/* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) // Permission check middleware router.all(['', '/:x'], async (req, res, next) => { switch (req.method) { case 'GET': if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' }) break case 'POST': case 'DELETE': if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' }) break default: return res.status(400).send() } next() }) // ############################################################################ // ########################### GET requests ################################# router.getAsync('', async (req, res) => { const entries = await db.entry.findAll() res.status(200).send(entries) }) router.getAsync('/:id', async (req, res) => { if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res) const entry = await db.entry.findOne({ where: { id: req.params.id } }) if (entry) res.status(200).send(entry) else HttpResponse.notFound(req.params.id).send(res) }) // ############################################################################ // ########################## POST requests ################################# router.postAsync(['', '/:id'], async (req, res) => { if (req.query.delete !== undefined && req.query.delete !== 'false') { if (!Array.isArray(req.body.ids)) return HttpResponse.invalidBodyValue('ids', 'an array').send(res) const count = await db.entry.destroy({ where: { id: req.body.ids } }) HttpResponse.successBatch('deleted', ['ipxe entry', 'ipxe entries'], count).send(res) } else { let entry let action = 'updated' if (req.params.id === undefined) { entry = await db.entry.create(req.body.data) action = 'created' } else if (req.params.id > 0) { entry = await db.entry.findOne({ where: { id: req.params.id } }) if (!entry) return HttpResponse.notFound(req.params.id).send(res) else await entry.update(req.body.data) } else { return HttpResponse.invalidId().send(res) } HttpResponse.success(action, 'ipxe entry', entry.id).send(res) } }) // ############################################################################ // ########################## DELETE requests ############################### router.deleteAsync('/:id', async (req, res) => { if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res) const count = await db.entry.destroy({ where: { id: req.params.id } }) if (count) HttpResponse.success('deleted', ['ipxe entry', 'ipxe entries'], req.params.id).send(res) else HttpResponse.notFound(req.params.id).send(res) }) // ############################################################################ // ############################################################################ module.exports.router = router