From 12c2d252cf76c45bb8a2b457812540400465de3b Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Mon, 8 Jun 2020 00:31:55 +0000 Subject: [server] PM integration in all missing api-points but groups --- server/api/clients.js | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'server/api/clients.js') diff --git a/server/api/clients.js b/server/api/clients.js index 4222f49..1a5c274 100644 --- a/server/api/clients.js +++ b/server/api/clients.js @@ -10,6 +10,24 @@ const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const log = require(path.join(__appdir, 'lib', 'log')) const groupHelper = require(path.join(__appdir, 'lib', 'grouphelper')) +// Permission check middleware +router.all(['', '/:id'], async (req, res, next) => { + switch (req.method) { + case 'GET': + if (!await req.user.hasPermission('clients.view')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.view' }) + break + + case 'POST': case 'DELETE': + if (!await req.user.hasPermission('clients.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'clients.edit' }) + break + + default: + return res.status(400).send() + } + + next() +}) + // ############################################################################ // ########################### GET requests ################################# -- cgit v1.2.3-55-g7522