summaryrefslogblamecommitdiffstats
path: root/server/api/roles.js
blob: 4d75bfb941dcc5b525e3842837d5c302389d1472 (plain) (tree)
1
2
3
4
5
6
7
8
9







                                                         
               


                                                                                   
                                             

                                                                                  


                                                                                                        




                                                          
                                         

                                                                                  

                                                                            







                                  
                           
    
                                        

     
                                                    

                                                                                         

                                                                       

                                                          
          

                     

                                      





                                                                                        

                             










                                                                                          




                              
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())

/*
   * /<ROLE_ID>
   *
   * @return: Returns the information about a role and it's permissions and groups.
   */
router.getAsync('/:id', async (req, res) => {
  if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] })
  if (role) res.send(role)
  else res.status(404).end()
})

/*
   * @return: Returns a list of all roles in the database.
   */
router.getAsync('', async (req, res) => {
  if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()

  var roles = await db.role.findAll({ attributes: ['id', 'name', 'descr'] })
  res.status(200).send(roles)
})

/*
   * id: <ROLE_ID>
   * name: <ROLE_NAME>
   * descr: <ROLE_DESCRIPTION>
   * permissions: <PERMISSION_IDS>
   * groups: <GROUP_IDS>,
   * blacklist: <GROUP_IDS>
   *
   * Creates, updates or deletes a role.
   *
   */
router.postAsync(['', '/:id'], async (req, res) => {
  if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end()

  // ?delete Delete the roles
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    await db.role.destroy({ where: { id: req.body.ids } })
    res.status(200).send('success')
  } else {
    var promises = []
    var roleDb
    if (req.params.id === undefined) {
      // Create new role
      roleDb = await db.role.create({ name: req.body.name, descr: req.body.descr })
      promises.push(roleDb.addPermissions(req.body.permissions))
      promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } }))
      promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
      await Promise.all(promises)
      res.send({ id: req.body.id })
    } else {
      // Update existing role
      roleDb = await db.role.findOne({ where: { id: req.params.id } })
      if (roleDb !== null) {
        promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr }))
        promises.push(roleDb.setPermissions(req.body.permissions))
        promises.push(roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } }))
        promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
        await Promise.all(promises)
        res.send({ id: req.params.id })
      } else {
        res.status(404).end()
      }
    }
  }
})

module.exports.router = router