summaryrefslogtreecommitdiffstats
path: root/server/api
diff options
context:
space:
mode:
authorChristian Hofmaier2019-05-20 03:56:40 +0200
committerChristian Hofmaier2019-05-20 03:56:40 +0200
commit6d83a227b052837bee36a08503a042b90e5cf1cb (patch)
tree2074a020f0243ca0553e308915b3bdaf7991d936 /server/api
parent[eventmanager] add tutorial classes + fix 'name not empty' bug (diff)
downloadbas-6d83a227b052837bee36a08503a042b90e5cf1cb.tar.gz
bas-6d83a227b052837bee36a08503a042b90e5cf1cb.tar.xz
bas-6d83a227b052837bee36a08503a042b90e5cf1cb.zip
[permissionmanager] frontend rework
- bulk call for loading childs of groups - change submit to save/create - reload site after role changes - skip blacklist when no groups selected - performance improvements - new dialog system
Diffstat (limited to 'server/api')
-rw-r--r--server/api/roles.js19
-rw-r--r--server/api/users.js15
2 files changed, 18 insertions, 16 deletions
diff --git a/server/api/roles.js b/server/api/roles.js
index 4d75bfb..e9ccf2c 100644
--- a/server/api/roles.js
+++ b/server/api/roles.js
@@ -11,9 +11,10 @@ var router = decorateApp(express.Router())
* @return: Returns the information about a role and it's permissions and groups.
*/
router.getAsync('/:id', async (req, res) => {
- if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()
+ // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()
var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] })
+ console.log(role)
if (role) res.send(role)
else res.status(404).end()
})
@@ -22,14 +23,14 @@ router.getAsync('/:id', async (req, res) => {
* @return: Returns a list of all roles in the database.
*/
router.getAsync('', async (req, res) => {
- if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()
+ // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end()
- var roles = await db.role.findAll({ attributes: ['id', 'name', 'descr'] })
- res.status(200).send(roles)
+ var roles = await db.role.findAll({ include: ['permissions', 'groups'] })
+ if (roles) res.status(200).send(roles)
+ else res.status(404).end()
})
/*
- * id: <ROLE_ID>
* name: <ROLE_NAME>
* descr: <ROLE_DESCRIPTION>
* permissions: <PERMISSION_IDS>
@@ -40,7 +41,7 @@ router.getAsync('', async (req, res) => {
*
*/
router.postAsync(['', '/:id'], async (req, res) => {
- if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end()
+ // if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end()
// ?delete Delete the roles
if (req.query.delete !== undefined && req.query.delete !== 'false') {
@@ -51,17 +52,17 @@ router.postAsync(['', '/:id'], async (req, res) => {
var roleDb
if (req.params.id === undefined) {
// Create new role
- roleDb = await db.role.create({ name: req.body.name, descr: req.body.descr })
+ roleDb = await db.role.create({ name: req.body.name, descr: req.body.description })
promises.push(roleDb.addPermissions(req.body.permissions))
promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } }))
promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
await Promise.all(promises)
res.send({ id: req.body.id })
- } else {
+ } else if (req.params.id > 0) {
// Update existing role
roleDb = await db.role.findOne({ where: { id: req.params.id } })
if (roleDb !== null) {
- promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr }))
+ promises.push(roleDb.update({ name: req.body.name, descr: req.body.description }))
promises.push(roleDb.setPermissions(req.body.permissions))
promises.push(roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } }))
promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }))
diff --git a/server/api/users.js b/server/api/users.js
index 744ffc6..33ad3d3 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -34,16 +34,17 @@ router.getAsync('/:id', async (req, res) => {
// ########################## POST requests #################################
// Post request for adding roles to users.
-router.postAsync('/:id/roles', async (req, res) => {
- if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end()
+router.postAsync('/roles', async (req, res) => {
+ // if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end()
- const id = req.params.id === 'current' ? req.user.id : req.params.id
- const user = await db.user.findOne({ where: { id } })
- if (user) {
+ const userIds = req.body.users
+ const roleIds = req.body.roles
+ const users = await db.user.findAll({ where: { id: userIds } })
+ if (users) {
if (req.query.delete !== undefined && req.query.delete !== 'false') {
- await user.removeRoles(req.body.ids)
+ users.forEach(user => { user.removeRoles(roleIds) })
} else {
- await user.addRoles(req.body.ids)
+ users.forEach(user => { user.addRoles(roleIds) })
}
res.status(200).end()
} else {