summaryrefslogblamecommitdiffstats
path: root/server/api/roles.js
blob: d98811a5338724f6ef5018dbabd8b620ae847cf0 (plain) (tree)
1
2
3
4
5
6
7
8
9


                                                         
                                                                    


                                                   

                                                                        
 







                                                                                                                                             


                                             









                                                                                                                                             
  
               


                                                                                   
                                             
                                                                                     
 


                                                                                                        




                                                          
                                         
                                                                                     
 


                                                                           


  



                                  
                           
    
                                        

     
                                                    
                                                                                            
 

                                                                       



















































                                                                                                   
          

                     

                                      
                                                                                         



                                                                                        










                                                                                               
                                   
                                   
                             

                                                                      



                                                                                 










                                                                                               



                                       



     









                                                                  
                              
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var groupHelper = require(path.join(__appdir, 'lib', 'grouphelper'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))

// Permission check middleware
router.all(['', '/:x'], async (req, res, next) => {
  switch (req.method) {
    case 'GET':
      if (!await req.user.hasPermission('roles.view')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.view' })
      break

    case 'POST':
      // TODO: Add Group-Permission check
      if (req.params.x === 'getChilds') break

      if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' })
      break

    default:
      return res.status(400).send()
  }

  next()
})

/*
   * /<ROLE_ID>
   *
   * @return: Returns the information about a role and it's permissions and groups.
   */
router.getAsync('/:id', async (req, res) => {
  // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] })
  if (role) res.send(role)
  else res.status(404).end()
})

/*
   * @return: Returns a list of all roles in the database.
   */
router.getAsync('', async (req, res) => {
  // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var roles = await db.role.findAll({ include: ['permissions', 'groups'] })
  if (roles) res.status(200).send(roles)
  else res.status(404).end()
})

/*
   * name: <ROLE_NAME>
   * descr: <ROLE_DESCRIPTION>
   * permissions: <PERMISSION_IDS>
   * groups: <GROUP_IDS>,
   * blacklist: <GROUP_IDS>
   *
   * Creates, updates or deletes a role.
   *
   */
router.postAsync(['', '/:id'], async (req, res) => {
  // if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end()

  // ?delete Delete the roles
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    const user = await db.user.findOne({ where: { id: req.user.id } })

    // Only need to log batch request if there is more than one event to delete.
    if (req.body.ids.length > 1) {
      await log({
        category: 'ROLE_BATCH_DELETE',
        description: 'Role batch deletion of ' + req.body.ids.length + ' roles initiated by user.',
        user,
        userId: req.user.id
      })
    }

    let deletionCounter = 0
    // Delete every event on its own, to get a better log
    for (let index in req.body.ids) {
      const role = await db.role.findOne({ where: { id: req.body.ids[index] } })
      const count = await db.role.destroy({ where: { id: req.body.ids[index] } })

      if (count !== 1) {
        await log({
          category: 'ERROR_ROLE_DELETE',
          description: '[' + role.id + '] ' + role.name + ': Role could not be deleted.\n' +
                       'ID: ' + role.id + '\n' +
                       'Name: ' + role.name + '\n' +
                       'Description: ' + role.descr + '\n',
          user,
          userId: req.user.id
        })
      } else {
        await log({
          category: 'ROLE_DELETE',
          description: '[' + role.id + '] ' + role.name + ': Role successfully deleted.\n' +
                       'ID: ' + role.id + '\n' +
                       'Name: ' + role.name + '\n' +
                       'Description: ' + role.descr + '\n',
          user,
          userId: req.user.id
        })
        deletionCounter++
      }
    }
    if (req.body.ids.length > 1) {
      log({
        category: 'ROLE_BATCH_DELETE',
        description: deletionCounter + '/' + req.body.ids.length + ' roles successfully deleted.',
        user,
        userId: req.user.id
      })
    }
    HttpResponse.successBatch('deleted', 'role', deletionCounter).send(res)

    // res.status(200).send('success')
  } else {
    var promises = []
    var roleDb
    if (req.params.id === undefined) {
      // Create new role
      roleDb = await db.role.create({ name: req.body.name, descr: req.body.description })
      promises.push(roleDb.addPermissions(req.body.permissions))
      promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } }))
      promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
      await Promise.all(promises)
      log({
        category: 'ROLE_CREATE',
        description: '[' + roleDb.id + '] ' + roleDb.name + ': Event successfully created.\n' +
                     'ID: ' + roleDb.id + '\n' +
                     'Name: ' + roleDb.name + '\n' +
                     'Description: ' + roleDb.descr + '\n' +
                     'Permissions: ' + req.body.permissions + '\n' +
                     'Groups: ' + req.body.groups + '\n' +
                     'Blacklist: ' + req.body.blacklist,
        userId: req.user.id
      })
      res.send({ id: req.body.id })
    } else if (req.params.id > 0) {
      // Update existing role
      roleDb = await db.role.findOne({ where: { id: req.params.id } })
      if (roleDb !== null) {
        await roleDb.update({ name: req.body.name, descr: req.body.description })
        await roleDb.setPermissions(req.body.permissions)
        await roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } })
        await roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } })
        log({
          category: 'ROLE_EDIT',
          description: '[' + roleDb.id + '] ' + roleDb.name + ': Role successfully edited.\n' +
                       'ID: ' + roleDb.id + '\n' +
                       'Name: ' + roleDb.name + '\n' +
                       'Description: ' + roleDb.descr + '\n' +
                       'Permissions: ' + req.body.permissions + '\n' +
                       'Groups: ' + req.body.groups + '\n' +
                       'Blacklist: ' + req.body.blacklist,
          userId: req.user.id
        })
        res.send({ id: req.params.id })
      } else {
        res.status(404).end()
      }
    }
  }
})

/*
 * @return: Returns a list of all childs of the given groups
 */
router.postAsync('/getChilds', async (req, res) => {
  if (req.body.groups) {
    var childs = await groupHelper.getAllChildren(req.body.groups)
    res.send(childs)
  } else res.status(404).end()
})

module.exports.router = router