rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Added '/api/admin/permissions' post & ajax helper

Browse source
This commit is contained in:
rainbownapkin 2024-11-18 08:18:02 -05:00
parent 8c4d9693f5
commit bd24aae381
9 changed files with 172 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/controllers/api/admin/changeRankController.js
View file

@ -22,7 +22,7 @@ const {exceptionHandler} = require('../../../utils/loggerUtils');
const permissionModel = require('../../../schemas/permissionSchema');
const userModel = require('../../../schemas/userSchema');
//api account functions
//api change rank functions
module.exports.post = async function(req, res){
try{
const validResult = validationResult(req);

2
src/controllers/api/admin/listChannelsController.js
View file

@ -18,7 +18,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const channelModel = require('../../../schemas/channelSchema.js');
//api account functions
//api list channel functions
module.exports.get = async function(req, res){
try{
const chanGuide = await channelModel.getChannelList(true);

31
src/controllers/api/admin/listPermissionsController.js
View file

@ -1,31 +0,0 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//local imports
const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const permissionModel = require('../../../schemas/permissionSchema.js');
//api account functions
module.exports.get = async function(req, res){
try{
const perms = await permissionModel.getPerms();
res.status(200);
return res.send(perms);
}catch(err){
return exceptionHandler(res, err);
}
}

2
src/controllers/api/admin/listUsersController.js
View file

@ -18,7 +18,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const userModel = require('../../../schemas/userSchema');
//api account functions
//api list account functions
module.exports.get = async function(req, res){
try{
const userList = await userModel.getUserList(true);

85
src/controllers/api/admin/permissionsController.js Normal file
View file

@ -0,0 +1,85 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//npm imports
const {validationResult, matchedData} = require('express-validator');
//local imports
const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const permissionModel = require('../../../schemas/permissionSchema.js');
//api permissions functions
module.exports.get = async function(req, res){
try{
const perms = await permissionModel.getPerms();
res.status(200);
return res.send(perms);
}catch(err){
return exceptionHandler(res, err);
}
}
module.exports.post = async function(req, res){
try{
//check for validation errors
const validResult = validationResult(req);
//if none
if(validResult.isEmpty()){
//grab validated/sanatized data
const {permissionsMap} = matchedData(req);
const perms = await permissionModel.getPerms();
var permError = false;
//For each permission submitted
Object.keys(permissionsMap).forEach((perm) => {
//Check to make sure no one is jumping perms (this should be admins only, but just in-case)
//Setting a boolean inside of an if statement seems fucked, until you realize it won't set it back false on the next loop :P
if(permissionModel.rankToNum(perms[perm]) > permissionModel.rankToNum(req.session.user.rank) || permissionModel.rankToNum(permissionsMap[perm]) > permissionModel.rankToNum(req.session.user.rank)){
permError = true;
}
//Set permissions in the permissions model
perms[perm] = permissionsMap[perm];
});
//Flip our shit if something's wrong.
if(permError){
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be equal to or below that of the user changing it.", date: new Date()}]});
}
await perms.save();
//Cleanup return object
var returnObj = perms.toObject();
delete returnObj._id
delete returnObj.__v
//send successful response
res.status(200);
return res.send(returnObj);
//otherwise scream
}else{
res.status(400);
res.send({errors: validResult.array()})
}
}catch(err){
return exceptionHandler(res, err);
}
}