feat: defined register permission and get all permissions api endpoints

2026-01-03 21:10:05 +00:00 · 2022-04-29 15:30:41 +05:00
parent e5200c1000
commit 1103ffe07b
4 changed files with 214 additions and 0 deletions
--- a/api/src/controllers/permission.ts
+++ b/api/src/controllers/permission.ts
@@ -0,0 +1,176 @@
+import {
+  Security,
+  Route,
+  Tags,
+  Path,
+  Example,
+  Get,
+  Post,
+  Delete,
+  Body
+} from 'tsoa'
+
+import Permission from '../model/Permission'
+import User from '../model/User'
+import Group from '../model/Group'
+import Client from '../model/Client'
+import { UserResponse } from './user'
+import { GroupResponse } from './group'
+
+interface PermissionPayload {
+  /**
+   * Name of affected resource
+   * @example "/SASjsApi/code/execute"
+   */
+  uri: string
+  /**
+   * The indication of whether (and to what extent) access is provided
+   * @example "Grant"
+   */
+  setting: string
+  /**
+   * Indicates the type of principal
+   * @example "user"
+   */
+  principalType: string
+  /**
+   * The id of user(number), group(name), or client(clientId) to which a rule is assigned.
+   * @example 123
+   */
+  principalId: any
+}
+
+interface PermissionDetailsResponse {
+  permissionId: number
+  uri: string
+  setting: string
+  user?: UserResponse
+  group?: GroupResponse
+  clientId?: string
+}
+
+@Security('bearerAuth')
+@Route('SASjsApi/permission')
+@Tags('Permission')
+export class PermissionController {
+  /**
+   * @summary Get list of all permissions (uri, setting and userDetail).
+   *
+   */
+  @Example<PermissionDetailsResponse[]>([
+    {
+      permissionId: 123,
+      uri: '/SASjsApi/code/execute',
+      setting: 'Grant',
+      user: { id: 1, username: 'johnSnow01', displayName: 'John Snow' }
+    },
+    {
+      permissionId: 124,
+      uri: '/SASjsApi/code/execute',
+      setting: 'Grant',
+      group: {
+        groupId: 1,
+        name: 'DCGroup',
+        description: 'This group represents Data Controller Users'
+      }
+    },
+    {
+      permissionId: 125,
+      uri: '/SASjsApi/code/execute',
+      setting: 'Deny',
+      clientId: 'clientId1'
+    }
+  ])
+  @Get('/')
+  public async getAllPermissions(): Promise<PermissionDetailsResponse[]> {
+    return getAllPermissions()
+  }
+
+  /**
+   * @summary Create a new permission. Admin only.
+   *
+   */
+  @Example<PermissionDetailsResponse>({
+    permissionId: 123,
+    uri: '/SASjsApi/code/execute',
+    setting: 'Grant',
+    user: { id: 1, username: 'johnSnow01', displayName: 'John Snow' }
+  })
+  @Post('/')
+  public async createPermission(
+    @Body() body: PermissionPayload
+  ): Promise<PermissionDetailsResponse> {
+    return createPermission(body)
+  }
+}
+
+const getAllPermissions = async (): Promise<PermissionDetailsResponse[]> =>
+  (await Permission.find({})
+    .select({
+      _id: 0,
+      permissionId: 1,
+      uri: 1,
+      setting: 1
+    })
+    .populate({ path: 'user', select: 'id username displayName -_id' })
+    .populate({
+      path: 'group',
+      select: 'groupId name description -_id'
+    })
+    .populate({
+      path: 'client',
+      select: 'clientId -_id'
+    })) as unknown as PermissionDetailsResponse[]
+
+const createPermission = async ({
+  uri,
+  setting,
+  principalType,
+  principalId
+}: PermissionPayload): Promise<PermissionDetailsResponse> => {
+  const permission = new Permission({
+    uri,
+    setting
+  })
+
+  let user, group, client
+
+  switch (principalType) {
+    case 'user':
+      user = await User.findOne({ id: principalId })
+      if (!user) throw new Error('User not found.')
+      permission.user = user._id
+      break
+    case 'group':
+      group = await Group.findOne({ groupId: principalId })
+      if (!group) throw new Error('Group not found.')
+      permission.group = group._id
+      break
+    case 'client':
+      client = await Client.findOne({ clientId: principalId })
+      if (!client) throw new Error('Client not found.')
+      permission.client = client._id
+      break
+    default:
+      throw new Error('Invalid principal type.')
+  }
+
+  const savedPermission = await permission.save()
+
+  return {
+    permissionId: savedPermission.permissionId,
+    uri: savedPermission.uri,
+    setting: savedPermission.setting,
+    user: !!user
+      ? { id: user.id, username: user.username, displayName: user.displayName }
+      : undefined,
+    group: !!group
+      ? {
+          groupId: group.groupId,
+          name: group.name,
+          description: group.description
+        }
+      : undefined,
+    clientId: !!client ? client.clientId : undefined
+  }
+}