From 6d83a227b052837bee36a08503a042b90e5cf1cb Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Mon, 20 May 2019 01:56:40 +0000 Subject: [permissionmanager] frontend rework - bulk call for loading childs of groups - change submit to save/create - reload site after role changes - skip blacklist when no groups selected - performance improvements - new dialog system --- server/api/roles.js | 19 ++++++++++--------- server/api/users.js | 15 ++++++++------- 2 files changed, 18 insertions(+), 16 deletions(-) (limited to 'server/api') diff --git a/server/api/roles.js b/server/api/roles.js index 4d75bfb..e9ccf2c 100644 --- a/server/api/roles.js +++ b/server/api/roles.js @@ -11,9 +11,10 @@ var router = decorateApp(express.Router()) * @return: Returns the information about a role and it's permissions and groups. */ router.getAsync('/:id', async (req, res) => { - if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() + // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] }) + console.log(role) if (role) res.send(role) else res.status(404).end() }) @@ -22,14 +23,14 @@ router.getAsync('/:id', async (req, res) => { * @return: Returns a list of all roles in the database. */ router.getAsync('', async (req, res) => { - if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() + // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() - var roles = await db.role.findAll({ attributes: ['id', 'name', 'descr'] }) - res.status(200).send(roles) + var roles = await db.role.findAll({ include: ['permissions', 'groups'] }) + if (roles) res.status(200).send(roles) + else res.status(404).end() }) /* - * id: * name: * descr: * permissions: @@ -40,7 +41,7 @@ router.getAsync('', async (req, res) => { * */ router.postAsync(['', '/:id'], async (req, res) => { - if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end() + // if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end() // ?delete Delete the roles if (req.query.delete !== undefined && req.query.delete !== 'false') { @@ -51,17 +52,17 @@ router.postAsync(['', '/:id'], async (req, res) => { var roleDb if (req.params.id === undefined) { // Create new role - roleDb = await db.role.create({ name: req.body.name, descr: req.body.descr }) + roleDb = await db.role.create({ name: req.body.name, descr: req.body.description }) promises.push(roleDb.addPermissions(req.body.permissions)) promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } })) promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } })) await Promise.all(promises) res.send({ id: req.body.id }) - } else { + } else if (req.params.id > 0) { // Update existing role roleDb = await db.role.findOne({ where: { id: req.params.id } }) if (roleDb !== null) { - promises.push(roleDb.update({ name: req.body.name, descr: req.body.descr })) + promises.push(roleDb.update({ name: req.body.name, descr: req.body.description })) promises.push(roleDb.setPermissions(req.body.permissions)) promises.push(roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } })) promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } })) diff --git a/server/api/users.js b/server/api/users.js index 744ffc6..33ad3d3 100644 --- a/server/api/users.js +++ b/server/api/users.js @@ -34,16 +34,17 @@ router.getAsync('/:id', async (req, res) => { // ########################## POST requests ################################# // Post request for adding roles to users. -router.postAsync('/:id/roles', async (req, res) => { - if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end() +router.postAsync('/roles', async (req, res) => { + // if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end() - const id = req.params.id === 'current' ? req.user.id : req.params.id - const user = await db.user.findOne({ where: { id } }) - if (user) { + const userIds = req.body.users + const roleIds = req.body.roles + const users = await db.user.findAll({ where: { id: userIds } }) + if (users) { if (req.query.delete !== undefined && req.query.delete !== 'false') { - await user.removeRoles(req.body.ids) + users.forEach(user => { user.removeRoles(roleIds) }) } else { - await user.addRoles(req.body.ids) + users.forEach(user => { user.addRoles(roleIds) }) } res.status(200).end() } else { -- cgit v1.2.3-55-g7522