summaryrefslogtreecommitdiffstats
path: root/server/api/registration.js
diff options
context:
space:
mode:
authorJannik Schönartz2020-06-08 02:31:55 +0200
committerJannik Schönartz2020-06-08 02:31:55 +0200
commit12c2d252cf76c45bb8a2b457812540400465de3b (patch)
tree227196cf5ee33fbfb8b9fb326a21cccdac64d599 /server/api/registration.js
parent[users/ipxe/backends] PM integration (diff)
downloadbas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.gz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.xz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.zip
[server] PM integration in all missing api-points but groups
Diffstat (limited to 'server/api/registration.js')
-rw-r--r--server/api/registration.js18
1 files changed, 18 insertions, 0 deletions
diff --git a/server/api/registration.js b/server/api/registration.js
index 86bf185..fd10fba 100644
--- a/server/api/registration.js
+++ b/server/api/registration.js
@@ -13,6 +13,24 @@ const url = config.https.host // + ':' + config.https.port
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/hooks', '/:y', '/hooks/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('registration.view')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('registration.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// GET requests.
/*