Added auth to all endpoints

src/controllers/PermissionController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
@@ -24,6 +24,7 @@ export class PermissionController {
     }
 
     @Get()
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
     @OpenAPI({ description: 'Lists all permissions.' })
     async getAll() {
@@ -37,6 +38,7 @@ export class PermissionController {
 
 
     @Get('/:id')
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @OnUndefined(PermissionNotFoundError)
@@ -49,6 +51,7 @@ export class PermissionController {
 
 
     @Post()
+    @Authorized("PERMISSION:CREATE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
     @OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
@@ -70,6 +73,7 @@ export class PermissionController {
 
 
     @Put('/:id')
+    @Authorized("PERMISSION:UPDATE")
     @ResponseSchema(ResponsePrincipal)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
@@ -98,6 +102,7 @@ export class PermissionController {
     }
 
     @Delete('/:id')
+    @Authorized("PERMISSION:DELETE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(ResponseEmpty, { statusCode: 204 })
     @OnUndefined(204)

src/controllers/RunnerController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerGroupNeededError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
@@ -22,6 +22,7 @@ export class RunnerController {
 	}
 
 	@Get()
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@OpenAPI({ description: 'Lists all runners.' })
 	async getAll() {
@@ -34,6 +35,7 @@ export class RunnerController {
 	}
 
 	@Get('/:id')
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerNotFoundError)
@@ -45,6 +47,7 @@ export class RunnerController {
 	}
 
 	@Post()
+	@Authorized("RUNNER:CREATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerGroupNeededError)
 	@ResponseSchema(RunnerGroupNotFoundError)
@@ -62,6 +65,7 @@ export class RunnerController {
 	}
 
 	@Put('/:id')
+	@Authorized("RUNNER:UPDATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
@@ -82,6 +86,7 @@ export class RunnerController {
 	}
 
 	@Delete('/:id')
+	@Authorized("RUNNER:DELETE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)

src/controllers/RunnerOrganisationController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -24,6 +24,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Get()
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
 	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
 	async getAll() {
@@ -36,6 +37,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Get('/:id')
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerOrganisationNotFoundError)
@@ -47,6 +49,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Post()
+	@Authorized("ORGANISATION:CREATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
 	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
@@ -63,6 +66,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Put('/:id')
+	@Authorized("ORGANISATION:UPDATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
@@ -85,6 +89,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Delete('/:id')
+	@Authorized("ORGANISATION:DELETE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })

src/controllers/RunnerTeamController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
@@ -23,6 +23,7 @@ export class RunnerTeamController {
 	}
 
 	@Get()
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
 	@OpenAPI({ description: 'Lists all runnerTeams.' })
 	async getAll() {
@@ -35,6 +36,7 @@ export class RunnerTeamController {
 	}
 
 	@Get('/:id')
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerTeamNotFoundError)
@@ -46,6 +48,7 @@ export class RunnerTeamController {
 	}
 
 	@Post()
+	@Authorized("TEAM:CREATE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
 	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
@@ -63,6 +66,7 @@ export class RunnerTeamController {
 	}
 
 	@Put('/:id')
+	@Authorized("TEAM:UPDATE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
@@ -84,6 +88,7 @@ export class RunnerTeamController {
 	}
 
 	@Delete('/:id')
+	@Authorized("TEAM:DELETE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })

src/controllers/TrackController.ts

@@ -21,7 +21,7 @@ export class TrackController {
 	}
 
 	@Get()
-	@Authorized("TRACK:READ")
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
 	async getAll() {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
@@ -33,6 +33,7 @@ export class TrackController {
 	}
 
 	@Get('/:id')
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@OnUndefined(TrackNotFoundError)
@@ -44,6 +45,7 @@ export class TrackController {
 	}
 
 	@Post()
+	@Authorized("TRACK:CREATE")
 	@ResponseSchema(ResponseTrack)
 	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
 	async post(
@@ -54,6 +56,7 @@ export class TrackController {
 	}
 
 	@Put('/:id')
+	@Authorized("TRACK:UPDATE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@ResponseSchema(TrackIdsNotMatchingError, { statusCode: 406 })
@@ -74,6 +77,7 @@ export class TrackController {
 	}
 
 	@Delete('/:id')
+	@Authorized("TRACK:DELETE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)

src/controllers/UserController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -24,6 +24,7 @@ export class UserController {
 	}
 
 	@Get()
+	@Authorized("USER:GET")
 	@ResponseSchema(User, { isArray: true })
 	@OpenAPI({ description: 'Lists all users.' })
 	async getAll() {
@@ -36,6 +37,7 @@ export class UserController {
 	}
 
 	@Get('/:id')
+	@Authorized("USER:GET")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
@@ -47,6 +49,7 @@ export class UserController {
 	}
 
 	@Post()
+	@Authorized("USER:CREATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
@@ -63,6 +66,7 @@ export class UserController {
 	}
 
 	@Put('/:id')
+	@Authorized("USER:UPDATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@@ -83,6 +87,7 @@ export class UserController {
 	}
 
 	@Delete('/:id')
+	@Authorized("USER:DELETE")
 	@ResponseSchema(User)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)

src/controllers/UserGroupController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -23,6 +23,7 @@ export class UserGroupController {
 	}
 
 	@Get()
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all usergroups.' })
 	getAll() {
@@ -30,6 +31,7 @@ export class UserGroupController {
 	}
 
 	@Get('/:id')
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
@@ -39,6 +41,7 @@ export class UserGroupController {
 	}
 
 	@Post()
+	@Authorized("USERGROUP:CREATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
@@ -54,6 +57,7 @@ export class UserGroupController {
 	}
 
 	@Put('/:id')
+	@Authorized("USERGROUP:UPDATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
@@ -74,6 +78,7 @@ export class UserGroupController {
 	}
 
 	@Delete('/:id')
+	@Authorized("USERGROUP:DELETE")
 	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)