From 744faba7eec3702b8cbd15fe51e7a248cc7cc19a Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Fri, 18 Dec 2020 20:33:13 +0100
Subject: [PATCH] Added auth to all endpoints

---
 src/controllers/PermissionController.ts         | 7 ++++++-
 src/controllers/RunnerController.ts             | 7 ++++++-
 src/controllers/RunnerOrganisationController.ts | 7 ++++++-
 src/controllers/RunnerTeamController.ts         | 7 ++++++-
 src/controllers/TrackController.ts              | 6 +++++-
 src/controllers/UserController.ts               | 7 ++++++-
 src/controllers/UserGroupController.ts          | 7 ++++++-
 7 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/src/controllers/PermissionController.ts b/src/controllers/PermissionController.ts
index f5264f6..6be00fd 100644
--- a/src/controllers/PermissionController.ts
+++ b/src/controllers/PermissionController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
@@ -24,6 +24,7 @@ export class PermissionController {
     }
 
     @Get()
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
     @OpenAPI({ description: 'Lists all permissions.' })
     async getAll() {
@@ -37,6 +38,7 @@ export class PermissionController {
 
 
     @Get('/:id')
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @OnUndefined(PermissionNotFoundError)
@@ -49,6 +51,7 @@ export class PermissionController {
 
 
     @Post()
+    @Authorized("PERMISSION:CREATE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
     @OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
@@ -70,6 +73,7 @@ export class PermissionController {
 
 
     @Put('/:id')
+    @Authorized("PERMISSION:UPDATE")
     @ResponseSchema(ResponsePrincipal)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
@@ -98,6 +102,7 @@ export class PermissionController {
     }
 
     @Delete('/:id')
+    @Authorized("PERMISSION:DELETE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(ResponseEmpty, { statusCode: 204 })
     @OnUndefined(204)
diff --git a/src/controllers/RunnerController.ts b/src/controllers/RunnerController.ts
index 05f8c93..8d70c30 100644
--- a/src/controllers/RunnerController.ts
+++ b/src/controllers/RunnerController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerGroupNeededError, RunnerIdsNotMatchingError, RunnerNotFoundError } from '../errors/RunnerErrors';
@@ -22,6 +22,7 @@ export class RunnerController {
 	}
 
 	@Get()
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner, { isArray: true })
 	@OpenAPI({ description: 'Lists all runners.' })
 	async getAll() {
@@ -34,6 +35,7 @@ export class RunnerController {
 	}
 
 	@Get('/:id')
+	@Authorized("RUNNER:GET")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerNotFoundError)
@@ -45,6 +47,7 @@ export class RunnerController {
 	}
 
 	@Post()
+	@Authorized("RUNNER:CREATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerGroupNeededError)
 	@ResponseSchema(RunnerGroupNotFoundError)
@@ -62,6 +65,7 @@ export class RunnerController {
 	}
 
 	@Put('/:id')
+	@Authorized("RUNNER:UPDATE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(RunnerNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerIdsNotMatchingError, { statusCode: 406 })
@@ -82,6 +86,7 @@ export class RunnerController {
 	}
 
 	@Delete('/:id')
+	@Authorized("RUNNER:DELETE")
 	@ResponseSchema(ResponseRunner)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
diff --git a/src/controllers/RunnerOrganisationController.ts b/src/controllers/RunnerOrganisationController.ts
index d435b1d..5504dbb 100644
--- a/src/controllers/RunnerOrganisationController.ts
+++ b/src/controllers/RunnerOrganisationController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -24,6 +24,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Get()
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation, { isArray: true })
 	@OpenAPI({ description: 'Lists all runnerOrganisations.' })
 	async getAll() {
@@ -36,6 +37,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Get('/:id')
+	@Authorized("ORGANISATION:GET")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerOrganisationNotFoundError)
@@ -47,6 +49,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Post()
+	@Authorized("ORGANISATION:CREATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@OpenAPI({ description: 'Create a new runnerOrganisation object (id will be generated automagicly).' })
 	async post(@Body({ validate: true }) createRunnerOrganisation: CreateRunnerOrganisation) {
@@ -63,6 +66,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Put('/:id')
+	@Authorized("ORGANISATION:UPDATE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(RunnerOrganisationNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerOrganisationIdsNotMatchingError, { statusCode: 406 })
@@ -85,6 +89,7 @@ export class RunnerOrganisationController {
 	}
 
 	@Delete('/:id')
+	@Authorized("ORGANISATION:DELETE")
 	@ResponseSchema(ResponseRunnerOrganisation)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerOrganisationHasTeamsError, { statusCode: 406 })
diff --git a/src/controllers/RunnerTeamController.ts b/src/controllers/RunnerTeamController.ts
index 4b90c53..e02098a 100644
--- a/src/controllers/RunnerTeamController.ts
+++ b/src/controllers/RunnerTeamController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { RunnerTeamHasRunnersError, RunnerTeamIdsNotMatchingError, RunnerTeamNotFoundError } from '../errors/RunnerTeamErrors';
@@ -23,6 +23,7 @@ export class RunnerTeamController {
 	}
 
 	@Get()
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam, { isArray: true })
 	@OpenAPI({ description: 'Lists all runnerTeams.' })
 	async getAll() {
@@ -35,6 +36,7 @@ export class RunnerTeamController {
 	}
 
 	@Get('/:id')
+	@Authorized("TEAM:GET")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@OnUndefined(RunnerTeamNotFoundError)
@@ -46,6 +48,7 @@ export class RunnerTeamController {
 	}
 
 	@Post()
+	@Authorized("TEAM:CREATE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
 	async post(@Body({ validate: true }) createRunnerTeam: CreateRunnerTeam) {
@@ -63,6 +66,7 @@ export class RunnerTeamController {
 	}
 
 	@Put('/:id')
+	@Authorized("TEAM:UPDATE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(RunnerTeamNotFoundError, { statusCode: 404 })
 	@ResponseSchema(RunnerTeamIdsNotMatchingError, { statusCode: 406 })
@@ -84,6 +88,7 @@ export class RunnerTeamController {
 	}
 
 	@Delete('/:id')
+	@Authorized("TEAM:DELETE")
 	@ResponseSchema(ResponseRunnerTeam)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@ResponseSchema(RunnerTeamHasRunnersError, { statusCode: 406 })
diff --git a/src/controllers/TrackController.ts b/src/controllers/TrackController.ts
index 8a3736b..4691c86 100644
--- a/src/controllers/TrackController.ts
+++ b/src/controllers/TrackController.ts
@@ -21,7 +21,7 @@ export class TrackController {
 	}
 
 	@Get()
-	@Authorized("TRACK:READ")
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack, { isArray: true })
 	async getAll() {
 		let responseTracks: ResponseTrack[] = new Array<ResponseTrack>();
@@ -33,6 +33,7 @@ export class TrackController {
 	}
 
 	@Get('/:id')
+	@Authorized("TRACK:GET")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@OnUndefined(TrackNotFoundError)
@@ -44,6 +45,7 @@ export class TrackController {
 	}
 
 	@Post()
+	@Authorized("TRACK:CREATE")
 	@ResponseSchema(ResponseTrack)
 	@OpenAPI({ description: "Create a new track object (id will be generated automagicly)." })
 	async post(
@@ -54,6 +56,7 @@ export class TrackController {
 	}
 
 	@Put('/:id')
+	@Authorized("TRACK:UPDATE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(TrackNotFoundError, { statusCode: 404 })
 	@ResponseSchema(TrackIdsNotMatchingError, { statusCode: 406 })
@@ -74,6 +77,7 @@ export class TrackController {
 	}
 
 	@Delete('/:id')
+	@Authorized("TRACK:DELETE")
 	@ResponseSchema(ResponseTrack)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts
index 4cc1544..eb3a458 100644
--- a/src/controllers/UserController.ts
+++ b/src/controllers/UserController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -24,6 +24,7 @@ export class UserController {
 	}
 
 	@Get()
+	@Authorized("USER:GET")
 	@ResponseSchema(User, { isArray: true })
 	@OpenAPI({ description: 'Lists all users.' })
 	async getAll() {
@@ -36,6 +37,7 @@ export class UserController {
 	}
 
 	@Get('/:id')
+	@Authorized("USER:GET")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserNotFoundError)
@@ -47,6 +49,7 @@ export class UserController {
 	}
 
 	@Post()
+	@Authorized("USER:CREATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Create a new user object (id will be generated automagicly).' })
@@ -63,6 +66,7 @@ export class UserController {
 	}
 
 	@Put('/:id')
+	@Authorized("USER:UPDATE")
 	@ResponseSchema(User)
 	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
@@ -83,6 +87,7 @@ export class UserController {
 	}
 
 	@Delete('/:id')
+	@Authorized("USER:DELETE")
 	@ResponseSchema(User)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)
diff --git a/src/controllers/UserGroupController.ts b/src/controllers/UserGroupController.ts
index f5212ea..3297f50 100644
--- a/src/controllers/UserGroupController.ts
+++ b/src/controllers/UserGroupController.ts
@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { EntityFromBody } from 'typeorm-routing-controllers-extensions';
@@ -23,6 +23,7 @@ export class UserGroupController {
 	}
 
 	@Get()
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all usergroups.' })
 	getAll() {
@@ -30,6 +31,7 @@ export class UserGroupController {
 	}
 
 	@Get('/:id')
+	@Authorized("USERGROUP:GET")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
@@ -39,6 +41,7 @@ export class UserGroupController {
 	}
 
 	@Post()
+	@Authorized("USERGROUP:CREATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Create a new usergroup object (id will be generated automagicly).' })
@@ -54,6 +57,7 @@ export class UserGroupController {
 	}
 
 	@Put('/:id')
+	@Authorized("USERGROUP:UPDATE")
 	@ResponseSchema(UserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@ResponseSchema(UserGroupIdsNotMatchingError, { statusCode: 406 })
@@ -74,6 +78,7 @@ export class UserGroupController {
 	}
 
 	@Delete('/:id')
+	@Authorized("USERGROUP:DELETE")
 	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(ResponseEmpty, { statusCode: 204 })
 	@OnUndefined(204)