Further work, need to have a larger think about the API of this.

5 years ago · 39a16b93f8
3 changed files with 47 additions and 11 deletions
--- a/packages/server/src/api/controllers/permission.js
+++ b/packages/server/src/api/controllers/permission.js
@ -2,9 +2,34 @@ const {
  BUILTIN_PERMISSIONS,
  PermissionLevels,
 } = require("../../utilities/security/permissions")
+const { getRoleParams } = require("../../db/utils")
+const CouchDB = require("../../db")

-function updatePermissionOnRole(roleId, permissions, remove = false) {
+async function updatePermissionOnRole(
+  appId,
+  roleId,
+  permissions,
+  remove = false
+) {
+  const db = new CouchDB(appId)
+  const body = await db.allDocs(
+    getRoleParams(null, {
+      include_docs: true,
+    })
+  )
+  const dbRoles = body.rows.map(row => row.doc)
+  const docUpdates = []

+  // now try to find any roles which need updated, e.g. removing the
+  // resource from another role and then adding to the new role
+  for (let role of dbRoles) {
+    if (role.permissions) {
+      // TODO
+    }
+  }
+
+  // TODO: NEED TO WORK THIS PART OUT
+  return await db.bulkDocs(docUpdates)
 }

 exports.fetchBuiltin = function(ctx) {
@ -16,10 +41,15 @@ exports.fetchLevels = function(ctx) {
 }

 exports.addPermission = async function(ctx) {
-  const permissions = ctx.body.permissions, appId = ctx.appId
-  updatePermissionOnRole
+  const appId = ctx.appId,
+    roleId = ctx.params.roleId,
+    resourceId = ctx.params.resourceId
+  ctx.body = await updatePermissionOnRole(appId, roleId, resourceId)
 }

 exports.removePermission = async function(ctx) {
-  const permissions = ctx.body.permissions, appId = ctx.appId
+  const appId = ctx.appId,
+    roleId = ctx.params.roleId,
+    resourceId = ctx.params.resourceId
+  ctx.body = await updatePermissionOnRole(appId, roleId, resourceId, true)
 }
--- a/packages/server/src/api/routes/permission.js
+++ b/packages/server/src/api/routes/permission.js
@ -30,16 +30,14 @@ function generateRemoveValidator() {
 router
  .get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
  .get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
-  .patch(
-    "/api/permission/:roleId/add",
+  .post(
+    "/api/permission/:roleId/:resourceId",
    authorized(BUILDER),
-    generateAddValidator(),
    controller.addPermission
  )
-  .patch(
-    "/api/permission/:roleId/remove",
+  .delete(
+    "/api/permission/:roleId/:resourceId",
    authorized(BUILDER),
-    generateRemoveValidator(),
    controller.removePermission
  )

--- a/packages/server/src/api/routes/role.js
+++ b/packages/server/src/api/routes/role.js
@ -1,7 +1,10 @@
 const Router = require("@koa/router")
 const controller = require("../controllers/role")
 const authorized = require("../../middleware/authorized")
-const { BUILDER } = require("../../utilities/security/permissions")
+const {
+  BUILDER,
+  PermissionLevels,
+} = require("../../utilities/security/permissions")
 const Joi = require("joi")
 const joiValidator = require("../../middleware/joi-validator")
 const {
@ -11,12 +14,17 @@ const {
 const router = Router()

 function generateValidator() {
+  const permLevelArray = Object.values(PermissionLevels)
  // prettier-ignore
  return joiValidator.body(Joi.object({
    _id: Joi.string().optional(),
    _rev: Joi.string().optional(),
    name: Joi.string().required(),
+    // this is the base permission ID (for now a built in)
    permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
+    permissions: Joi.object()
+      .pattern(/.*/, [Joi.string().valid(...permLevelArray)])
+      .optional(),
    inherits: Joi.string().optional(),
  }).unknown(true))
 }