feat(server): add API to manage global rights doc

cheminfo · Dec 9, 2016 · badfc64 · badfc64
1 parent 1d0854a
commit badfc64
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 20 deletions.
diff --git a/src/couch/right.js b/src/couch/right.js
@@ -8,43 +8,62 @@ const util = require('./util');
 const nano = require('./nano');
 
 const methods = {
-    async editGlobalRight(type, user, action) {
+    async editGlobalRight(user, type, target, action) {
         await this.open();
+        if (!this.isAdmin(user)) {
+            throw new CouchError('Only administrators can change global rights', 'unauthorized');
+        }
         if (action !== 'add' && action !== 'remove') {
             throw new CouchError('Edit global right invalid action', 'bad argument');
         }
-        let e = checkGlobalTypeAndUser(type, user);
-        if (e) {
-            throw e;
-        }
+
+        checkGlobalType(type);
+        checkGlobalUser(target);
 
         const doc = await getGlobalRightsDocument(this);
+        let hasChanged = false;
         if (action === 'add') {
             if (!doc[type]) doc[type] = [];
-            if (doc[type].indexOf(user) === -1) {
-                doc[type].push(user);
+            if (!doc[type].includes(target)) {
+                doc[type].push(target);
+                hasChanged = true;
             }
         }
         if (action === 'remove') {
             if (doc[type]) {
-                const idx = doc[type].indexOf(user);
+                const idx = doc[type].indexOf(target);
                 if (idx !== -1) {
                     doc[type].splice(idx, 1);
+                    hasChanged = true;
                 }
             }
         }
 
-        return nanoPromise.insertDocument(this._db, doc);
+        if (hasChanged) {
+            return nanoPromise.insertDocument(this._db, doc);
+        } else {
+            return null;
+        }
+    },
+
+    addGlobalRight(user, type, target) {
+        debug(`addGlobalRight (${user}, ${type}, ${target})`);
+        return this.editGlobalRight(user, type, target, 'add');
     },
 
-    addGlobalRight(type, user) {
-        debug(`addGlobalRight (${type}, ${user})`);
-        return this.editGlobalRight(type, user, 'add');
+    removeGlobalRight(user, type, target) {
+        debug(`removeGlobalRight (${user}, ${type}, ${target})`);
+        return this.editGlobalRight(user, type, target, 'remove');
     },
 
-    removeGlobalRight(type, user) {
-        debug(`addGlobalRight (${type}, ${user})`);
-        return this.editGlobalRight(type, user, 'remove');
+    async getGlobalRightUsers(user, type) {
+        debug(`getGlobalRightUsers (${user}, ${type})`);
+        if (!this.isAdmin(user)) {
+            throw new CouchError('Only administrators can change global rights', 'unauthorized');
+        }
+        checkGlobalType(type);
+        const doc = await getGlobalRightsDocument(this);
+        return doc[type] || [];
     },
 
     /**
@@ -106,7 +125,7 @@ const methods = {
     },
 
     isAdmin(user) {
-        return this._administrators.includes(user);
+        return this._administrators.includes(user) || this.isSuperAdmin(user);
     },
 
     isSuperAdmin(user) {
@@ -126,14 +145,16 @@ async function getGlobalRightsDocument(couch) {
     return doc;
 }
 
-function checkGlobalTypeAndUser(type, user) {
+function checkGlobalType(type) {
     if (!util.isValidGlobalRightType(type)) {
-        return new CouchError('Invalid global right type', 'bad argument');
+        throw new CouchError('Invalid global right type', 'bad argument');
     }
+}
+
+function checkGlobalUser(user) {
     if (!util.isValidGlobalRightUser(user)) {
-        return new CouchError('Invalid global right user', 'bad argument');
+        throw new CouchError('Invalid global right user', 'bad argument');
     }
-    return null;
 }
 
 module.exports = {

diff --git a/src/server/middleware/couch.js b/src/server/middleware/couch.js
@@ -243,6 +243,18 @@ exports.getGlobalRights = composeWithError(function*() {
     this.body = yield this.state.couch.getGlobalRights(this.state.userEmail);
 });
 
+exports.getGlobalRightsDocUsers = composeWithError(function*() {
+    this.body = yield this.state.couch.getGlobalRightUsers(this.state.userEmail, this.params.right);
+});
+
+exports.addGlobalRightsDocUser = composeWithError(function*() {
+    this.body = yield this.state.couch.addGlobalRight(this.state.userEmail, this.params.right, this.params.user);
+});
+
+exports.removeGlobalRightsDocUser = composeWithError(function*() {
+    this.body = yield this.state.couch.removeGlobalRight(this.state.userEmail, this.params.right, this.params.user);
+});
+
 exports.createEntryToken = composeWithError(function*() {
     const token = yield this.state.couch.createEntryToken(this.state.userEmail, this.params.uuid);
     this.status = 201;

diff --git a/src/server/routes/api.js b/src/server/routes/api.js
@@ -76,6 +76,9 @@ router.delete('/:dbname/group/:name/_owner/:owner', getUuidFromGroupName, parseJ
 
 // Global rights
 router.get('/:dbname/rights', couch.getGlobalRights);
+router.get('/:dbname/rights/doc/:right', couch.getGlobalRightsDocUsers);
+router.put('/:dbname/rights/doc/:right/:user', couch.addGlobalRightsDocUser);
+router.delete('/:dbname/rights/doc/:right/:user', couch.removeGlobalRightsDocUser);
 
 // Tokens
 router.post('/:dbname/entry/:uuid/_token', couch.createEntryToken);