summaryrefslogtreecommitdiffstats
path: root/server/api/ipxeentries.js
diff options
context:
space:
mode:
authorJannik Schönartz2020-06-08 02:31:55 +0200
committerJannik Schönartz2020-06-08 02:31:55 +0200
commit12c2d252cf76c45bb8a2b457812540400465de3b (patch)
tree227196cf5ee33fbfb8b9fb326a21cccdac64d599 /server/api/ipxeentries.js
parent[users/ipxe/backends] PM integration (diff)
downloadbas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.gz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.xz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.zip
[server] PM integration in all missing api-points but groups
Diffstat (limited to 'server/api/ipxeentries.js')
-rw-r--r--server/api/ipxeentries.js18
1 files changed, 18 insertions, 0 deletions
diff --git a/server/api/ipxeentries.js b/server/api/ipxeentries.js
index 1003754..53b3731 100644
--- a/server/api/ipxeentries.js
+++ b/server/api/ipxeentries.js
@@ -6,6 +6,24 @@ const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################