2020-03-18 13:41:22 +00:00
import { Request , Response } from "express" ;
import Stacker from "../middlewares/stacker" ;
import {
ClientAuthMiddleware ,
2020-08-07 14:16:39 +00:00
GetClientAuthMiddleware ,
2020-03-18 13:41:22 +00:00
} from "../middlewares/client" ;
import Permission from "../../models/permissions" ;
import User from "../../models/user" ;
import RequestError , { HttpStatusCode } from "../../helper/request_error" ;
import Grant from "../../models/grants" ;
import { ObjectID } from "mongodb" ;
export const GetPermissions = Stacker (
GetClientAuthMiddleware ( true ) ,
async ( req : Request , res : Response ) = > {
const { user , permission } = req . query ;
let permissions : { id : string ; name : string ; description : string } [ ] ;
let users : string [ ] ;
if ( user ) {
const grant = await Grant . findOne ( {
client : req.client._id ,
2020-08-07 14:16:39 +00:00
user : user ,
2020-03-18 13:41:22 +00:00
} ) ;
permissions = await Promise . all (
2020-08-07 14:16:39 +00:00
grant . permissions . map ( ( perm ) = > Permission . findById ( perm ) )
) . then ( ( res ) = >
2020-03-18 13:41:22 +00:00
res
2020-08-07 14:16:39 +00:00
. filter ( ( e ) = > e . grant_type === "client" )
. map ( ( e ) = > {
2020-03-18 13:41:22 +00:00
return {
id : e._id.toHexString ( ) ,
name : e.name ,
2020-08-07 14:16:39 +00:00
description : e.description ,
2020-03-18 13:41:22 +00:00
} ;
} )
) ;
}
if ( permission ) {
const grants = await Grant . find ( {
client : req.client._id ,
2020-08-07 14:16:39 +00:00
permissions : new ObjectID ( permission ) ,
2020-03-18 13:41:22 +00:00
} ) ;
2020-08-07 14:16:39 +00:00
users = grants . map ( ( grant ) = > grant . user . toHexString ( ) ) ;
2020-03-18 13:41:22 +00:00
}
res . json ( { permissions , users } ) ;
}
) ;
export const PostPermissions = Stacker (
GetClientAuthMiddleware ( true ) ,
async ( req : Request , res : Response ) = > {
const { permission , uid } = req . body ;
const user = await User . findOne ( { uid } ) ;
if ( ! user ) {
throw new RequestError ( "User not found!" , HttpStatusCode . BAD_REQUEST ) ;
}
const permissionDoc = await Permission . findById ( permission ) ;
if ( ! permissionDoc || ! permissionDoc . client . equals ( req . client . _id ) ) {
throw new RequestError (
"Permission not found!" ,
HttpStatusCode . BAD_REQUEST
) ;
}
let grant = await Grant . findOne ( {
client : req.client._id ,
2020-08-07 14:16:39 +00:00
user : req.user._id ,
2020-03-18 13:41:22 +00:00
} ) ;
if ( ! grant ) {
grant = Grant . new ( {
client : req.client._id ,
user : req.user._id ,
2020-08-07 14:16:39 +00:00
permissions : [ ] ,
2020-03-18 13:41:22 +00:00
} ) ;
}
//TODO: Fix clients getting user data without consent, when a grant is created and no additional permissions are requested, since for now, it is only checked for grant existance to make client access user data
if ( grant . permissions . indexOf ( permission ) < 0 )
grant . permissions . push ( permission ) ;
await Grant . save ( grant ) ;
res . json ( {
2020-08-07 14:16:39 +00:00
success : true ,
2020-03-18 13:41:22 +00:00
} ) ;
}
) ;