summaryrefslogblamecommitdiffstats
path: root/server/api/roles.js
blob: 8d5cf4e6c76d2252f2e79458e4c8ebbbb42f805d (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12











                                                                                   
                                             

                                                                                  


                                                                                                        




                                                          
                                         

                                                                                  

                                                                            









                                     
                                        

     
                                                    

                                                                                         

                                                                       

                                                          
          

                     

                                      





                                                                                        

                             






                                                                                        




                              
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())

/*
   * ?id=<ROLE_ID>
   *
   * @return: Returns the information about a role and it's permissions and groups.
   */
router.getAsync('/:id', async (req, res) => {
  if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] })
  if (role) res.send(role)
  else res.status(404).end()
})

/*
   * @return: Returns a list of all roles in the database.
   */
router.getAsync('', async (req, res) => {
  if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var roles = await db.role.findAll({ attributes: ['id', 'name', 'descr'] })
  res.status(200).send(roles)
})

/*
   * id: <ROLE_ID>
   * name: <ROLE_NAME>
   * descr: <ROLE_DESCRIPTION>
   * permissions: <PERMISSION_IDS>
   * groups: <GROUP_IDS>,
   * recursiveMode: < RECURSIVE_MODE>
   *
   * Creates, updates or deletes a role.
   *
   */
router.postAsync(['', '/:id'], async (req, res) => {
  if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end()

  // ?delete Delete the roles
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    await db.role.destroy({ where: { id: req.body.ids } })
    res.status(200).send('success')
  } else {
    var promises = []
    var roleDb
    if (req.params.id === undefined) {
      // Create new role
      roleDb = await db.role.create({ name: req.body.name, descr: req.body.descr })
      promises.push(roleDb.addPermissions(req.body.permissions))
      promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } }))
      promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
      await Promise.all(promises)
      res.send({ id: req.body.id })
    } else {
      // Update existing role
      roleDb = await db.role.findOne({ where: { id: req.body.id } })
      promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr }))
      promises.push(roleDb.setPermissions(req.body.permissions))
      promises.push(roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } }))
      promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
      await Promise.all(promises)
      res.send({ id: req.body.id })
    }
  }
})

module.exports.router = router