/* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) // Permission check middleware router.all(['', '/:x'], async (req, res, next) => { switch (req.method) { case 'GET': if (!await req.user.hasPermission('permissions.view')) return res.status(403).send({ error: 'Missing permission', permission: 'permissions.view' }) break default: return res.status(400).send() } next() }) /* * @return: Returns if current user has given permission. */ router.getAsync('/:name', async (req, res) => { var result = await req.user.hasPermission(req.params.name) res.status(200).send(result) }) /* * @return: Returns a list of all permissions in the database. */ router.getAsync('', async (req, res) => { var permissions = await db.permission.findAll() res.status(200).send(permissions) }) module.exports.router = router