Merge pull request #49 from domapic/release-1.0.0-beta.1

Release 1.0.0 beta.1

CHANGELOG.md

@@ -10,6 +10,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 ### Fixed
 ### Removed
 
+## [1.0.0-beta.1] - 2019-01-08
+### Added
+- Add DELETE method to servicePluginConfigs api
+- Add DELETE method to services api
+- Add PATCH and DELETE methods to users api
+
+### Changed
+- Upgrade mongoose version
+
 ## [1.0.0-alpha.14] - 2019-01-06
 ### Added
 - Add anonymous default user, which will be used as logged user for requests with authentication disabled. When this user is logged in, services and abilities will be added to user with same name as service, not to logged user. In this way, the services connection process will work when authentication is disabled, and services registered will still be connected if authentication is enabled again.

lib/api/servicePluginConfigs.js

@@ -6,63 +6,80 @@ const definition = require('./servicePluginConfigs.json')
 const { roles } = require('../security/utils')
 const events = require('../events')
 
+const LOCATION = 'location'
+const LOCATION_ROOT = '/api/service-plugin-configs/'
 const EVENT_ENTITY = 'servicePluginConfig'
 
-const Operations = (service, commands) => ({
-  getServicePluginConfigs: {
-    handler: (params, body, res) => {
-      const filter = omitBy({
-        _service: params.query.service,
-        pluginPackageName: params.query['plugin-package-name']
-      }, isUndefined)
-      return commands.servicePluginConfig.getFiltered(filter)
-    }
-  },
-  getServicePluginConfig: {
-    handler: (params, body, res) => commands.servicePluginConfig.getById(params.path.id)
-  },
-  updateServicePluginConfig: {
-    auth: (userData, params, body) => {
-      if (userData.role === roles.PLUGIN || userData.role === roles.ADMIN) {
-        return Promise.resolve()
-      }
-      return commands.servicePluginConfig.getById(params.path.id).then(servicePluginConfigData => {
-        return commands.service.getById(servicePluginConfigData._service).then(serviceData => {
-          if (serviceData._user === userData._id) {
-            return Promise.resolve()
-          }
-          return Promise.reject(new service.errors.Forbidden())
-        })
-      })
-    },
-    handler: (params, body, res) => commands.servicePluginConfig.update(params.path.id, body).then(servicePluginConfigData => {
-      res.status(204)
-      res.header('location', `/api/service-plugin-configs/${servicePluginConfigData._id}`)
-      events.plugin(EVENT_ENTITY, events.OPERATIONS.UPDATE, servicePluginConfigData)
+const Operations = (service, commands) => {
+  const adminPluginOrOwner = (userData, params, body) => {
+    if (userData.role === roles.PLUGIN || userData.role === roles.ADMIN) {
       return Promise.resolve()
-    })
-  },
-  addServicePluginConfig: {
-    auth: (userData, params, body) => {
-      if (userData.role === roles.PLUGIN || userData.role === roles.ADMIN) {
-        return Promise.resolve()
-      }
-      return commands.service.getById(body._service).then(serviceData => {
+    }
+    return commands.servicePluginConfig.getById(params.path.id).then(servicePluginConfigData => {
+      return commands.service.getById(servicePluginConfigData._service).then(serviceData => {
         if (serviceData._user === userData._id) {
           return Promise.resolve()
         }
         return Promise.reject(new service.errors.Forbidden())
       })
+    })
+  }
+
+  return {
+    getServicePluginConfigs: {
+      handler: (params, body, res) => {
+        const filter = omitBy({
+          _service: params.query.service,
+          pluginPackageName: params.query['plugin-package-name']
+        }, isUndefined)
+        return commands.servicePluginConfig.getFiltered(filter)
+      }
+    },
+    getServicePluginConfig: {
+      handler: (params, body, res) => commands.servicePluginConfig.getById(params.path.id)
     },
-    handler: (params, body, res, userData) => commands.servicePluginConfig.add(body)
-      .then(servicePluginConfigData => {
-        res.status(201)
-        res.header('location', `/api/service-plugin-configs/${servicePluginConfigData._id}`)
-        events.plugin(EVENT_ENTITY, events.OPERATIONS.CREATE, servicePluginConfigData)
+    updateServicePluginConfig: {
+      auth: adminPluginOrOwner,
+      handler: (params, body, res) => commands.servicePluginConfig.update(params.path.id, body).then(servicePluginConfigData => {
+        res.status(204)
+        res.header(LOCATION, `${LOCATION_ROOT}${servicePluginConfigData._id}`)
+        events.plugin(EVENT_ENTITY, events.OPERATIONS.UPDATE, servicePluginConfigData)
         return Promise.resolve()
       })
+    },
+    addServicePluginConfig: {
+      auth: (userData, params, body) => {
+        if (userData.role === roles.PLUGIN || userData.role === roles.ADMIN) {
+          return Promise.resolve()
+        }
+        return commands.service.getById(body._service).then(serviceData => {
+          if (serviceData._user === userData._id) {
+            return Promise.resolve()
+          }
+          return Promise.reject(new service.errors.Forbidden())
+        })
+      },
+      handler: (params, body, res, userData) => commands.servicePluginConfig.add(body)
+        .then(servicePluginConfigData => {
+          res.status(201)
+          res.header(LOCATION, `${LOCATION_ROOT}${servicePluginConfigData._id}`)
+          events.plugin(EVENT_ENTITY, events.OPERATIONS.CREATE, servicePluginConfigData)
+          return Promise.resolve()
+        })
+    },
+    deleteServicePluginConfig: {
+      auth: adminPluginOrOwner,
+      handler: (params, body, res, userData) => commands.servicePluginConfig.remove(params.path.id)
+        .then(servicePluginConfigData => {
+          res.status(204)
+          events.plugin(EVENT_ENTITY, events.OPERATIONS.DELETE, {
+            _id: params.path.id
+          })
+          return Promise.resolve()
+        })
+    }
   }
-})
+}
 
 const openapi = () => [definition]
 

lib/api/servicePluginConfigs.json

@@ -284,6 +284,36 @@
         }, {
           "apiKey": []
         }]
+      },
+      "delete": {
+        "parameters": [
+          {
+            "in": "path",
+            "name": "id",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "description": "Service plugin configuration id"
+          }
+        ],
+        "tags": ["service"],
+        "summary": "Delete service plugin configuration",
+        "description": "Delete service plugin configuration",
+        "operationId": "deleteServicePluginConfig",
+        "responses": {
+          "204": {
+            "$ref": "#/components/responses/Deleted"
+          },
+          "404": {
+            "$ref": "#/components/responses/NotFoundError"
+          }
+        },
+        "security": [{
+          "jwt": []
+        }, {
+          "apiKey": []
+        }]
       }
     }
   }

lib/api/services.js

@@ -3,7 +3,7 @@
 const { omitBy, isUndefined } = require('lodash')
 
 const definition = require('./services.json')
-const { roles } = require('../security/utils')
+const { roles, onlyAdmin } = require('../security/utils')
 const events = require('../events')
 
 const EVENT_ENTITY = 'service'
@@ -44,6 +44,16 @@ const Operations = (service, commands) => ({
           events.plugin(EVENT_ENTITY, events.OPERATIONS.CREATE, serviceData)
           return Promise.resolve()
         }))
+  },
+  deleteService: {
+    auth: onlyAdmin,
+    handler: (params, body, res) => commands.composed.removeService(params.path.id).then(() => {
+      res.status(204)
+      events.plugin(EVENT_ENTITY, events.OPERATIONS.DELETE, {
+        _id: params.path.id
+      })
+      return Promise.resolve()
+    })
   }
 })
 

lib/api/services.json

@@ -320,6 +320,36 @@
         }, {
           "apiKey": []
         }]
+      },
+      "delete": {
+        "parameters": [
+          {
+            "in": "path",
+            "name": "id",
+            "schema": {
+              "type": "string"
+            },
+            "required": true,
+            "description": "Service id"
+          }
+        ],
+        "tags": ["service"],
+        "summary": "Delete service",
+        "description": "Delete service",
+        "operationId": "deleteService",
+        "responses": {
+          "204": {
+            "$ref": "#/components/responses/Deleted"
+          },
+          "404": {
+            "$ref": "#/components/responses/NotFoundError"
+          }
+        },
+        "security": [{
+          "jwt": []
+        }, {
+          "apiKey": []
+        }]
       }
     }
   }

lib/api/users.js

@@ -3,9 +3,11 @@
 const { omitBy, isUndefined } = require('lodash')
 
 const definition = require('./users.json')
-const { roles } = require('../security/utils')
+const { roles, onlyAdmin } = require('../security/utils')
 const events = require('../events')
 
+const LOCATION = 'location'
+const LOCATION_ROOT = '/api/users/'
 const EVENT_ENTITY = 'user'
 
 const Operations = (service, commands) => {
@@ -31,22 +33,54 @@ const Operations = (service, commands) => {
       handler: (params, body, res) => commands.user.add(body)
         .then(user => {
           res.status(201)
-          res.header('location', `/api/users/${user._id}`)
+          res.header(LOCATION, `${LOCATION_ROOT}${user._id}`)
           events.plugin(EVENT_ENTITY, events.OPERATIONS.CREATE, user)
           return Promise.resolve()
         })
     },
     getUser: {
+      auth: (userData, params) => commands.user.getById(params.path.id)
+        .then(user => {
+          if (rolesBasedAuth(userData.role, user.role) || params.path.id === userData._id) {
+            return Promise.resolve()
+          }
+          return Promise.reject(new service.errors.Forbidden())
+        }),
+      handler: (params, body, res) => commands.user.getById(params.path.id)
+    },
+    updateUser: {
       auth: (userData, params, body) => {
         return commands.user.getById(params.path.id)
           .then(user => {
-            if (rolesBasedAuth(userData.role, user.role) || params.path.id === userData._id) {
+            if (
+              // Only operators and admin users can be modified
+              [roles.ADMIN, roles.OPERATOR].includes(user.role) &&
+              // Role can be only modified by administrators
+              (userData.role === roles.ADMIN || (params.path.id === userData._id && !body.role)) &&
+              // Role can be modified only to operator or admin roles
+              (!body.role || [roles.ADMIN, roles.OPERATOR].includes(body.role))
+            ) {
               return Promise.resolve()
             }
             return Promise.reject(new service.errors.Forbidden())
           })
       },
-      handler: (params, body, res) => commands.user.getById(params.path.id)
+      handler: (params, body, res) => commands.user.update(params.path.id, body).then(user => {
+        res.status(204)
+        res.header(LOCATION, `${LOCATION_ROOT}${user._id}`)
+        events.plugin(EVENT_ENTITY, events.OPERATIONS.UPDATE, user)
+        return Promise.resolve()
+      })
+    },
+    deleteUser: {
+      auth: onlyAdmin,
+      handler: (params, body, res) => commands.composed.removeUser(params.path.id).then(() => {
+        res.status(204)
+        events.plugin(EVENT_ENTITY, events.OPERATIONS.DELETE, {
+          _id: params.path.id
+        })
+        return Promise.resolve()
+      })
     },
     getUserMe: {
       handler: (params, body, res, userData) => commands.user.getById(userData._id)