budibase/packages/server/src/api/routes/permission.js

45 lines
1.2 KiB
JavaScript
Raw Normal View History

const Router = require("@koa/router")
const controller = require("../controllers/permission")
const authorized = require("../../middleware/authorized")
2021-02-05 16:58:25 +01:00
const {
BUILDER,
PermissionLevels,
} = require("../../utilities/security/permissions")
const Joi = require("joi")
const joiValidator = require("../../middleware/joi-validator")
const router = Router()
2021-02-05 16:58:25 +01:00
function generateAddValidator() {
const permLevelArray = Object.values(PermissionLevels)
// prettier-ignore
return joiValidator.body(Joi.object({
permissions: Joi.object()
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
.required()
}).unknown(true))
}
function generateRemoveValidator() {
// prettier-ignore
return joiValidator.body(Joi.object({
permissions: Joi.array().items(Joi.string())
}).unknown(true))
}
router
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
.get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
.post(
"/api/permission/:roleId/:resourceId",
2021-02-05 16:58:25 +01:00
authorized(BUILDER),
controller.addPermission
)
.delete(
"/api/permission/:roleId/:resourceId",
2021-02-05 16:58:25 +01:00
authorized(BUILDER),
controller.removePermission
)
module.exports = router