summaryrefslogtreecommitdiffstats
path: root/server/api/permissions.js
blob: ca943a25efa0abcdc02c0b515816ec429da223d6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())

// Permission check middleware
router.all(['', '/:x'], async (req, res, next) => {
  switch (req.method) {
    case 'GET':
      if (!await req.user.hasPermission('permissions.view')) return res.status(403).send({ error: 'Missing permission', permission: 'permissions.view' })
      break

    default:
      return res.status(400).send()
  }

  next()
})

/*
  * @return: Returns if current user has given permission.
  */
router.getAsync('/:name', async (req, res) => {
  var result = await req.user.hasPermission(req.params.name)
  res.status(200).send(result)
})

/*
   * @return: Returns a list of all permissions in the database.
   */
router.getAsync('', async (req, res) => {
  var permissions = await db.permission.findAll()
  res.status(200).send(permissions)
})

module.exports.router = router