CoreID/app/controllers/api/v1/Vault.controller.js
garrettmills 3730ddc2f2
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing
Add basic logic for managing vaults
2021-04-15 15:34:13 -05:00

131 lines
3.6 KiB
JavaScript

const { Controller } = require('libflitter')
class VaultController extends Controller {
static get services() {
return [...super.services, 'models']
}
async get_vaults(req, res, next) {
const Policy = this.models.get('iam:Policy')
const Vault = this.models.get('vault:Vault')
await Vault.for_user(req.user)
const vaults = await Vault.find({ active: true })
console.log('found vaults', vaults)
const accessible = []
for ( const vault of vaults ) {
if ( await Policy.check_user_access(req.user, vault.id, 'view') ) {
accessible.push(await vault.to_api())
}
}
return res.api(accessible)
}
async get_vault(req, res, next) {
const Policy = this.models.get('iam:Policy')
const Vault = this.models.get('vault:Vault')
const vault = await Vault.findById(req.params.id)
if ( !vault?.active ) {
return res.status(404)
.message(req.T('api.vault_not_found'))
.api()
}
if ( !(await Policy.check_user_access(req.user, vault.id, 'view')) ) {
return res.status(401)
.message(req.T('api.insufficient_permissions'))
.api()
}
return res.api(await vault.to_api())
}
async create_vault(req, res, next) {
const Policy = this.models.get('iam:Policy')
const Vault = this.models.get('vault:Vault')
if ( !req.body.name ) {
return res.status(400)
.message(`${req.T('api.missing_field')} name`)
.api()
}
const vault = new Vault({
name: req.body.name
})
await vault.save()
await vault.grant_default(req.user)
return res.api(await vault.to_api())
}
async update_vault(req, res, next) {
const Policy = this.models.get('iam:Policy')
const Vault = this.models.get('vault:Vault')
if ( !req.body.name ) {
return res.status(400)
.message(`${req.T('api.missing_field')} name`)
.api()
}
const vault = await Vault.findById(req.params.id)
if ( !vault?.active ) {
return res.status(404)
.message(req.T('api.vault_not_found'))
.api()
}
if ( !(await Policy.check_user_access(req.user, vault.id, 'update')) ) {
return res.status(401)
.message(req.T('api.insufficient_permissions'))
.api()
}
vault.name = req.body.name
await vault.save()
return res.api(await vault.to_api())
}
async delete_vault(req, res, next) {
const Policy = this.models.get('iam:Policy')
const Vault = this.models.get('vault:Vault')
const vault = await Vault.findById(req.params.id)
if ( !vault?.active ) {
return res.status(404)
.message(req.T('api.vault_not_found'))
.api()
}
if ( !(await Policy.check_user_access(req.user, vault.id, 'delete')) ) {
return res.status(401)
.message(req.T('api.insufficient_permissions'))
.api()
}
vault.active = false
await vault.save()
const policies = await Policy.find({
active: true,
target_type: 'vault',
target_id: vault.id,
})
for ( const policy of policies ) {
policy.active = false
await policy.save()
}
return res.api()
}
}
module.exports = exports = VaultController