summaryrefslogtreecommitdiffstats
path: root/server/api
diff options
context:
space:
mode:
authorJannik Schönartz2020-06-08 02:31:55 +0200
committerJannik Schönartz2020-06-08 02:31:55 +0200
commit12c2d252cf76c45bb8a2b457812540400465de3b (patch)
tree227196cf5ee33fbfb8b9fb326a21cccdac64d599 /server/api
parent[users/ipxe/backends] PM integration (diff)
downloadbas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.gz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.tar.xz
bas-12c2d252cf76c45bb8a2b457812540400465de3b.zip
[server] PM integration in all missing api-points but groups
Diffstat (limited to 'server/api')
-rw-r--r--server/api/backends.js1
-rw-r--r--server/api/backendtypes.js8
-rw-r--r--server/api/clients.js18
-rw-r--r--server/api/events.js21
-rw-r--r--server/api/ipranges.js18
-rw-r--r--server/api/ipxeconfigs.js18
-rw-r--r--server/api/ipxeentries.js18
-rw-r--r--server/api/permissions.js14
-rw-r--r--server/api/registration.js18
-rw-r--r--server/api/roles.js18
-rw-r--r--server/api/systemlog.js14
-rw-r--r--server/api/users.js4
-rw-r--r--server/api/wakerequests.js14
13 files changed, 177 insertions, 7 deletions
diff --git a/server/api/backends.js b/server/api/backends.js
index 872e0f6..63b4cb9 100644
--- a/server/api/backends.js
+++ b/server/api/backends.js
@@ -22,7 +22,6 @@ noAuthRouter.getAsync('/:id/test', async (req, res) => {
// Permission check middleware
router.all(['', '/:id', '/:id/:function'], async (req, res, next) => {
- console.log(req.params)
switch (req.method) {
case 'GET':
switch (req.params.function) {
diff --git a/server/api/backendtypes.js b/server/api/backendtypes.js
index ef371d8..90815b0 100644
--- a/server/api/backendtypes.js
+++ b/server/api/backendtypes.js
@@ -2,14 +2,14 @@
const path = require('path')
const ExternalBackends = require(path.join(__appdir, 'lib', 'external-backends'))
var express = require('express')
-var router = express.Router()
+var noAuthRouter = express.Router()
// GET requests.
/*
* @return: Returns a list of all available backend types.
*/
-router.get('/', (req, res) => {
+noAuthRouter.get('/', (req, res) => {
const backends = new ExternalBackends()
var files = backends.getBackends()
@@ -25,7 +25,7 @@ router.get('/', (req, res) => {
*
* @return: Returns the credentials structure and fields of a backend type.
*/
-router.get('/:type', (req, res) => {
+noAuthRouter.get('/:type', (req, res) => {
const backendType = req.params.type
const b = new ExternalBackends()
const instance = b.getInstance(backendType)
@@ -35,4 +35,4 @@ router.get('/:type', (req, res) => {
res.status(200).send(instance.getCredentials())
})
-module.exports.router = router
+module.exports.noAuthRouter = noAuthRouter
diff --git a/server/api/clients.js b/server/api/clients.js
index 4222f49..1a5c274 100644
--- a/server/api/clients.js
+++ b/server/api/clients.js
@@ -10,6 +10,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
const groupHelper = require(path.join(__appdir, 'lib', 'grouphelper'))
+// Permission check middleware
+router.all(['', '/:id'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('clients.view')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('clients.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/events.js b/server/api/events.js
index 7e330e5..310a64a 100644
--- a/server/api/events.js
+++ b/server/api/events.js
@@ -11,6 +11,27 @@ socket.connect('ipc:///tmp/bas_zeromq_events')
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('events.view')) return res.status(403).send({ error: 'Missing permission', permission: 'events.view' })
+ break
+
+ case 'POST':
+ // TODO: REMOVE blacklist free pass IF PM uses own blacklist function --> HELPER LIB?!
+ if (req.params.x === 'blacklist') break
+
+ if (!await req.user.hasPermission('events.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'events.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipranges.js b/server/api/ipranges.js
index 7750658..23fa76a 100644
--- a/server/api/ipranges.js
+++ b/server/api/ipranges.js
@@ -8,6 +8,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const iphelper = require(path.join(__appdir, 'lib', 'iphelper'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipranges.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('ipranges.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipranges.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipxeconfigs.js b/server/api/ipxeconfigs.js
index 3c6f6eb..6845952 100644
--- a/server/api/ipxeconfigs.js
+++ b/server/api/ipxeconfigs.js
@@ -8,6 +8,24 @@ var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipxeconfigs.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.view' })
+ break
+
+ case 'POST': case 'PUT': case 'DELETE':
+ if (!await req.user.hasPermission('ipxeconfigs.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeconfigs.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/ipxeentries.js b/server/api/ipxeentries.js
index 1003754..53b3731 100644
--- a/server/api/ipxeentries.js
+++ b/server/api/ipxeentries.js
@@ -6,6 +6,24 @@ const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/permissions.js b/server/api/permissions.js
index 45f656a..ca943a2 100644
--- a/server/api/permissions.js
+++ b/server/api/permissions.js
@@ -5,6 +5,20 @@ var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('permissions.view')) return res.status(403).send({ error: 'Missing permission', permission: 'permissions.view' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
/*
* @return: Returns if current user has given permission.
*/
diff --git a/server/api/registration.js b/server/api/registration.js
index 86bf185..fd10fba 100644
--- a/server/api/registration.js
+++ b/server/api/registration.js
@@ -13,6 +13,24 @@ const url = config.https.host // + ':' + config.https.port
const log = require(path.join(__appdir, 'lib', 'log'))
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
+// Permission check middleware
+router.all(['', '/hooks', '/:y', '/hooks/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('registration.view')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('registration.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'registration.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// GET requests.
/*
diff --git a/server/api/roles.js b/server/api/roles.js
index c7726b8..ba1c2a2 100644
--- a/server/api/roles.js
+++ b/server/api/roles.js
@@ -7,6 +7,24 @@ var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('roles.view')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.view' })
+ break
+
+ case 'POST':
+ if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
/*
* /<ROLE_ID>
*
diff --git a/server/api/systemlog.js b/server/api/systemlog.js
index 4d7a69a..6d69f71 100644
--- a/server/api/systemlog.js
+++ b/server/api/systemlog.js
@@ -5,6 +5,20 @@ var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('systemlog.view')) return res.status(403).send({ error: 'Missing permission', permission: 'systemlog.view' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################
diff --git a/server/api/users.js b/server/api/users.js
index a4940e0..2edac8d 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -8,10 +8,10 @@ var authentication = require(path.join(__appdir, 'lib', 'authentication'))
const log = require(path.join(__appdir, 'lib', 'log'))
// Permission check middleware
-router.all(['', '/:id'], async (req, res, next) => {
+router.all(['', '/:x'], async (req, res, next) => {
// User is allowed to edit his own information even without any permissions.
let currentInfo = false
- if (req.params.id && req.params.id === 'current') currentInfo = true
+ if (req.params.x && req.params.x === 'current') currentInfo = true
switch (req.method) {
case 'GET':
diff --git a/server/api/wakerequests.js b/server/api/wakerequests.js
index 811fea9..6f6faf3 100644
--- a/server/api/wakerequests.js
+++ b/server/api/wakerequests.js
@@ -7,6 +7,20 @@ const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const log = require(path.join(__appdir, 'lib', 'log'))
+// Permission check middleware
+router.all(['', '/:x'], async (req, res, next) => {
+ switch (req.method) {
+ case 'POST':
+ if (!await req.user.hasPermission('wakerequests.send')) return res.status(403).send({ error: 'Missing permission', permission: 'wakerequests.send' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
router.postAsync('', async (req, res) => {
const clients = await db.client.findAll({ where: { id: req.body.clients } })
await log({