const { Controller } = require('libflitter') class VaultController extends Controller { static get services() { return [...super.services, 'models'] } async get_vaults(req, res, next) { const Policy = this.models.get('iam:Policy') const Vault = this.models.get('vault:Vault') await Vault.for_user(req.user) const vaults = await Vault.find({ active: true }) console.log('found vaults', vaults) const accessible = [] for ( const vault of vaults ) { if ( await Policy.check_user_access(req.user, vault.id, 'view') ) { accessible.push(await vault.to_api()) } } return res.api(accessible) } async get_vault(req, res, next) { const Policy = this.models.get('iam:Policy') const Vault = this.models.get('vault:Vault') const vault = await Vault.findById(req.params.id) if ( !vault?.active ) { return res.status(404) .message(req.T('api.vault_not_found')) .api() } if ( !(await Policy.check_user_access(req.user, vault.id, 'view')) ) { return res.status(401) .message(req.T('api.insufficient_permissions')) .api() } return res.api(await vault.to_api()) } async create_vault(req, res, next) { const Policy = this.models.get('iam:Policy') const Vault = this.models.get('vault:Vault') if ( !req.body.name ) { return res.status(400) .message(`${req.T('api.missing_field')} name`) .api() } const vault = new Vault({ name: req.body.name }) await vault.save() await vault.grant_default(req.user) return res.api(await vault.to_api()) } async update_vault(req, res, next) { const Policy = this.models.get('iam:Policy') const Vault = this.models.get('vault:Vault') if ( !req.body.name ) { return res.status(400) .message(`${req.T('api.missing_field')} name`) .api() } const vault = await Vault.findById(req.params.id) if ( !vault?.active ) { return res.status(404) .message(req.T('api.vault_not_found')) .api() } if ( !(await Policy.check_user_access(req.user, vault.id, 'update')) ) { return res.status(401) .message(req.T('api.insufficient_permissions')) .api() } vault.name = req.body.name await vault.save() return res.api(await vault.to_api()) } async delete_vault(req, res, next) { const Policy = this.models.get('iam:Policy') const Vault = this.models.get('vault:Vault') const vault = await Vault.findById(req.params.id) if ( !vault?.active ) { return res.status(404) .message(req.T('api.vault_not_found')) .api() } if ( !(await Policy.check_user_access(req.user, vault.id, 'delete')) ) { return res.status(401) .message(req.T('api.insufficient_permissions')) .api() } vault.active = false await vault.save() const policies = await Policy.find({ active: true, target_type: 'vault', target_id: vault.id, }) for ( const policy of policies ) { policy.active = false await policy.save() } return res.api() } } module.exports = exports = VaultController