OpenServer/OpenAuth_server
1
1
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Adding API and adjusting admin view

Browse Source
This commit is contained in:
Fabian Stamm
2020-03-18 14:41:22 +01:00
parent 112a65378d
commit 315cbb6bf5
3 changed files with 180 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
src/api/admin/permission.ts
View File

@ -12,81 +12,100 @@ PermissionRoute.route("/")
/**
* @api {get} /admin/permission
* @apiName AdminGetPermissions
*
*
* @apiParam client Optionally filter by client _id
*
*
* @apiGroup admin_permission
* @apiPermission admin
*
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
*/
.get(promiseMiddleware(async (req, res) => {
let query = {};
if (req.query.client) {
query = { client: new ObjectID(req.query.client) }
}
let permission = await Permission.find(query);
res.json(permission);
}))
.get(
promiseMiddleware(async (req, res) => {
let query = {};
if (req.query.client) {
query = { client: new ObjectID(req.query.client) };
}
let permissions = await Permission.find(query);
res.json(permissions);
})
)
/**
* @api {post} /admin/permission
* @apiName AdminAddPermission
*
*
* @apiParam client The ID of the owning client
* @apiParam name Permission name
* @apiParam description A description, that makes it clear to the user, what this Permission allows to do
*
*
* @apiGroup admin_permission
* @apiPermission admin
*
*
* @apiSuccess {Object[]} permissions
* @apiSuccess {String} permissions._id The ID
* @apiSuccess {String} permissions.name Permission name
* @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
* @apiSuccess {String} permissions.client The ID of the owning client
* @apiSuccess {String} permissions.grant_type The type of the permission. "user" | "client" granted
*/
.post(verify({
client: {
type: Types.STRING
},
name: {
type: Types.STRING
},
description: {
type: Types.STRING
}
}, true), promiseMiddleware(async (req, res) => {
let client = await Client.findById(req.body.client);
if (!client) {
throw new RequestError("Client not found", HttpStatusCode.BAD_REQUEST);
}
let permission = Permission.new({
description: req.body.description,
name: req.body.name,
client: client._id
});
await Permission.save(permission);
res.json(permission);
}))
.post(
verify(
{
client: {
type: Types.STRING
},
name: {
type: Types.STRING
},
description: {
type: Types.STRING
},
type: {
type: Types.ENUM,
values: ["user", "client"]
}
},
true
),
promiseMiddleware(async (req, res) => {
let client = await Client.findById(req.body.client);
if (!client) {
throw new RequestError(
"Client not found",
HttpStatusCode.BAD_REQUEST
);
}
let permission = Permission.new({
description: req.body.description,
name: req.body.name,
client: client._id,
grant_type: req.body.type
});
await Permission.save(permission);
res.json(permission);
})
)
/**
* @api {delete} /admin/permission
* @apiName AdminDeletePermission
*
*
* @apiParam id The permission ID
*
*
* @apiGroup admin_permission
* @apiPermission admin
*
*
* @apiSuccess {Boolean} success
*/
.delete(promiseMiddleware(async (req, res) => {
let { id } = req.query;
await Permission.delete(id);
res.json({ success: true });
}));
.delete(
promiseMiddleware(async (req, res) => {
let { id } = req.query;
await Permission.delete(id);
res.json({ success: true });
})
);
export default PermissionRoute;
export default PermissionRoute;