Merge pull request 'Alpha release 0.4.5' (#145) from dev into main

Reviewed-on: #145
Reviewed-by: Philipp Dormann <philipp@philippdormann.de>

CHANGELOG.md

@@ -2,8 +2,66 @@
 
 All notable changes to this project will be documented in this file. Dates are displayed in UTC.
 
+#### [v0.4.5](https://git.odit.services/lfk/backend/compare/v0.4.4...v0.4.5)
+
+- 🚀Bumped version to v0.4.5 [`cc869f6`](https://git.odit.services/lfk/backend/commit/cc869f69add1f1a175ff94510d52888f81bccb69)
+- Implemented /groups/permissions endpoint [`0c9867d`](https://git.odit.services/lfk/backend/commit/0c9867d70616615c8f3c72bbec37a4441e4868ef)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`b9aac71`](https://git.odit.services/lfk/backend/commit/b9aac7167681ff0945e538dd177abd6f97771bf2)
+- Merge pull request 'usergroups/permissions endpoint feature/143-usergroup_permissions_endpoint' (#144) from feature/143-usergroup_permissions_endpoint into dev [`a30a342`](https://git.odit.services/lfk/backend/commit/a30a342e00ba944f8014044bba28141c0657a17f)
+- Now all /usergroups endpoints return ResponseUserGroup [`bdcfce8`](https://git.odit.services/lfk/backend/commit/bdcfce88cbe069f9ba1925fcaac06367a109d2b7)
+- The ResponseUserGroup now returns their permisssions as a string array [`416f2a1`](https://git.odit.services/lfk/backend/commit/416f2a1366c570998011d022ebd7f5f44276b2c9)
+- The ResponseUserGroup now returns their permisssions as a string array [`5e353db`](https://git.odit.services/lfk/backend/commit/5e353db2061c30b4d10965c47f0dcbecb7f59fc5)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8379c3e`](https://git.odit.services/lfk/backend/commit/8379c3e29c45f0d7c4c84bce1f3abc718158fa84)
+
+#### [v0.4.4](https://git.odit.services/lfk/backend/compare/v0.4.3...v0.4.4)
+
+> 9 February 2021
+
+- Merge pull request 'Alpha release 0.4.4' (#142) from dev into main [`c4edcca`](https://git.odit.services/lfk/backend/commit/c4edccace78765dd5caa0f0e79c52f07c8a3568e)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`ca3d093`](https://git.odit.services/lfk/backend/commit/ca3d093e54bfaaa77c97e96738a74eeb25aee440)
+- Now loading runner's group's parentgroup with every runner controller request [`701706c`](https://git.odit.services/lfk/backend/commit/701706c0289b357439608b4e2eaa66c617d16e9d)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`74de655`](https://git.odit.services/lfk/backend/commit/74de6559d7c5e8c6d257d41dc91396b53bf0c071)
+- The group/runners endpoints now also deliver the runner's group's parentGroup [`906a1dc`](https://git.odit.services/lfk/backend/commit/906a1dc9e79ea4eb298a561cf98e6ae42b3ae4ec)
+- 🚀Bumped version to v0.4.4 [`a6f73c7`](https://git.odit.services/lfk/backend/commit/a6f73c733c8cfc8d84beb7e0bbd5bcd1313df9d0)
+- Merge pull request 'Expanded runner response feature/140-runner_group_parent' (#141) from feature/140-runner_group_parent into dev [`28cfbaa`](https://git.odit.services/lfk/backend/commit/28cfbaa6624d0bc65e2a9b72ffed17060e828735)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`09bbc70`](https://git.odit.services/lfk/backend/commit/09bbc70f5fd1f026148be07fe889a6907bc3f75a)
+- Adjusted test for the new response depth [`90e1ad7`](https://git.odit.services/lfk/backend/commit/90e1ad7db72732d13002c87461c33560b74befa6)
+- Adjusted test for the new response depth [`5872c63`](https://git.odit.services/lfk/backend/commit/5872c6335be573d849cdc3746b261c6cf476c3de)
+
+#### [v0.4.3](https://git.odit.services/lfk/backend/compare/v0.4.2...v0.4.3)
+
+> 7 February 2021
+
+- Merge pull request 'Alpha Release 0.4.3' (#139) from dev into main [`dd9cb6d`](https://git.odit.services/lfk/backend/commit/dd9cb6d3ef60cb118391abc2ba17fd0f83db0b1c)
+- 🚀Bumped version to v0.4.3 [`656d564`](https://git.odit.services/lfk/backend/commit/656d564baa8c8bf1f63523b0301ad9ff23e08aa4)
+- Bugfix for @lfk/frontend/#43 [`8f0a396`](https://git.odit.services/lfk/backend/commit/8f0a396dd07937fb7ccfb345d1acbac86eb5d9bb)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`f3f5cb4`](https://git.odit.services/lfk/backend/commit/f3f5cb462e4ecf932ad55eb519815222b4e5dd17)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`23c732b`](https://git.odit.services/lfk/backend/commit/23c732b6905cc9f6479a53a7744b72d01e345ecb)
+- Merge pull request 'Bugfix for @lfk/frontend/#43' (#138) from bugfix/118-encode_jwt_in_mail into dev [`9959172`](https://git.odit.services/lfk/backend/commit/9959172f2ae11cbb7a2b8e97bad432956fc70a80)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`a18d4d3`](https://git.odit.services/lfk/backend/commit/a18d4d3cee58f8eb9dc428b051a2394bd3ece5c2)
+
+#### [v0.4.2](https://git.odit.services/lfk/backend/compare/v0.4.1...v0.4.2)
+
+> 2 February 2021
+
+- Merge pull request 'Alpha Release 0.4.2' (#137) from dev into main [`390b36d`](https://git.odit.services/lfk/backend/commit/390b36dfd46cf8829126581bd62dd3d4ce8558fa)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3b718f3`](https://git.odit.services/lfk/backend/commit/3b718f3ce58f12007b6068e5db00a00dbe1c5398)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`f7a0ec7`](https://git.odit.services/lfk/backend/commit/f7a0ec7174521b1863a4bc58c7ff2b86cafdee66)
+- 🚀Bumped version to v0.4.2 [`321b20b`](https://git.odit.services/lfk/backend/commit/321b20b073b6debd605a92544779d0dfc0449f10)
+- Merge pull request 'Imprint&Privacy Links feature/135-imprint_and_privacy' (#136) from feature/135-imprint_and_privacy into dev [`110a847`](https://git.odit.services/lfk/backend/commit/110a84783e023407cbcf81506deb7cc204db9659)
+- 📖New license file version [CI SKIP] [skip ci] [`74791df`](https://git.odit.services/lfk/backend/commit/74791df68b40355e1d1a1f7f5ae4f64422571dc9)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`8425043`](https://git.odit.services/lfk/backend/commit/84250430996920ada15af23b68756daba8f99257)
+- Added new url env vars to config [`bcad691`](https://git.odit.services/lfk/backend/commit/bcad691045d00c9630bedb0936c123610b655946)
+- fixed license-exporter call [`74b982a`](https://git.odit.services/lfk/backend/commit/74b982afba3ec82a038c4748420920732fe32a51)
+- Added documentation about the new env vars to the readme [`333e806`](https://git.odit.services/lfk/backend/commit/333e806da42d7654e2b9fc13abae984726c689e7)
+- Added imprint and privacy to the api spec [`f4f6219`](https://git.odit.services/lfk/backend/commit/f4f621973aa98645dee3d43252bb18f125087c54)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`3aefa75`](https://git.odit.services/lfk/backend/commit/3aefa754128fc58a8200b280ee036c49cdaaac4a)
+
 #### [v0.4.1](https://git.odit.services/lfk/backend/compare/v0.4.0...v0.4.1)
 
+> 30 January 2021
+
+- Merge pull request 'Alpha Release 0.4.1' (#134) from dev into main [`71cab4e`](https://git.odit.services/lfk/backend/commit/71cab4e836dca2e2072b62676337f5f90796f105)
 - Deleted useless file [ci skip] [`94dd796`](https://git.odit.services/lfk/backend/commit/94dd7963b73d98089f086175ed79002f59195c26)
 - Implemented the interface in all responses [`9d5e486`](https://git.odit.services/lfk/backend/commit/9d5e486c6ddb4db87d36409fbd8bca1bf9659e9f)
 - Adjusted tests for the new responseType parameter (part 1) [`bcc15e4`](https://git.odit.services/lfk/backend/commit/bcc15e42863b641b97cd03440f141332e112c889)
@@ -14,6 +72,7 @@ All notable changes to this project will be documented in this file. Dates are d
 - 🧾New changelog file version [CI SKIP] [skip ci] [`7ba67b9`](https://git.odit.services/lfk/backend/commit/7ba67b9dcab7692c8c1e548ccbc3895eb084eedd)
 - Adjusted tests for the new responseType parameter (part 3) [`8dc2810`](https://git.odit.services/lfk/backend/commit/8dc2810c0c4097e26bf1b517bb9d0b102494f6c1)
 - Added a Response interface [`e44cc4c`](https://git.odit.services/lfk/backend/commit/e44cc4c4cbecdf7c8d90f0af73fffd8b01eba61e)
+- 🧾New changelog file version [CI SKIP] [skip ci] [`4e10077`](https://git.odit.services/lfk/backend/commit/4e100779017c5ce542b59cf2156bd6ab5fdceed2)
 - Adjusted tests for the new responseType parameter (part 2) [`ff8af09`](https://git.odit.services/lfk/backend/commit/ff8af090e3ea1760fb6110284cff870a0b4cbf84)
 - 🚀Bumped version to v0.4.1 [`c32fa93`](https://git.odit.services/lfk/backend/commit/c32fa93673010ab18e009ab24fc139ed4f67310e)
 - Merge pull request 'Response object types feature/132-object_types' (#133) from feature/132-object_types into dev [`6e5f1bd`](https://git.odit.services/lfk/backend/commit/6e5f1bd5ff217a88ec2dfaf154e5e26dee588e12)

README.md

@@ -69,6 +69,9 @@ yarn docs
 | MAIL_USER | String | N/A | The username for sending mails
 | MAIL_PASSWORD | String | N/A | The user's password for sending mails
 | MAIL_FROM | String | N/A | The from-address for sending mails
+| IMPRINT_URL | String(Url) | /imprint | The link to a imprint page for the system (Defaults to the frontend's imprint)
+| PRIVACY_URL | String(Url) | /privacy | The link to a privacy page for the system (Defaults to the frontend's privacy page)
+
 
 ## Recommended Editor
 

licenses.md

@@ -1,3 +1,32 @@
+# @odit/class-validator-jsonschema
+**Author**: Aleksi Pekkala <aleksipekkala@gmail.com>
+**Repo**: git@github.com:epiphone/class-validator-jsonschema.git
+**License**: MIT
+**Description**: Convert class-validator-decorated classes into JSON schema
+## License Text
+MIT License
+
+Copyright (c) 2017 Aleksi Pekkala
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # argon2
 **Author**: Ranieri Althoff <ranisalt+argon2@gmail.com>
 **Repo**: [object Object]
@@ -88,22 +117,15 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE. 
 
 # class-validator
-**Author**: [object Object]
+**Author**: TypeStack contributors
 **Repo**: [object Object]
 **License**: MIT
-**Description**: Class-based validation with Typescript / ES6 / ES5 using decorators or validation schemas. Supports both node.js and browser
+**Description**: Decorator-based property validation for classes.
 ## License Text
- 
 
-# class-validator-jsonschema
-**Author**: Aleksi Pekkala <aleksipekkala@gmail.com>
-**Repo**: git@github.com:epiphone/class-validator-jsonschema.git
-**License**: MIT
-**Description**: Convert class-validator-decorated classes into JSON schema
-## License Text
-MIT License
+The MIT License
 
-Copyright (c) 2017 Aleksi Pekkala
+Copyright (c) 2015-2020 TypeStack
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -112,17 +134,16 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
- 
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE. 
 
 # consola
 **Author**: undefined
@@ -332,6 +353,35 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
+# libphonenumber-js
+**Author**: catamphetamine <purecatamphetamine@gmail.com>
+**Repo**: [object Object]
+**License**: MIT
+**Description**: A simpler (and smaller) rewrite of Google Android's libphonenumber library in javascript
+## License Text
+(The MIT License)
+
+Copyright (c) 2016 @catamphetamine <purecatamphetamine@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+
 # mysql
 **Author**: Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)
 **Repo**: mysqljs/mysql
@@ -340,6 +390,30 @@ SOFTWARE.
 ## License Text
  
 
+# nodemailer
+**Author**: Andris Reinman
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Easy as cake e-mail sending from your Node.js applications
+## License Text
+Copyright (c) 2011-2019 Andris Reinman
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # pg
 **Author**: Brian Carlson <brian.m.carlson@gmail.com>
 **Repo**: [object Object]
@@ -594,7 +668,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 **Author**: ODIT.Services
 **Repo**: [object Object]
 **License**: MIT
-**Description**: A simple license crawler
+**Description**: A simple license crawler for crediting open source work
 ## License Text
 MIT License Copyright (c) 2020 ODIT.Services (info@odit.services)
 
@@ -791,6 +865,35 @@ OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
     SOFTWARE
  
 
+# @types/nodemailer
+**Author**: undefined
+**Repo**: [object Object]
+**License**: MIT
+**Description**: TypeScript definitions for Nodemailer
+## License Text
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE
+ 
+
 # @types/uuid
 **Author**: undefined
 **Repo**: [object Object]
@@ -934,6 +1037,35 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
  
 
+# release-it
+**Author**: [object Object]
+**Repo**: [object Object]
+**License**: MIT
+**Description**: Generic CLI tool to automate versioning and package publishing related tasks.
+## License Text
+MIT License
+
+Copyright (c) 2018 Lars Kappert
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+ 
+
 # rimraf
 **Author**: Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)
 **Repo**: git://github.com/isaacs/rimraf.git

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@odit/lfk-backend",
-  "version": "0.4.1",
+  "version": "0.4.5",
   "main": "src/app.ts",
   "repository": "https://git.odit.services/lfk/backend",
   "author": {
@@ -82,7 +82,7 @@
     "test:ci": "npm run test:ci:generate_env && npm run test:ci:run",
     "seed": "ts-node ./node_modules/typeorm/cli.js schema:sync && ts-node ./node_modules/typeorm-seeding/dist/cli.js seed",
     "openapi:export": "ts-node scripts/openapi_export.ts",
-    "licenses:export": "license-exporter --md",
+    "licenses:export": "license-exporter --markdown",
     "release": "release-it --only-version"
   },
   "release-it": {

src/apispec.ts

@@ -42,7 +42,7 @@ export function generateSpec(storage: MetadataArgsStorage, schemas) {
                 }
             },
             info: {
-                description: "The the backend API for the LfK! runner system.",
+                description: `The the backend API for the LfK! runner system. <br>[Imprint](${config.imprint_url}) & [Privacy](${config.privacy_url})`,
                 title: "LfK! Backend API",
                 version: config.version
             },

src/config.ts

@@ -11,12 +11,14 @@ export const config = {
     postalcode_validation_countrycode: getPostalCodeLocale(),
     version: process.env.VERSION || require('../package.json').version,
     seedTestData: getDataSeeding(),
-    app_url: process.env.APP_URL || "http://localhost:4010",
+    app_url: process.env.APP_URL || "http://localhost:8080",
     mail_server: process.env.MAIL_SERVER,
     mail_port: Number(process.env.MAIL_PORT) || 25,
     mail_user: process.env.MAIL_USER,
     mail_password: process.env.MAIL_PASSWORD,
-    mail_from: process.env.MAIL_FROM
+    mail_from: process.env.MAIL_FROM,
+    privacy_url: process.env.PRIVACY_URL || "/privacy",
+    imprint_url: process.env.IMPRINT_URL || "/imprint"
 }
 let errors = 0
 if (typeof config.internal_port !== "number") {

src/controllers/AuthController.ts

@@ -1,110 +1,110 @@
-import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
-import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
-import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
-import { UserNotFoundError } from '../errors/UserErrors';
-import { Mailer } from '../mailer';
-import { CreateAuth } from '../models/actions/create/CreateAuth';
-import { CreateResetToken } from '../models/actions/create/CreateResetToken';
-import { HandleLogout } from '../models/actions/HandleLogout';
-import { RefreshAuth } from '../models/actions/RefreshAuth';
-import { ResetPassword } from '../models/actions/ResetPassword';
-import { ResponseAuth } from '../models/responses/ResponseAuth';
-import { ResponseEmpty } from '../models/responses/ResponseEmpty';
-import { Logout } from '../models/responses/ResponseLogout';
-
-@JsonController('/auth')
-export class AuthController {
-
-	private mailer: Mailer;
-
-	constructor() {
-		this.mailer = new Mailer();
-	}
-
-	@Post("/login")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
-	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
-		let auth;
-		try {
-			auth = await createAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			return response.send(auth)
-		} catch (error) {
-			throw error;
-		}
-	}
-
-	@Post("/logout")
-	@ResponseSchema(Logout)
-	@ResponseSchema(InvalidCredentialsError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@ResponseSchema(PasswordNeededError)
-	@ResponseSchema(InvalidCredentialsError)
-	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
-	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
-		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
-			handleLogout.token = refresh_token;
-		}
-
-		let logout;
-		try {
-			logout = await handleLogout.logout()
-			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
-		} catch (error) {
-			throw error;
-		}
-		return response.send(logout)
-	}
-
-	@Post("/refresh")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(JwtNotProvidedError)
-	@ResponseSchema(IllegalJWTError)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(RefreshTokenCountInvalidError)
-	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
-		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
-			refreshAuth.token = refresh_token;
-		}
-		let auth;
-		try {
-			auth = await refreshAuth.toAuth();
-			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
-		} catch (error) {
-			throw error;
-		}
-		return response.send(auth)
-	}
-
-	@Post("/reset")
-	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
-	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
-	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
-	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
-	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
-		const reset_token: String = await passwordReset.toResetToken();
-		await this.mailer.sendResetMail(passwordReset.email, reset_token);
-		return new ResponseEmpty();
-	}
-
-	@Post("/reset/:token")
-	@ResponseSchema(ResponseAuth)
-	@ResponseSchema(UserNotFoundError)
-	@ResponseSchema(UsernameOrEmailNeededError)
-	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
-	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
-		passwordReset.resetToken = token;
-		return await passwordReset.resetPassword();
-	}
-}
+import { Body, CookieParam, JsonController, Param, Post, Req, Res } from 'routing-controllers';
+import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
+import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
+import { UserNotFoundError } from '../errors/UserErrors';
+import { Mailer } from '../mailer';
+import { CreateAuth } from '../models/actions/create/CreateAuth';
+import { CreateResetToken } from '../models/actions/create/CreateResetToken';
+import { HandleLogout } from '../models/actions/HandleLogout';
+import { RefreshAuth } from '../models/actions/RefreshAuth';
+import { ResetPassword } from '../models/actions/ResetPassword';
+import { ResponseAuth } from '../models/responses/ResponseAuth';
+import { ResponseEmpty } from '../models/responses/ResponseEmpty';
+import { Logout } from '../models/responses/ResponseLogout';
+
+@JsonController('/auth')
+export class AuthController {
+
+	private mailer: Mailer;
+
+	constructor() {
+		this.mailer = new Mailer();
+	}
+
+	@Post("/login")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Login with your username/email and password. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)' })
+	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
+		let auth;
+		try {
+			auth = await createAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			return response.send(auth)
+		} catch (error) {
+			throw error;
+		}
+	}
+
+	@Post("/logout")
+	@ResponseSchema(Logout)
+	@ResponseSchema(InvalidCredentialsError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@ResponseSchema(PasswordNeededError)
+	@ResponseSchema(InvalidCredentialsError)
+	@OpenAPI({ description: 'Logout using your refresh token. <br> This instantly invalidates all your access and refresh tokens.', security: [{ "RefreshTokenCookie": [] }] })
+	async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
+		if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
+			handleLogout.token = refresh_token;
+		}
+
+		let logout;
+		try {
+			logout = await handleLogout.logout()
+			await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(logout)
+	}
+
+	@Post("/refresh")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(JwtNotProvidedError)
+	@ResponseSchema(IllegalJWTError)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(RefreshTokenCountInvalidError)
+	@OpenAPI({ description: 'Refresh your access and refresh tokens using a valid refresh token. <br> You will receive: \n * access token (use it as a bearer token) \n * refresh token (will also be sent as a cookie)', security: [{ "RefreshTokenCookie": [] }] })
+	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Req() req: any) {
+		if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
+			refreshAuth.token = refresh_token;
+		}
+		let auth;
+		try {
+			auth = await refreshAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+		} catch (error) {
+			throw error;
+		}
+		return response.send(auth)
+	}
+
+	@Post("/reset")
+	@ResponseSchema(ResponseEmpty, { statusCode: 200 })
+	@ResponseSchema(UserNotFoundError, { statusCode: 404 })
+	@ResponseSchema(UsernameOrEmailNeededError, { statusCode: 406 })
+	@OpenAPI({ description: "Request a password reset token. <br> This will provide you with a reset token that you can use by posting to /api/auth/reset/{token}." })
+	async getResetToken(@Body({ validate: true }) passwordReset: CreateResetToken) {
+		const reset_token: string = await passwordReset.toResetToken();
+		await this.mailer.sendResetMail(passwordReset.email, reset_token);
+		return new ResponseEmpty();
+	}
+
+	@Post("/reset/:token")
+	@ResponseSchema(ResponseAuth)
+	@ResponseSchema(UserNotFoundError)
+	@ResponseSchema(UsernameOrEmailNeededError)
+	@OpenAPI({ description: "Reset a user's utilising a valid password reset token. <br> This will set the user's password to the one you provided in the body. <br> To get a reset token post to /api/auth/reset with your username." })
+	async resetPassword(@Param("token") token: string, @Body({ validate: true }) passwordReset: ResetPassword) {
+		passwordReset.resetToken = token;
+		return await passwordReset.resetPassword();
+	}
+}

src/controllers/RunnerController.ts

@@ -32,7 +32,7 @@ export class RunnerController {
 	@OpenAPI({ description: 'Lists all runners from all teams/orgs. <br> This includes the runner\'s group and distance ran.' })
 	async getAll() {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const runners = await this.runnerRepository.find({ relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});
@@ -46,7 +46,7 @@ export class RunnerController {
 	@OnUndefined(RunnerNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the runner whose id got provided.' })
 	async getOne(@Param('id') id: number) {
-		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] })
+		let runner = await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] })
 		if (!runner) { throw new RunnerNotFoundError(); }
 		return new ResponseRunner(runner);
 	}
@@ -91,7 +91,7 @@ export class RunnerController {
 		}
 
 		runner = await this.runnerRepository.save(runner)
-		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}
 
 	@Put('/:id')
@@ -112,7 +112,7 @@ export class RunnerController {
 		}
 
 		await this.runnerRepository.save(await runner.update(oldRunner));
-		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'scans.track', 'cards'] }));
+		return new ResponseRunner(await this.runnerRepository.findOne({ id: id }, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] }));
 	}
 
 	@Delete('/:id')
@@ -125,7 +125,7 @@ export class RunnerController {
 	async remove(@Param("id") id: number, @QueryParam("force") force: boolean) {
 		let runner = await this.runnerRepository.findOne({ id: id });
 		if (!runner) { return null; }
-		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'scans.track', 'cards'] });
+		const responseRunner = await this.runnerRepository.findOne(runner, { relations: ['scans', 'group', 'group.parentGroup', 'scans.track', 'cards'] });
 
 		if (!runner) {
 			throw new RunnerNotFoundError();

src/controllers/RunnerOrganizationController.ts

@@ -58,8 +58,8 @@ export class RunnerOrganizationController {
 	async getRunners(@Param('id') id: number, @QueryParam('onlyDirect') onlyDirect: boolean) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
 		let runners: Runner[];
-		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
-		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners; }
+		if (!onlyDirect) { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track', 'teams', 'teams.runners', 'teams.runners.group', 'teams.runners.group.parentGroup', 'teams.runners.scans', 'teams.runners.scans.track'] })).allRunners; }
+		else { runners = (await this.runnerOrganizationRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners; }
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});

src/controllers/RunnerTeamController.ts

@@ -55,7 +55,7 @@ export class RunnerTeamController {
 	@OpenAPI({ description: 'Lists all runners from this team. <br> This includes the runner\'s group and distance ran.' })
 	async getRunners(@Param('id') id: number) {
 		let responseRunners: ResponseRunner[] = new Array<ResponseRunner>();
-		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.scans', 'runners.scans.track'] })).runners;
+		const runners = (await this.runnerTeamRepository.findOne({ id: id }, { relations: ['runners', 'runners.group', 'runners.group.parentGroup', 'runners.scans', 'runners.scans.track'] })).runners;
 		runners.forEach(runner => {
 			responseRunners.push(new ResponseRunner(runner));
 		});

src/controllers/UserGroupController.ts

@@ -8,6 +8,7 @@ import { UpdateUserGroup } from '../models/actions/update/UpdateUserGroup';
 import { UserGroup } from '../models/entities/UserGroup';
 import { ResponseEmpty } from '../models/responses/ResponseEmpty';
 import { ResponseUserGroup } from '../models/responses/ResponseUserGroup';
+import { ResponseUserGroupPermissions } from '../models/responses/ResponseUserGroupPermissions';
 import { PermissionController } from './PermissionController';
 
 
@@ -25,20 +26,37 @@ export class UserGroupController {
 
 	@Get()
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup, { isArray: true })
+	@ResponseSchema(ResponseUserGroup, { isArray: true })
 	@OpenAPI({ description: 'Lists all groups. <br> The information provided might change while the project continues to evolve.' })
-	getAll() {
-		return this.userGroupsRepository.find({ relations: ["permissions"] });
+	async getAll() {
+		let responseGroups: ResponseUserGroup[] = new Array<ResponseUserGroup>();
+		const groups = await this.userGroupsRepository.find({ relations: ['permissions'] });
+		groups.forEach(group => {
+			responseGroups.push(group.toResponse());
+		});
+		return responseGroups;
 	}
 
 	@Get('/:id')
 	@Authorized("USERGROUP:GET")
-	@ResponseSchema(UserGroup)
+	@ResponseSchema(ResponseUserGroup)
 	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
 	@OnUndefined(UserGroupNotFoundError)
 	@OpenAPI({ description: 'Lists all information about the group whose id got provided. <br> The information provided might change while the project continues to evolve.' })
-	getOne(@Param('id') id: number) {
-		return this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] });
+	async getOne(@Param('id') id: number) {
+		return await (await (this.userGroupsRepository.findOne({ id: id }, { relations: ["permissions"] }))).toResponse();
+	}
+
+	@Get('/:id/permissions')
+	@Authorized("USERGROUP:GET")
+	@ResponseSchema(ResponseUserGroupPermissions)
+	@ResponseSchema(UserGroupNotFoundError, { statusCode: 404 })
+	@OnUndefined(UserGroupNotFoundError)
+	@OpenAPI({ description: 'Lists all permissions granted to the group as permission response objects.' })
+	async getPermissions(@Param('id') id: number) {
+		let group = await this.userGroupsRepository.findOne({ id: id }, { relations: ['permissions', 'permissions.principal'] })
+		if (!group) { throw new UserGroupNotFoundError(); }
+		return new ResponseUserGroupPermissions(group);
 	}
 
 	@Post()
@@ -54,7 +72,8 @@ export class UserGroupController {
 			throw error;
 		}
 
-		return this.userGroupsRepository.save(userGroup);
+		userGroup = await this.userGroupsRepository.save(userGroup);
+		return (await (this.userGroupsRepository.findOne({ id: userGroup.id }, { relations: ["permissions"] }))).toResponse();
 	}
 
 	@Put('/:id')

src/mailer.ts

@@ -38,8 +38,8 @@ export class Mailer {
      * @param to_address The address the mail will be sent to. Should always get pulled from a user object.
      * @param token The requested password reset token - will be combined with the app_url to generate a password reset link.
      */
-    public async sendResetMail(to_address: string, token: String) {
-        const reset_link = `${config.app_url}/reset/${token}`
+    public async sendResetMail(to_address: string, token: string) {
+        const reset_link = `${config.app_url}/reset/${(Buffer.from(token)).toString("base64")}`
         const body_html = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
         const body_txt = fs.readFileSync(__dirname + '/static/mail_templates/pw-reset.html', { encoding: 'utf8' }).replace("{{reset_link}}", reset_link).replace("{{recipient_mail}}", to_address).replace("{{copyright_owner}}", "LfK!").replace("{{link_imprint}}", `${config.app_url}/imprint`).replace("{{link_privacy}}", `${config.app_url}/privacy`);
 

src/models/actions/create/CreateResetToken.ts

@@ -23,7 +23,7 @@ export class CreateResetToken {
     /**
      * Create a password reset token based on this.
      */
-    public async toResetToken(): Promise<any> {
+    public async toResetToken(): Promise<string> {
         if (!this.email) {
             throw new UserEmailNeededError();
         }
@@ -37,7 +37,7 @@ export class CreateResetToken {
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         //Create the reset token
-        let reset_token = JwtCreator.createReset(found_user);
+        let reset_token: string = JwtCreator.createReset(found_user);
 
         return reset_token;
     }

src/models/responses/ResponseUserGroup.ts

@@ -2,7 +2,6 @@ import { IsArray, IsNotEmpty, IsOptional, IsString } from "class-validator";
 import { UserGroup } from '../entities/UserGroup';
 import { ResponseObjectType } from '../enums/ResponseObjectType';
 import { IResponse } from './IResponse';
-import { ResponsePermission } from './ResponsePermission';
 import { ResponsePrincipal } from './ResponsePrincipal';
 
 /**
@@ -34,7 +33,7 @@ export class ResponseUserGroup extends ResponsePrincipal implements IResponse {
      */
     @IsArray()
     @IsOptional()
-    permissions: ResponsePermission[];
+    permissions: string[] = new Array<string>();
 
     /**
      * Creates a ResponseUserGroup object from a userGroup.
@@ -46,7 +45,7 @@ export class ResponseUserGroup extends ResponsePrincipal implements IResponse {
         this.description = group.description;
         if (group.permissions) {
             for (let permission of group.permissions) {
-                this.permissions.push(permission.toResponse());
+                this.permissions.push(permission.toString());
             }
         }
     }

src/models/responses/ResponseUserGroupPermissions.ts

@@ -0,0 +1,43 @@
+import {
+    IsArray,
+    IsOptional
+} from "class-validator";
+import { UserGroup } from '../entities/UserGroup';
+import { ResponseObjectType } from '../enums/ResponseObjectType';
+import { IResponse } from './IResponse';
+import { ResponsePermission } from './ResponsePermission';
+
+/**
+ * Defines the group permission response (get /api/groups/:id/permissions).
+*/
+export class ResponseUserGroupPermissions implements IResponse {
+    /**
+    * The responseType.
+    * This contains the type of class/entity this response contains.
+    */
+    responseType: ResponseObjectType = ResponseObjectType.USERPERMISSIONS;
+
+    /**
+     * The permissions directly granted to the group.
+     */
+    @IsArray()
+    @IsOptional()
+    directlyGranted: ResponsePermission[] = new Array<ResponsePermission>();
+
+    /**
+     * Is just here for compatability.
+     */
+    @IsArray()
+    @IsOptional()
+    inherited: ResponsePermission[] = new Array<ResponsePermission>();
+
+    /**
+     * Creates a ResponseUserPermissions object from a group.
+     * @param group The group the response shall be build for.
+     */
+    public constructor(group: UserGroup) {
+        for (let permission of group.permissions) {
+            this.directlyGranted.push(permission.toResponse());
+        }
+    }
+}