Added auth to all endpoints

src/controllers/PermissionController.ts

@@ -1,4 +1,4 @@
-import { Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
+import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { getConnectionManager, Repository } from 'typeorm';
 import { PermissionIdsNotMatchingError, PermissionNeedsPrincipalError, PermissionNotFoundError } from '../errors/PermissionErrors';
@@ -24,6 +24,7 @@ export class PermissionController {
     }
 
     @Get()
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission, { isArray: true })
     @OpenAPI({ description: 'Lists all permissions.' })
     async getAll() {
@@ -37,6 +38,7 @@ export class PermissionController {
 
 
     @Get('/:id')
+    @Authorized("PERMISSION:GET")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @OnUndefined(PermissionNotFoundError)
@@ -49,6 +51,7 @@ export class PermissionController {
 
 
     @Post()
+    @Authorized("PERMISSION:CREATE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
     @OpenAPI({ description: 'Create a new runnerTeam object (id will be generated automagicly).' })
@@ -70,6 +73,7 @@ export class PermissionController {
 
 
     @Put('/:id')
+    @Authorized("PERMISSION:UPDATE")
     @ResponseSchema(ResponsePrincipal)
     @ResponseSchema(PermissionNotFoundError, { statusCode: 404 })
     @ResponseSchema(PrincipalNotFoundError, { statusCode: 404 })
@@ -98,6 +102,7 @@ export class PermissionController {
     }
 
     @Delete('/:id')
+    @Authorized("PERMISSION:DELETE")
     @ResponseSchema(ResponsePermission)
     @ResponseSchema(ResponseEmpty, { statusCode: 204 })
     @OnUndefined(204)