From b0e0665fe2cefb7cfe69d73b338437e03f0b59de Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Thu, 2 Jul 2020 20:04:27 +0000 Subject: [permissionmanager] frontend use own getChilds function --- server/api/events.js | 11 +++++------ server/api/roles.js | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 6 deletions(-) (limited to 'server') diff --git a/server/api/events.js b/server/api/events.js index 310a64a..4fcbda9 100644 --- a/server/api/events.js +++ b/server/api/events.js @@ -19,8 +19,8 @@ router.all(['', '/:x'], async (req, res, next) => { break case 'POST': - // TODO: REMOVE blacklist free pass IF PM uses own blacklist function --> HELPER LIB?! - if (req.params.x === 'blacklist') break + // TODO: Add Group-Permission check + if (req.params.x === 'getChilds') break if (!await req.user.hasPermission('events.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'events.edit' }) break @@ -58,12 +58,11 @@ router.getAsync('', async (req, res) => { /* * @return: Returns a list of all childs of the given groups - * Is also used by the PermissionManager Frontend to get it's blacklist childs */ -router.postAsync('/blacklist', async (req, res) => { +router.postAsync('/getChilds', async (req, res) => { if (req.body.groups) { - var blacklist = await groupHelper.getAllChildren(req.body.groups) - res.send(blacklist) + var childs = await groupHelper.getAllChildren(req.body.groups) + res.send(childs) } else res.status(404).end() }) diff --git a/server/api/roles.js b/server/api/roles.js index ba1c2a2..d98811a 100644 --- a/server/api/roles.js +++ b/server/api/roles.js @@ -1,6 +1,7 @@ /* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) +var groupHelper = require(path.join(__appdir, 'lib', 'grouphelper')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) @@ -15,6 +16,9 @@ router.all(['', '/:x'], async (req, res, next) => { break case 'POST': + // TODO: Add Group-Permission check + if (req.params.x === 'getChilds') break + if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' }) break @@ -165,4 +169,14 @@ router.postAsync(['', '/:id'], async (req, res) => { } }) +/* + * @return: Returns a list of all childs of the given groups + */ +router.postAsync('/getChilds', async (req, res) => { + if (req.body.groups) { + var childs = await groupHelper.getAllChildren(req.body.groups) + res.send(childs) + } else res.status(404).end() +}) + module.exports.router = router -- cgit v1.2.3-55-g7522