Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

Commit

Permalink
✨ Add API scopes endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnandChowdhary
AnandChowdhary committed Sep 3, 2020
1 parent 3fac6c9 commit 5225c30
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 0 deletions.
40 changes: 40 additions & 0 deletions src/_staart/rest/group.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1340,3 +1340,43 @@ export const getGroupTransactionForUser = async (
);
throw new Error(STRIPE_NO_CUSTOMER);
};

export const getGroupApiKeyScopesForUser = async (
tokenUserId: number | ApiKeyResponse,
groupId: number
) => {
if (
!(await can(
tokenUserId,
`${Acts.READ}${ScopesGroup.API_KEYS}`,
`group-${groupId}`
))
)
throw new Error(INSUFFICIENT_PERMISSION);

const data: { [index: string]: any } = {};
Object.values(ScopesGroup).forEach((scope) => {
data[scope] = [];
[Acts.READ, Acts.WRITE].forEach((act) => {
data[scope].push({
value: `p, user-${tokenUserId}, group-${groupId}, ${act}${scope}`,
name: `${act}${scope}`,
});
});
});
const memberships = await prisma.memberships.findMany({
where: { groupId },
});
data["delete:data"] = [
{
name: `${Acts.DELETE}group`,
value: `p, user-${tokenUserId}, group-${groupId}, ${Acts.DELETE}${ScopesGroup.INFO}`,
},
...memberships.map((membership) => ({
value: `p, user-${tokenUserId}, membership-${membership.id}, ${Acts.DELETE}${ScopesUser.MEMBERSHIPS}`,
name: `${Acts.DELETE}membership-${membership.id}`,
})),
];

return data;
};
13 changes: 13 additions & 0 deletions src/controllers/groups/_id/api-keys.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import {
getGroupApiKeyLogsForUser,
getGroupApiKeysForUser,
updateApiKeyForUser,
getGroupApiKeyScopesForUser,
} from "../../../_staart/rest/group";

@ClassMiddleware(authHandler)
Expand Down Expand Up @@ -60,6 +61,18 @@ export class GroupApiKeysController {
return { ...respond(RESOURCE_CREATED), added };
}

@Get("scopes")
async getUserApiKeyScopes(req: Request, res: Response) {
const id = twtToId(req.params.id);
joiValidate(
{
id: Joi.number().required(),
},
{ id }
);
return getGroupApiKeyScopesForUser(localsToTokenOrKey(res), id);
}

@Get(":apiKeyId")
async getUserApiKey(req: Request, res: Response) {
const id = twtToId(req.params.id);
Expand Down

0 comments on commit 5225c30

Please sign in to comment.