From 4f6e81677c81c852e735407295c634b43b317479 Mon Sep 17 00:00:00 2001 From: Nicolai Ort Date: Fri, 15 Jan 2021 22:35:50 +0100 Subject: [PATCH] Implemented getting own permissions ref #100 --- src/controllers/MeController.ts | 42 +++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/src/controllers/MeController.ts b/src/controllers/MeController.ts index 8895073..bcdb48b 100644 --- a/src/controllers/MeController.ts +++ b/src/controllers/MeController.ts @@ -1,10 +1,13 @@ -import { Body, CurrentUser, Get, JsonController, OnUndefined, Put } from 'routing-controllers'; +import { Body, CurrentUser, Delete, Get, JsonController, OnUndefined, Put, QueryParam } from 'routing-controllers'; import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi'; import { getConnectionManager, Repository } from 'typeorm'; -import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors'; +import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors'; import { UpdateUser } from '../models/actions/update/UpdateUser'; import { User } from '../models/entities/User'; +import { ResponseEmpty } from '../models/responses/ResponseEmpty'; import { ResponseUser } from '../models/responses/ResponseUser'; +import { ResponseUserPermissions } from '../models/responses/ResponseUserPermissions'; +import { PermissionController } from './PermissionController'; @JsonController('/me') @@ -23,13 +26,24 @@ export class MeController { @ResponseSchema(ResponseUser) @ResponseSchema(UserNotFoundError, { statusCode: 404 }) @OnUndefined(UserNotFoundError) - @OpenAPI({ description: 'Lists all permissions granted to the user sorted into directly granted and inherited as permission response objects.' }) + @OpenAPI({ description: 'Lists all information about yourself.' }) async get(@CurrentUser() currentUser: User) { let user = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] }) if (!user) { throw new UserNotFoundError(); } return new ResponseUser(user); } + @Get('/') + @ResponseSchema(ResponseUserPermissions) + @ResponseSchema(UserNotFoundError, { statusCode: 404 }) + @OnUndefined(UserNotFoundError) + @OpenAPI({ description: 'Lists all permissions granted to the you sorted into directly granted and inherited as permission response objects.' }) + async getPermissions(@CurrentUser() currentUser: User) { + let user = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] }) + if (!user) { throw new UserNotFoundError(); } + return new ResponseUserPermissions(user); + } + @Put('/') @ResponseSchema(ResponseUser) @ResponseSchema(UserNotFoundError, { statusCode: 404 }) @@ -51,4 +65,24 @@ export class MeController { return new ResponseUser(await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions'] })); } -} + + @Delete('/') + @ResponseSchema(ResponseUser) + @ResponseSchema(ResponseEmpty, { statusCode: 204 }) + @ResponseSchema(UserDeletionNotConfirmedError, { statusCode: 406 }) + @OnUndefined(204) + @OpenAPI({ description: 'Delete the user whose id you provided.
If there are any permissions directly granted to the user they will get deleted as well.
If no user with this id exists it will just return 204(no content).' }) + async remove(@CurrentUser() currentUser: User, @QueryParam("force") force: boolean) { + if (!force) { throw new UserDeletionNotConfirmedError; } + if (!currentUser) { return null; } + const responseUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions'] });; + + const permissionControler = new PermissionController(); + for (let permission of responseUser.permissions) { + await permissionControler.remove(permission.id, true); + } + + await this.userRepository.delete(currentUser); + return new ResponseUser(responseUser); + } +} \ No newline at end of file