Started implementing the roles permissions
This commit is contained in:
Tiago Ribeiro
@@ -2,9 +2,12 @@
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
||||
import {deleteEntity, getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { getUser } from "@/utils/users.be";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
@@ -16,10 +19,8 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id, showRoles} = req.query as {id: string; showRoles: string};
|
||||
|
||||
@@ -27,15 +28,27 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
res.status(200).json(entity);
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
const entity = await getEntityWithRoles(id)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "delete_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
await deleteEntity(entity)
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
const user = req.session.user;
|
||||
if (!user.entities.map((x) => x.id).includes(id)) {
|
||||
return res.status(403).json({ok: false});
|
||||
}
|
||||
|
||||
@@ -6,9 +6,10 @@ import { getEntities, getEntitiesWithRoles } from "@/utils/entities.be";
|
||||
import { Entity, WithEntities, WithEntity, WithLabeledEntities } from "@/interfaces/entity";
|
||||
import { v4 } from "uuid";
|
||||
import { mapBy } from "@/utils";
|
||||
import { getEntitiesUsers, getUsers } from "@/utils/users.be";
|
||||
import { getEntitiesUsers, getUser, getUsers } from "@/utils/users.be";
|
||||
import { Group, User } from "@/interfaces/user";
|
||||
import { getGroups, getGroupsByEntities } from "@/utils/groups.be";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
@@ -17,12 +18,8 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
|
||||
const user = req.session.user;
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const groups: WithEntity<Group>[] = ["admin", "developer"].includes(user.type)
|
||||
? await getGroups()
|
||||
|
||||
@@ -2,9 +2,10 @@
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
|
||||
import {createEntity, getEntities, getEntitiesWithRoles} from "@/utils/entities.be";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import {v4} from "uuid";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
@@ -14,12 +15,9 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const user = req.session.user;
|
||||
const {showRoles} = req.query as {showRoles: string};
|
||||
|
||||
const getFn = showRoles ? getEntitiesWithRoles : getEntities;
|
||||
@@ -29,12 +27,9 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false});
|
||||
return;
|
||||
}
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const user = req.session.user;
|
||||
if (!["admin", "developer"].includes(user.type)) {
|
||||
return res.status(403).json({ok: false});
|
||||
}
|
||||
@@ -44,5 +39,6 @@ async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
label: req.body.label,
|
||||
};
|
||||
|
||||
await createEntity(entity)
|
||||
return res.status(200).json(entity);
|
||||
}
|
||||
|
||||
@@ -3,11 +3,13 @@ import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { withIronSessionApiRoute } from "iron-session/next";
|
||||
import { sessionOptions } from "@/lib/session";
|
||||
import { getEntities, getEntitiesWithRoles } from "@/utils/entities.be";
|
||||
import { Entity, WithEntities, WithLabeledEntities } from "@/interfaces/entity";
|
||||
import { Entity, EntityWithRoles, WithEntities, WithLabeledEntities } from "@/interfaces/entity";
|
||||
import { v4 } from "uuid";
|
||||
import { mapBy } from "@/utils";
|
||||
import { getEntitiesUsers, getUsers } from "@/utils/users.be";
|
||||
import { getEntitiesUsers, getUser, getUsers } from "@/utils/users.be";
|
||||
import { User } from "@/interfaces/user";
|
||||
import { findAllowedEntities } from "@/utils/permissions";
|
||||
import { RolePermission } from "@/resources/entityPermissions";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
@@ -15,33 +17,47 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ ok: false });
|
||||
return;
|
||||
}
|
||||
const labelUserEntity = (u: User, entities: EntityWithRoles[]) => ({
|
||||
...u, entities: (u.entities || []).map((e) => {
|
||||
const entity = entities.find((x) => x.id === e.id)
|
||||
if (!entity) return e
|
||||
|
||||
const user = req.session.user;
|
||||
const role = entity.roles.find((x) => x.id === e.role)
|
||||
return { id: e.id, label: entity.label, role: e.role, roleLabel: role?.label }
|
||||
})
|
||||
})
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) return res.status(401).json({ ok: false });
|
||||
|
||||
const user = await getUser(req.session.user.id)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { type } = req.query as { type: string }
|
||||
const entities = await getEntitiesWithRoles(mapBy(user.entities || [], 'id'))
|
||||
|
||||
const entityIDs = mapBy(user.entities || [], 'id')
|
||||
const entities = await getEntitiesWithRoles(entityIDs)
|
||||
|
||||
const isAdmin = ["admin", "developer"].includes(user.type)
|
||||
|
||||
const filter = !type ? undefined : { type }
|
||||
const users = ["admin", "developer"].includes(user.type)
|
||||
const users = isAdmin
|
||||
? await getUsers(filter)
|
||||
: await getEntitiesUsers(mapBy(entities, 'id') as string[], filter)
|
||||
|
||||
const usersWithEntities: WithLabeledEntities<User>[] = users.map((u) => {
|
||||
return {
|
||||
...u, entities: (u.entities || []).map((e) => {
|
||||
const entity = entities.find((x) => x.id === e.id)
|
||||
if (!entity) return e
|
||||
const filteredUsers = users.map((u) => {
|
||||
if (isAdmin) return labelUserEntity(u, entities)
|
||||
if (!isAdmin && ["admin", "developer", "agent"].includes(user.type)) return undefined
|
||||
|
||||
const role = entity.roles.find((x) => x.id === e.role)
|
||||
return { id: e.id, label: entity.label, role: e.role, roleLabel: role?.label }
|
||||
})
|
||||
}
|
||||
})
|
||||
const userEntities = mapBy(u.entities || [], 'id')
|
||||
const sameEntities = entities.filter(e => userEntities.includes(e.id))
|
||||
|
||||
res.status(200).json(usersWithEntities);
|
||||
const permission = `view_${u.type}s` as RolePermission
|
||||
const allowedEntities = findAllowedEntities(user, sameEntities, permission)
|
||||
|
||||
if (allowedEntities.length === 0) return undefined
|
||||
return labelUserEntity(u, allowedEntities)
|
||||
}).filter(x => !!x) as WithLabeledEntities<User>[]
|
||||
|
||||
res.status(200).json(filteredUsers);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user