feat: add api endpoint for deleting permission

2025-12-10 11:24:35 +00:00 · 2022-04-30 01:16:52 +05:00
parent 540f54fb77
commit 01713440a4
3 changed files with 57 additions and 3 deletions
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -1448,7 +1448,7 @@ paths:
                            examples:
                                'Example 1':
                                    value: {permissionId: 123, uri: /SASjsApi/code/execute, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow'}}
-            summary: 'Update permission setting.'
+            summary: 'Update permission setting. Admin only'
            tags:
                - Permission
            security:
@@ -1463,12 +1463,34 @@ paths:
                    schema:
                        format: double
                        type: number
+                    example: 1234
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/UpdatePermissionPayload'
+        delete:
+            operationId: DeletePermission
+            responses:
+                '204':
+                    description: 'No content'
+            summary: 'Delete a permission. Admin only.'
+            tags:
+                - Permission
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    description: 'The user''s identifier'
+                    in: path
+                    name: permissionId
+                    required: true
+                    schema:
+                        format: double
+                        type: number
+                    example: 1234
 servers:
    -
        url: /
--- a/api/src/controllers/permission.ts
+++ b/api/src/controllers/permission.ts
@@ -113,9 +113,9 @@ export class PermissionController {
  }

  /**
-   * @summary Update permission setting.
+   * @summary Update permission setting. Admin only
   * @param permissionId The permission's identifier
-   * @example userId "1234"
+   * @example permissionId 1234
   */
  @Example<PermissionDetailsResponse>({
    permissionId: 123,
@@ -130,6 +130,16 @@ export class PermissionController {
  ): Promise<PermissionDetailsResponse> {
    return updatePermission(permissionId, body)
  }
+
+  /**
+   * @summary Delete a permission. Admin only.
+   * @param permissionId The user's identifier
+   * @example permissionId 1234
+   */
+  @Delete('{permissionId}')
+  public async deletePermission(@Path() permissionId: number) {
+    return deletePermission(permissionId)
+  }
 }

 const getAllPermissions = async (): Promise<PermissionDetailsResponse[]> =>
@@ -233,3 +243,9 @@ const updatePermission = async (

  return updatedPermission
 }
+
+const deletePermission = async (id: number) => {
+  const permission = await Permission.findOne({ id })
+  if (!permission) throw new Error('Permission is not found.')
+  await Permission.deleteOne({ id })
+}
--- a/api/src/routes/api/permission.ts
+++ b/api/src/routes/api/permission.ts
@@ -53,4 +53,20 @@ permissionRouter.patch(
    }
  }
 )
+
+permissionRouter.delete(
+  '/:permissionId',
+  authenticateAccessToken,
+  verifyAdmin,
+  async (req: any, res) => {
+    const { permissionId } = req.params
+
+    try {
+      await controller.deletePermission(permissionId)
+      res.status(200).send('Permission Deleted!')
+    } catch (err: any) {
+      res.status(403).send(err.toString())
+    }
+  }
+)
 export default permissionRouter