summaryrefslogtreecommitdiffstats
path: root/server/api/roles.js
diff options
context:
space:
mode:
authorChristian Hofmaier2019-02-25 04:25:08 +0100
committerChristian Hofmaier2019-02-25 04:25:08 +0100
commit7b098c8b969a1d283a94391d9d8050ad0c5a4d13 (patch)
tree82d9f6edbc4503d3419a41626a986c4797478c8d /server/api/roles.js
parent[webapp/datatable] improved slim mode (diff)
downloadbas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.tar.gz
bas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.tar.xz
bas-7b098c8b969a1d283a94391d9d8050ad0c5a4d13.zip
[permissionmanager] rework for blacklist system
- integrate PM into PM itself - wildcard function for hasPermission()
Diffstat (limited to 'server/api/roles.js')
-rw-r--r--server/api/roles.js64
1 files changed, 35 insertions, 29 deletions
diff --git a/server/api/roles.js b/server/api/roles.js
index 5e62443..3b86f50 100644
--- a/server/api/roles.js
+++ b/server/api/roles.js
@@ -10,22 +10,24 @@ var router = decorateApp(express.Router())
*
* @return: Returns the information about a role and it's permissions and groups.
*/
-router.get('/:id', (req, res) => {
- db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] }).then(role => {
- if (role) res.send(role)
- else res.status(404).end()
- })
+router.getAsync('/:id', async (req, res) => {
+ if (!await req.user.hasPermission('permissions.*')) {
+ res.status(403).end()
+ }
+ var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] })
+ if (role) res.send(role)
+ else res.status(404).end()
})
/*
* @return: Returns a list of all roles in the database.
*/
-router.get('', (req, res) => {
- db.role.findAll({
- attributes: ['id', 'name', 'descr']
- }).then(function (roles) {
- res.status(200).send(roles)
- })
+router.getAsync('', async (req, res) => {
+ if (!await req.user.hasPermission('permissions.*')) {
+ res.status(403).end()
+ }
+ var roles = await db.role.findAll({ attributes: ['id', 'name', 'descr'] })
+ res.status(200).send(roles)
})
/*
@@ -36,33 +38,37 @@ router.get('', (req, res) => {
* groups: <GROUP_IDS>,
* recursiveMode: < RECURSIVE_MODE>
*
- * Creates, updates or deletes a role. If recursiveMode is set to true, the <GROUP_IDS> are saved with childs.
+ * Creates, updates or deletes a role.
*
*/
-router.post(['', '/:id'], (req, res) => {
+router.postAsync(['', '/:id'], async (req, res) => {
+ if (!await req.user.hasPermission('permissions.editrole')) {
+ res.status(403).end()
+ }
// ?delete Delete the roles
if (req.query.delete !== undefined && req.query.delete !== 'false') {
- db.role.destroy({ where: { id: req.body.ids } }).then(function () {
- res.status(200).send('success')
- })
+ await db.role.destroy({ where: { id: req.body.ids } })
+ res.status(200).send('success')
} else {
+ var promises = []
+ var roleDb
if (req.params.id === undefined) {
// Create new role
- db.role.create({ name: req.body.name, descr: req.body.descr, recursiveGroups: req.body.recursiveMode }).then(roleDb => {
- var promises = []
- promises.push(roleDb.addPermissions(req.body.permissions))
- promises.push(roleDb.addGroups(req.body.groups))
- Promise.all(promises).then(() => { res.send({ id: req.body.id }) })
- })
+ roleDb = await db.role.create({ name: req.body.name, descr: req.body.descr })
+ promises.push(roleDb.addPermissions(req.body.permissions))
+ promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } }))
+ promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
+ await Promise.all(promises)
+ res.send({ id: req.body.id })
} else {
// Update existing role
- db.role.findOne({ where: { id: req.body.id } }).then(roleDb => {
- var promises = []
- promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr, recursiveGroups: req.body.recursiveMode }))
- promises.push(roleDb.setPermissions(req.body.permissions))
- promises.push(roleDb.setGroups(req.body.groups))
- Promise.all(promises).then(() => { res.send({ id: req.body.id }) })
- })
+ roleDb = await db.role.findOne({ where: { id: req.body.id } })
+ promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr }))
+ promises.push(roleDb.setPermissions(req.body.permissions))
+ promises.push(roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } }))
+ promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
+ await Promise.all(promises)
+ res.send({ id: req.body.id })
}
}
})