Updated A LOT
This commit is contained in:
@@ -1,8 +1,9 @@
|
||||
const express = require('express');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const { all, audit, now, one, run } = require('../db');
|
||||
const { requireRole } = require('../middleware/auth');
|
||||
const { isValidRole, roleCapabilities, rolePermissions, roles } = require('../services/accessControl');
|
||||
const { requireCapability } = require('../middleware/auth');
|
||||
const { CAPABILITIES } = require('../services/accessControl');
|
||||
const { createRole, deleteRole, listRoles, roleExists, updateRole } = require('../services/roles');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
@@ -17,15 +18,17 @@ function publicAdminUser(id) {
|
||||
}
|
||||
|
||||
function validateRole(role) {
|
||||
if (!isValidRole(role)) throw Object.assign(new Error('Invalid role'), { status: 400 });
|
||||
if (!roleExists(role)) throw Object.assign(new Error('Invalid role'), { status: 400 });
|
||||
}
|
||||
|
||||
router.get('/settings', requireRole('admin'), (req, res) => {
|
||||
router.get('/settings', requireCapability('admin.settings'), (req, res) => {
|
||||
const rows = all('SELECT * FROM app_settings ORDER BY key');
|
||||
res.json({ settings: Object.fromEntries(rows.map((row) => [row.key, row.value])) });
|
||||
const settings = Object.fromEntries(rows.map((row) => [row.key, row.value]));
|
||||
delete settings.smtp_password; // managed (masked) via the notifications settings endpoint
|
||||
res.json({ settings });
|
||||
});
|
||||
|
||||
router.put('/settings', requireRole('admin'), (req, res) => {
|
||||
router.put('/settings', requireCapability('admin.settings'), (req, res) => {
|
||||
for (const [key, value] of Object.entries(req.body.settings || req.body)) {
|
||||
run('INSERT INTO app_settings (key, value, updated_at) VALUES (?, ?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at', [
|
||||
key,
|
||||
@@ -37,11 +40,11 @@ router.put('/settings', requireRole('admin'), (req, res) => {
|
||||
res.json({ settings: Object.fromEntries(all('SELECT * FROM app_settings ORDER BY key').map((row) => [row.key, row.value])) });
|
||||
});
|
||||
|
||||
router.get('/users', requireRole('admin'), (req, res) => {
|
||||
router.get('/users', requireCapability('admin.users'), (req, res) => {
|
||||
res.json({ users: all(`${userSelect} ORDER BY u.name`) });
|
||||
});
|
||||
|
||||
router.post('/users', requireRole('admin'), (req, res) => {
|
||||
router.post('/users', requireCapability('admin.users'), (req, res) => {
|
||||
validateRole(req.body.role || 'viewer');
|
||||
if (req.body.status && !['active', 'inactive'].includes(req.body.status)) return res.status(400).json({ error: 'Invalid status' });
|
||||
const created = now();
|
||||
@@ -62,7 +65,7 @@ router.post('/users', requireRole('admin'), (req, res) => {
|
||||
res.status(201).json({ user: publicAdminUser(result.lastInsertRowid) });
|
||||
});
|
||||
|
||||
router.put('/users/:id', requireRole('admin'), (req, res) => {
|
||||
router.put('/users/:id', requireCapability('admin.users'), (req, res) => {
|
||||
const before = publicAdminUser(req.params.id);
|
||||
if (!before) return res.status(404).json({ error: 'User not found' });
|
||||
const nextRole = req.body.role || before.role;
|
||||
@@ -110,11 +113,11 @@ router.put('/users/:id', requireRole('admin'), (req, res) => {
|
||||
return res.json({ user });
|
||||
});
|
||||
|
||||
router.get('/teams', requireRole('admin'), (req, res) => {
|
||||
router.get('/teams', requireCapability('admin.users'), (req, res) => {
|
||||
res.json({ teams: all('SELECT * FROM teams ORDER BY name') });
|
||||
});
|
||||
|
||||
router.post('/teams', requireRole('admin'), (req, res) => {
|
||||
router.post('/teams', requireCapability('admin.users'), (req, res) => {
|
||||
const result = run('INSERT INTO teams (name, description, created_at) VALUES (?, ?, ?)', [
|
||||
req.body.name,
|
||||
req.body.description || null,
|
||||
@@ -124,8 +127,58 @@ router.post('/teams', requireRole('admin'), (req, res) => {
|
||||
res.status(201).json({ team: one('SELECT * FROM teams WHERE id = ?', [result.lastInsertRowid]) });
|
||||
});
|
||||
|
||||
router.get('/access-control', requireRole('admin'), (req, res) => {
|
||||
res.json({ roles, rolePermissions, roleCapabilities });
|
||||
router.put('/teams/:id', requireCapability('admin.users'), (req, res) => {
|
||||
const before = one('SELECT * FROM teams WHERE id = ?', [req.params.id]);
|
||||
if (!before) return res.status(404).json({ error: 'Team not found' });
|
||||
run('UPDATE teams SET name = ?, description = ? WHERE id = ?', [
|
||||
req.body.name || before.name,
|
||||
req.body.description ?? before.description,
|
||||
req.params.id
|
||||
]);
|
||||
audit(req.user.id, 'update', 'team', req.params.id, before, req.body);
|
||||
return res.json({ team: one('SELECT * FROM teams WHERE id = ?', [req.params.id]) });
|
||||
});
|
||||
|
||||
router.delete('/teams/:id', requireCapability('admin.users'), (req, res) => {
|
||||
const before = one('SELECT * FROM teams WHERE id = ?', [req.params.id]);
|
||||
if (!before) return res.status(404).json({ error: 'Team not found' });
|
||||
const memberCount = one('SELECT COUNT(*) AS count FROM users WHERE team_id = ?', [req.params.id]).count;
|
||||
if (memberCount) {
|
||||
return res.status(400).json({ error: `Reassign the ${memberCount} user(s) on this team before deleting it` });
|
||||
}
|
||||
run('DELETE FROM teams WHERE id = ?', [req.params.id]);
|
||||
audit(req.user.id, 'delete', 'team', req.params.id, before, null);
|
||||
return res.status(204).end();
|
||||
});
|
||||
|
||||
router.get('/access-control', requireCapability('admin.users'), (req, res) => {
|
||||
res.json({ roles: listRoles(), capabilities: CAPABILITIES });
|
||||
});
|
||||
|
||||
// ---- Roles (capability sets, custom roles allowed) --------------------------
|
||||
|
||||
router.get('/roles', requireCapability('admin.roles'), (req, res) => {
|
||||
res.json({ roles: listRoles(), capabilities: CAPABILITIES });
|
||||
});
|
||||
|
||||
router.post('/roles', requireCapability('admin.roles'), (req, res, next) => {
|
||||
try {
|
||||
res.status(201).json({ role: createRole(req.body, req.user.id) });
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
});
|
||||
|
||||
router.put('/roles/:key', requireCapability('admin.roles'), (req, res) => {
|
||||
const role = updateRole(req.params.key, req.body, req.user.id);
|
||||
if (!role) return res.status(404).json({ error: 'Role not found' });
|
||||
return res.json({ role });
|
||||
});
|
||||
|
||||
router.delete('/roles/:key', requireCapability('admin.roles'), (req, res) => {
|
||||
const result = deleteRole(req.params.key, req.user.id);
|
||||
if (!result.ok) return res.status(result.status).json({ error: result.error });
|
||||
return res.status(204).end();
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user