summaryrefslogtreecommitdiffstats
path: root/server/api/events.js
diff options
context:
space:
mode:
authorJannik Schönartz2020-06-08 02:31:55 +0200
committerJannik Schönartz2020-06-08 02:31:55 +0200
commit12c2d252cf76c45bb8a2b457812540400465de3b (patch)
tree227196cf5ee33fbfb8b9fb326a21cccdac64d599 /server/api/events.js
parent[users/ipxe/backends] PM integration (diff)
downloadbas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.gz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.xz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.zip
[server] PM integration in all missing api-points but groups
Diffstat (limited to 'server/api/events.js')
-rw-r--r--server/api/events.js21
1 files changed, 21 insertions, 0 deletions
diff --git a/server/api/events.js b/server/api/events.js
index 7e330e5..310a64a 100644
--- a/server/api/events.js
+++ b/server/api/events.js
@@ -11,6 +11,27 @@ socket.connect('ipc:///tmp/bas_zeromq_events')
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('events.view')) return res.status(403).send({ error: 'Missing permission', permission: 'events.view' })
+ break
+
+ case 'POST':
+ // TODO: REMOVE blacklist free pass IF PM uses own blacklist function --> HELPER LIB?!
+ if (req.params.x === 'blacklist') break
+
+ if (!await req.user.hasPermission('events.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'events.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################