summaryrefslogtreecommitdiffstats
path: root/server/api/clients.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/api/clients.js')
-rw-r--r--server/api/clients.js18
1 files changed, 18 insertions, 0 deletions
diff --git a/server/api/clients.js b/server/api/clients.js
index 4222f49..1a5c274 100644
--- a/server/api/clients.js
+++ b/server/api/clients.js
@@ -10,6 +10,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))
const log = require(path.join(__appdir, 'lib', 'log'))
const groupHelper = require(path.join(__appdir, 'lib', 'grouphelper'))
+// Permission check middleware
+router.all(['', '/:id'], async (req, res, next) => {
+ switch (req.method) {
+ case 'GET':
+ if (!await req.user.hasPermission('clients.view')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.view' })
+ break
+
+ case 'POST': case 'DELETE':
+ if (!await req.user.hasPermission('clients.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.edit' })
+ break
+
+ default:
+ return res.status(400).send()
+ }
+
+ next()
+})
+
// ############################################################################
// ########################### GET requests #################################