131 lines
3.6 KiB
JavaScript
131 lines
3.6 KiB
JavaScript
const { Controller } = require('libflitter')
|
|
|
|
class VaultController extends Controller {
|
|
static get services() {
|
|
return [...super.services, 'models']
|
|
}
|
|
|
|
async get_vaults(req, res, next) {
|
|
const Policy = this.models.get('iam:Policy')
|
|
const Vault = this.models.get('vault:Vault')
|
|
|
|
await Vault.for_user(req.user)
|
|
|
|
const vaults = await Vault.find({ active: true })
|
|
console.log('found vaults', vaults)
|
|
|
|
const accessible = []
|
|
for ( const vault of vaults ) {
|
|
if ( await Policy.check_user_access(req.user, vault.id, 'view') ) {
|
|
accessible.push(await vault.to_api())
|
|
}
|
|
}
|
|
|
|
return res.api(accessible)
|
|
}
|
|
|
|
async get_vault(req, res, next) {
|
|
const Policy = this.models.get('iam:Policy')
|
|
const Vault = this.models.get('vault:Vault')
|
|
|
|
const vault = await Vault.findById(req.params.id)
|
|
if ( !vault?.active ) {
|
|
return res.status(404)
|
|
.message(req.T('api.vault_not_found'))
|
|
.api()
|
|
}
|
|
|
|
if ( !(await Policy.check_user_access(req.user, vault.id, 'view')) ) {
|
|
return res.status(401)
|
|
.message(req.T('api.insufficient_permissions'))
|
|
.api()
|
|
}
|
|
|
|
return res.api(await vault.to_api())
|
|
}
|
|
|
|
async create_vault(req, res, next) {
|
|
const Policy = this.models.get('iam:Policy')
|
|
const Vault = this.models.get('vault:Vault')
|
|
|
|
if ( !req.body.name ) {
|
|
return res.status(400)
|
|
.message(`${req.T('api.missing_field')} name`)
|
|
.api()
|
|
}
|
|
|
|
const vault = new Vault({
|
|
name: req.body.name
|
|
})
|
|
|
|
await vault.save()
|
|
await vault.grant_default(req.user)
|
|
|
|
return res.api(await vault.to_api())
|
|
}
|
|
|
|
async update_vault(req, res, next) {
|
|
const Policy = this.models.get('iam:Policy')
|
|
const Vault = this.models.get('vault:Vault')
|
|
|
|
if ( !req.body.name ) {
|
|
return res.status(400)
|
|
.message(`${req.T('api.missing_field')} name`)
|
|
.api()
|
|
}
|
|
|
|
const vault = await Vault.findById(req.params.id)
|
|
if ( !vault?.active ) {
|
|
return res.status(404)
|
|
.message(req.T('api.vault_not_found'))
|
|
.api()
|
|
}
|
|
|
|
if ( !(await Policy.check_user_access(req.user, vault.id, 'update')) ) {
|
|
return res.status(401)
|
|
.message(req.T('api.insufficient_permissions'))
|
|
.api()
|
|
}
|
|
|
|
vault.name = req.body.name
|
|
await vault.save()
|
|
return res.api(await vault.to_api())
|
|
}
|
|
|
|
async delete_vault(req, res, next) {
|
|
const Policy = this.models.get('iam:Policy')
|
|
const Vault = this.models.get('vault:Vault')
|
|
|
|
const vault = await Vault.findById(req.params.id)
|
|
if ( !vault?.active ) {
|
|
return res.status(404)
|
|
.message(req.T('api.vault_not_found'))
|
|
.api()
|
|
}
|
|
|
|
if ( !(await Policy.check_user_access(req.user, vault.id, 'delete')) ) {
|
|
return res.status(401)
|
|
.message(req.T('api.insufficient_permissions'))
|
|
.api()
|
|
}
|
|
|
|
vault.active = false
|
|
await vault.save()
|
|
|
|
const policies = await Policy.find({
|
|
active: true,
|
|
target_type: 'vault',
|
|
target_id: vault.id,
|
|
})
|
|
|
|
for ( const policy of policies ) {
|
|
policy.active = false
|
|
await policy.save()
|
|
}
|
|
|
|
return res.api()
|
|
}
|
|
}
|
|
|
|
module.exports = exports = VaultController
|