summaryrefslogtreecommitdiffstats
path: root/server/api/ipxeentries.js
blob: 53b373180d6f38ee23ad9b60fae4f6272d17ccb8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
const HttpResponse = require(path.join(__appdir, 'lib', 'httpresponse'))

// Permission check middleware
router.all(['', '/:x'], async (req, res, next) => {
  switch (req.method) {
    case 'GET':
      if (!await req.user.hasPermission('ipxeentries.view')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.view' })
      break

    case 'POST': case 'DELETE':
      if (!await req.user.hasPermission('ipxeentries.edit')) return res.status(403).send({ error: 'Missing permission', permission: 'ipxeentries.edit' })
      break

    default:
      return res.status(400).send()
  }

  next()
})

// ############################################################################
// ###########################  GET requests  #################################

router.getAsync('', async (req, res) => {
  const entries = await db.entry.findAll()
  res.status(200).send(entries)
})

router.getAsync('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const entry = await db.entry.findOne({ where: { id: req.params.id } })
  if (entry) res.status(200).send(entry)
  else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ##########################  POST requests  #################################

router.postAsync(['', '/:id'], async (req, res) => {
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    if (!Array.isArray(req.body.ids)) return HttpResponse.invalidBodyValue('ids', 'an array').send(res)
    const count = await db.entry.destroy({ where: { id: req.body.ids } })
    HttpResponse.successBatch('deleted', ['ipxe entry', 'ipxe entries'], count).send(res)
  } else {
    let entry
    let action = 'updated'
    if (req.params.id === undefined) {
      entry = await db.entry.create(req.body.data)
      action = 'created'
    } else if (req.params.id > 0) {
      entry = await db.entry.findOne({ where: { id: req.params.id } })
      if (!entry) return HttpResponse.notFound(req.params.id).send(res)
      else await entry.update(req.body.data)
    } else {
      return HttpResponse.invalidId().send(res)
    }
    HttpResponse.success(action, 'ipxe entry', entry.id).send(res)
  }
})

// ############################################################################
// ##########################  DELETE requests  ###############################

router.deleteAsync('/:id', async (req, res) => {
  if (!(req.params.id > 0)) return HttpResponse.invalidId().send(res)
  const count = await db.entry.destroy({ where: { id: req.params.id } })
  if (count) HttpResponse.success('deleted', ['ipxe entry', 'ipxe entries'], req.params.id).send(res)
  else HttpResponse.notFound(req.params.id).send(res)
})

// ############################################################################
// ############################################################################

module.exports.router = router