-
Notifications
You must be signed in to change notification settings - Fork 6
/
permission.js
113 lines (108 loc) · 3.48 KB
/
permission.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/**
* Api permission routes
*/
const Joi = require('@hapi/joi');
const AuthCtrl = require('modules/authorization/controllers/authorization');
const PermissionCtrl = require('modules/authorization/controllers/permission');
const Permission = require('models/authorization/permission');
const Resource = require('models/authorization/resource');
const Resources = require('enums/resources');
const Actions = require('enums/actions');
// GET /permission
exports.list = {
description: 'List available permissions',
pre: [AuthCtrl.authorize(Resources.PERMISSION, Actions.LIST)],
handler: PermissionCtrl.list,
validate: {
query: Joi.object({
limit: Joi.number()
.integer()
.min(1)
.max(100)
.description('The limit of permissions to get'),
page: Joi.number()
.integer()
.positive()
.description('The page to get the permissions from'),
search: Joi.string().description('The search criteria'),
sort: Joi.string().description('The sorting order')
})
}
};
// GET /permission/{id}
exports.get = {
description: 'Get permission by ID',
pre: [AuthCtrl.authorize(Resources.PERMISSION)],
handler: PermissionCtrl.get,
validate: {
params: Joi.object({
id: Joi.number()
.integer()
.positive()
.required()
.description('The ID of the permission')
})
}
};
// POST /permission
exports.create = {
description: 'Adds a new permission',
pre: [AuthCtrl.authorize(Resources.PERMISSION)],
handler: PermissionCtrl.create,
validate: {
payload: Joi.object({
action: Joi.string()
.valid(...Object.values(Actions))
.required()
.description('The action associated with the permission'),
resource: Joi.string()
.min(Resource.NAME_MIN_LENGTH)
.max(Resource.NAME_MAX_LENGTH)
.required()
.description('The resource the permission refers to'),
description: Joi.string()
.max(Permission.DESCRIPTION_MAX_LENGTH)
.required()
.description('The description of the permission')
})
}
};
// DELETE /permission/{id}
exports.delete = {
description: 'Delete an existing permission',
pre: [AuthCtrl.authorize(Resources.PERMISSION)],
handler: PermissionCtrl.delete,
validate: {
params: Joi.object({
id: Joi.number()
.integer()
.positive()
.required()
.description('The ID of the permission')
})
}
};
// PUT /permission/{id}
exports.update = {
description: 'Update an existing permission',
pre: [AuthCtrl.authorize(Resources.PERMISSION)],
handler: PermissionCtrl.update,
validate: {
params: Joi.object({
id: Joi.number()
.integer()
.positive()
.required()
.description('The id of the permission')
}),
payload: Joi.object({
id: Joi.forbidden(),
action: Joi.forbidden(),
resource: Joi.forbidden(),
description: Joi.string()
.max(Permission.DESCRIPTION_MAX_LENGTH)
.required()
.description('The description of the permission')
})
}
};