feat: add api endpoint for deleting permission

api/public/swagger.yaml

@@ -1448,7 +1448,7 @@ paths:
                             examples:
                                 'Example 1':
                                     value: {permissionId: 123, uri: /SASjsApi/code/execute, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow'}}
-            summary: 'Update permission setting.'
+            summary: 'Update permission setting. Admin only'
             tags:
                 - Permission
             security:
@@ -1463,12 +1463,34 @@ paths:
                     schema:
                         format: double
                         type: number
+                    example: 1234
             requestBody:
                 required: true
                 content:
                     application/json:
                         schema:
                             $ref: '#/components/schemas/UpdatePermissionPayload'
+        delete:
+            operationId: DeletePermission
+            responses:
+                '204':
+                    description: 'No content'
+            summary: 'Delete a permission. Admin only.'
+            tags:
+                - Permission
+            security:
+                -
+                    bearerAuth: []
+            parameters:
+                -
+                    description: 'The user''s identifier'
+                    in: path
+                    name: permissionId
+                    required: true
+                    schema:
+                        format: double
+                        type: number
+                    example: 1234
 servers:
     -
         url: /

api/src/controllers/permission.ts

@@ -113,9 +113,9 @@ export class PermissionController {
   }
 
   /**
-   * @summary Update permission setting.
+   * @summary Update permission setting. Admin only
    * @param permissionId The permission's identifier
-   * @example userId "1234"
+   * @example permissionId 1234
    */
   @Example<PermissionDetailsResponse>({
     permissionId: 123,
@@ -130,6 +130,16 @@ export class PermissionController {
   ): Promise<PermissionDetailsResponse> {
     return updatePermission(permissionId, body)
   }
+
+  /**
+   * @summary Delete a permission. Admin only.
+   * @param permissionId The user's identifier
+   * @example permissionId 1234
+   */
+  @Delete('{permissionId}')
+  public async deletePermission(@Path() permissionId: number) {
+    return deletePermission(permissionId)
+  }
 }
 
 const getAllPermissions = async (): Promise<PermissionDetailsResponse[]> =>
@@ -233,3 +243,9 @@ const updatePermission = async (
 
   return updatedPermission
 }
+
+const deletePermission = async (id: number) => {
+  const permission = await Permission.findOne({ id })
+  if (!permission) throw new Error('Permission is not found.')
+  await Permission.deleteOne({ id })
+}

api/src/routes/api/permission.ts

@@ -53,4 +53,20 @@ permissionRouter.patch(
     }
   }
 )
+
+permissionRouter.delete(
+  '/:permissionId',
+  authenticateAccessToken,
+  verifyAdmin,
+  async (req: any, res) => {
+    const { permissionId } = req.params
+
+    try {
+      await controller.deletePermission(permissionId)
+      res.status(200).send('Permission Deleted!')
+    } catch (err: any) {
+      res.status(403).send(err.toString())
+    }
+  }
+)
 export default permissionRouter