Started implementing the roles permissions
This commit is contained in:
Tiago Ribeiro
79
src/pages/api/roles/[id]/index.ts
Normal file
79
src/pages/api/roles/[id]/index.ts
Normal file
@@ -0,0 +1,79 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { deleteRole, getRole, transferRole } from "@/utils/roles.be";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { findBy } from "@/utils";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
if (req.method === "PATCH") return await patch(req, res);
|
||||
if (req.method === "DELETE") return await del(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {id} = req.query as {id: string};
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
res.status(200).json(role);
|
||||
}
|
||||
|
||||
async function del(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
if (role.isDefault) return res.status(403).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "delete_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const defaultRole = findBy(entity.roles, 'isDefault', true)!
|
||||
|
||||
await transferRole(role.id, defaultRole.id)
|
||||
await deleteRole(role.id)
|
||||
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
|
||||
async function patch(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
const {label, permissions} = req.body as {label?: string, permissions?: string}
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "rename_entity_role") && !!label) return res.status(403).json({ok: false})
|
||||
if (!doesEntityAllow(user, entity, "edit_role_permissions") && !!permissions) return res.status(403).json({ok: false})
|
||||
|
||||
if (!!label) await db.collection<Entity>("roles").updateOne({ id }, { $set: {label} });
|
||||
if (!!permissions) await db.collection<Entity>("roles").updateOne({ id }, { $set: {permissions} });
|
||||
|
||||
return res.status(200).json({ok: true});
|
||||
}
|
||||
40
src/pages/api/roles/[id]/users.ts
Normal file
40
src/pages/api/roles/[id]/users.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntityWithRoles} from "@/utils/entities.be";
|
||||
import client from "@/lib/mongodb";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import { assignRoleToUsers, deleteRole, getRole, transferRole } from "@/utils/roles.be";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { findBy } from "@/utils";
|
||||
import { getUser } from "@/utils/users.be";
|
||||
|
||||
const db = client.db(process.env.MONGODB_DB);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "POST") return await post(req, res);
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) return res.status(401).json({ ok: false })
|
||||
|
||||
const user = await getUser(req.session.user.id);
|
||||
if (!user) return res.status(401).json({ ok: false })
|
||||
|
||||
const { id } = req.query as { id: string };
|
||||
const {users} = req.body as {users: string[]}
|
||||
|
||||
const role = await getRole(id)
|
||||
if (!role) return res.status(404).json({ok: false})
|
||||
|
||||
const entity = await getEntityWithRoles(role.entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "assign_to_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const result = await assignRoleToUsers(users, entity.id, role.id)
|
||||
return res.status(200).json({ok: result.acknowledged});
|
||||
}
|
||||
50
src/pages/api/roles/index.ts
Normal file
50
src/pages/api/roles/index.ts
Normal file
@@ -0,0 +1,50 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {getEntities, getEntitiesWithRoles, getEntity, getEntityWithRoles} from "@/utils/entities.be";
|
||||
import {Entity} from "@/interfaces/entity";
|
||||
import {v4} from "uuid";
|
||||
import { createRole, getRoles, getRolesByEntity } from "@/utils/roles.be";
|
||||
import { mapBy } from "@/utils";
|
||||
import { RolePermission } from "@/resources/entityPermissions";
|
||||
import { doesEntityAllow } from "@/utils/permissions";
|
||||
import { User } from "@/interfaces/user";
|
||||
import { requestUser } from "@/utils/api";
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (req.method === "GET") return await get(req, res);
|
||||
if (req.method === "POST") return await post(req, res);
|
||||
}
|
||||
|
||||
async function get(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
if (["admin", "developer"].includes(user.type)) return res.status(200).json(await getRoles());
|
||||
res.status(200).json(await getRoles(mapBy(user.entities, 'role')));
|
||||
}
|
||||
|
||||
async function post(req: NextApiRequest, res: NextApiResponse) {
|
||||
const user = await requestUser(req, res)
|
||||
if (!user) return res.status(401).json({ ok: false });
|
||||
|
||||
const {entityID, label, permissions} = req.body as {entityID: string, label: string, permissions: RolePermission[]}
|
||||
|
||||
const entity = await getEntityWithRoles(entityID)
|
||||
if (!entity) return res.status(404).json({ok: false})
|
||||
|
||||
if (!doesEntityAllow(user, entity, "create_entity_role")) return res.status(403).json({ok: false})
|
||||
|
||||
const role = {
|
||||
id: v4(),
|
||||
entityID,
|
||||
label,
|
||||
permissions
|
||||
}
|
||||
|
||||
await createRole(role)
|
||||
return res.status(200).json(role);
|
||||
}
|
||||
Reference in New Issue
Block a user