, message: string) => {
+    res.statusMessage = message;
+    res.status(STATUS.BAD_REQUEST).send("Permission Denied!");
+};
+
 const suffixMap: { [type: string]: (string | [string, string | ((json: any) => any)]) } = {
     "number": "_n",
     "string": "_t",