pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-05 18:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add actions check to all endpoints

Browse Source
This commit is contained in:
Owen Schwartz
2024-10-06 16:43:59 -04:00
parent 20db6d450c
commit 81017139c5
25 changed files with 232 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/routers/user/deleteUser.ts
View File

@@ -6,6 +6,7 @@ import { eq } from 'drizzle-orm';
import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
const deleteUserSchema = z.object({
userId: z.string().uuid()
@@ -25,6 +26,12 @@ export async function deleteUser(req: Request, res: Response, next: NextFunction
const { userId } = parsedParams.data;
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.deleteUser, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
}
const deletedUser = await db.delete(users)
.where(eq(users.id, userId))
.returning();

7
server/routers/user/getUser.ts
View File

@@ -6,6 +6,7 @@ import { eq } from 'drizzle-orm';
import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
const getUserSchema = z.object({
userId: z.string().uuid()
@@ -25,6 +26,12 @@ export async function getUser(req: Request, res: Response, next: NextFunction):
const { userId } = parsedParams.data;
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.getUser, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
}
const user = await db.select()
.from(users)
.where(eq(users.id, userId))

7
server/routers/user/listUsers.ts
View File

@@ -6,6 +6,7 @@ import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import { sql } from 'drizzle-orm';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
const listUsersSchema = z.object({
limit: z.string().optional().transform(Number).pipe(z.number().int().positive().default(10)),
@@ -26,6 +27,12 @@ export async function listUsers(req: Request, res: Response, next: NextFunction)
const { limit, offset } = parsedQuery.data;
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.listUsers, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
}
const usersList = await db.select()
.from(users)
.limit(limit)