/* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var groupHelper = require(path.join(__appdir, 'lib', 'grouphelper')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse')) const log = require(path.join(__appdir, 'lib', 'log')) // Permission check middleware router.all(['', '/:x'], async (req, res, next) => { switch (req.method) { case 'GET': if (!await req.user.hasPermission('roles.view')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.view' }) break case 'POST': // TODO: Add Group-Permission check if (req.params.x === 'getChilds') break if (!await req.user.hasPermission('roles.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'roles.edit' }) break default: return res.status(400).send() } next() }) /* * / * * @return: Returns the information about a role and it's permissions and groups. */ router.getAsync('/:id', async (req, res) => { // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() var role = await db.role.findOne({ where: { id: req.params.id }, include: ['permissions', 'groups'] }) if (role) res.send(role) else res.status(404).end() }) /* * @return: Returns a list of all roles in the database. */ router.getAsync('', async (req, res) => { // if (!await req.user.hasPermission('permissions.*')) return res.status(403).end() var roles = await db.role.findAll({ include: ['permissions', 'groups'] }) if (roles) res.status(200).send(roles) else res.status(404).end() }) /* * name: * descr: * permissions: * groups: , * blacklist: * * Creates, updates or deletes a role. * */ router.postAsync(['', '/:id'], async (req, res) => { // if (!await req.user.hasPermission('permissions.editrole')) return res.status(403).end() // ?delete Delete the roles if (req.query.delete !== undefined && req.query.delete !== 'false') { const user = await db.user.findOne({ where: { id: req.user.id } }) // Only need to log batch request if there is more than one event to delete. if (req.body.ids.length > 1) { await log({ category: 'ROLE_BATCH_DELETE', description: 'Role batch deletion of ' + req.body.ids.length + ' roles initiated by user.', user, userId: req.user.id }) } let deletionCounter = 0 // Delete every event on its own, to get a better log for (let index in req.body.ids) { const role = await db.role.findOne({ where: { id: req.body.ids[index] } }) const count = await db.role.destroy({ where: { id: req.body.ids[index] } }) if (count !== 1) { await log({ category: 'ERROR_ROLE_DELETE', description: '[' + role.id + '] ' + role.name + ': Role could not be deleted.\n' + 'ID: ' + role.id + '\n' + 'Name: ' + role.name + '\n' + 'Description: ' + role.descr + '\n', user, userId: req.user.id }) } else { await log({ category: 'ROLE_DELETE', description: '[' + role.id + '] ' + role.name + ': Role successfully deleted.\n' + 'ID: ' + role.id + '\n' + 'Name: ' + role.name + '\n' + 'Description: ' + role.descr + '\n', user, userId: req.user.id }) deletionCounter++ } } if (req.body.ids.length > 1) { log({ category: 'ROLE_BATCH_DELETE', description: deletionCounter + '/' + req.body.ids.length + ' roles successfully deleted.', user, userId: req.user.id }) } HttpResponse.successBatch('deleted', 'role', deletionCounter).send(res) // res.status(200).send('success') } else { var promises = [] var roleDb if (req.params.id === undefined) { // Create new role roleDb = await db.role.create({ name: req.body.name, descr: req.body.description }) promises.push(roleDb.addPermissions(req.body.permissions)) promises.push(roleDb.addGroups(req.body.groups, { through: { blacklist: 0 } })) promises.push(roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } })) await Promise.all(promises) log({ category: 'ROLE_CREATE', description: '[' + roleDb.id + '] ' + roleDb.name + ': Event successfully created.\n' + 'ID: ' + roleDb.id + '\n' + 'Name: ' + roleDb.name + '\n' + 'Description: ' + roleDb.descr + '\n' + 'Permissions: ' + req.body.permissions + '\n' + 'Groups: ' + req.body.groups + '\n' + 'Blacklist: ' + req.body.blacklist, userId: req.user.id }) res.send({ id: req.body.id }) } else if (req.params.id > 0) { // Update existing role roleDb = await db.role.findOne({ where: { id: req.params.id } }) if (roleDb !== null) { await roleDb.update({ name: req.body.name, descr: req.body.description }) await roleDb.setPermissions(req.body.permissions) await roleDb.setGroups(req.body.groups, { through: { blacklist: 0 } }) await roleDb.addGroups(req.body.blacklist, { through: { blacklist: 1 } }) log({ category: 'ROLE_EDIT', description: '[' + roleDb.id + '] ' + roleDb.name + ': Role successfully edited.\n' + 'ID: ' + roleDb.id + '\n' + 'Name: ' + roleDb.name + '\n' + 'Description: ' + roleDb.descr + '\n' + 'Permissions: ' + req.body.permissions + '\n' + 'Groups: ' + req.body.groups + '\n' + 'Blacklist: ' + req.body.blacklist, userId: req.user.id }) res.send({ id: req.params.id }) } else { res.status(404).end() } } } }) /* * @return: Returns a list of all childs of the given groups */ router.postAsync('/getChilds', async (req, res) => { if (req.body.groups) { var childs = await groupHelper.getAllChildren(req.body.groups) res.send(childs) } else res.status(404).end() }) module.exports.router = router