Added POST /users/{user}/permissions
This commit is contained in:
parent
706011edd6
commit
ff41604aa2
|
@ -41,4 +41,33 @@ class Permissions
|
||||||
'results' => $results
|
'results' => $results
|
||||||
], 200);
|
], 200);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function postNew(Request $req, Response $res, array $args)
|
||||||
|
{
|
||||||
|
$ac = new \Operations\AccessControl($this->c);
|
||||||
|
if (!$ac->isAdmin($req->getAttribute('userId'))) {
|
||||||
|
$this->logger->info('Non admin user tries to add permissions');
|
||||||
|
return $res->withJson(['error' => 'You must be admin to use this feature'], 403);
|
||||||
|
}
|
||||||
|
|
||||||
|
$body = $req->getParsedBody();
|
||||||
|
|
||||||
|
if (!array_key_exists('domainId', $body)) {
|
||||||
|
$this->logger->debug('One of the required fields is missing');
|
||||||
|
return $res->withJson(['error' => 'One of the required fields is missing'], 422);
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = intval($args['user']);
|
||||||
|
|
||||||
|
$permissions = new \Operations\Permissions($this->c);
|
||||||
|
|
||||||
|
try {
|
||||||
|
$permissions->addPermission($user, $body['domainId']);
|
||||||
|
|
||||||
|
$this->logger->info('Permission was added:', ['by' => $req->getAttribute('userId'), 'user' => $user, 'domain' => $body['domainId']]);
|
||||||
|
return $res->withStatus(204);
|
||||||
|
} catch (\Exceptions\NotFoundException $e) {
|
||||||
|
return $res->withJson(['error' => 'Either domain or user were not found'], 404);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,4 +65,46 @@ class Permissions
|
||||||
|
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a new permission
|
||||||
|
*
|
||||||
|
* @param $userId User id
|
||||||
|
* @param $domainId Domain for which access should be granted
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function addPermission(int $userId, int $domainId) : void
|
||||||
|
{
|
||||||
|
$this->db->beginTransaction();
|
||||||
|
|
||||||
|
$query = $this->db->prepare('SELECT id FROM users WHERE id=:userId');
|
||||||
|
$query->bindValue(':userId', $userId, \PDO::PARAM_INT);
|
||||||
|
$query->execute();
|
||||||
|
if ($query->fetch() === false) {
|
||||||
|
$this->db->rollBack();
|
||||||
|
throw new \Exceptions\NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$query = $this->db->prepare('SELECT id FROM domains WHERE id=:domainId');
|
||||||
|
$query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
|
||||||
|
$query->execute();
|
||||||
|
if ($query->fetch() === false) {
|
||||||
|
$this->db->rollBack();
|
||||||
|
throw new \Exceptions\NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$query = $this->db->prepare('SELECT * FROM permissions WHERE domain_id=:domainId AND user_id=:userId');
|
||||||
|
$query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
|
||||||
|
$query->bindValue(':userId', $userId, \PDO::PARAM_INT);
|
||||||
|
$query->execute();
|
||||||
|
if ($query->fetch() === false) {
|
||||||
|
$query = $this->db->prepare('INSERT INTO permissions (domain_id,user_id) VALUES (:domainId, :userId)');
|
||||||
|
$query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
|
||||||
|
$query->bindValue(':userId', $userId, \PDO::PARAM_INT);
|
||||||
|
$query->execute();
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->db->commit();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,6 +49,7 @@ $app->group('/v1', function () {
|
||||||
$this->put('/records/{recordId}/credentials/{credentialId}', '\Controllers\Credentials:put');
|
$this->put('/records/{recordId}/credentials/{credentialId}', '\Controllers\Credentials:put');
|
||||||
|
|
||||||
$this->get('/users/{user}/permissions', '\Controllers\Permissions:getList');
|
$this->get('/users/{user}/permissions', '\Controllers\Permissions:getList');
|
||||||
|
$this->post('/users/{user}/permissions', '\Controllers\Permissions:postNew');
|
||||||
})->add('\Middlewares\Authentication');
|
})->add('\Middlewares\Authentication');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,39 @@ test.run(async function () {
|
||||||
}
|
}
|
||||||
], 'Get permissions result fail');
|
], 'Get permissions result fail');
|
||||||
|
|
||||||
|
//Add permission with missing field
|
||||||
|
var res = await req({
|
||||||
|
url: '/users/2/permissions',
|
||||||
|
method: 'post',
|
||||||
|
data: {
|
||||||
|
foo: 100
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
assert.equal(res.status, 422, 'Add of permission should fail for missing field.');
|
||||||
|
|
||||||
|
//Add permission which exists
|
||||||
|
var res = await req({
|
||||||
|
url: '/users/2/permissions',
|
||||||
|
method: 'post',
|
||||||
|
data: {
|
||||||
|
domainId: 1
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
assert.equal(res.status, 204, 'Add of permission should succeed for existing permission.');
|
||||||
|
|
||||||
|
//Add permission which does not exist
|
||||||
|
var res = await req({
|
||||||
|
url: '/users/2/permissions',
|
||||||
|
method: 'post',
|
||||||
|
data: {
|
||||||
|
domainId: 3
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
assert.equal(res.status, 204, 'Add of permission should succeed for not existing permission.');
|
||||||
|
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -43,5 +76,15 @@ test.run(async function () {
|
||||||
});
|
});
|
||||||
|
|
||||||
assert.equal(res.status, 403, 'Get of permissions should fail for user.');
|
assert.equal(res.status, 403, 'Get of permissions should fail for user.');
|
||||||
|
|
||||||
|
var res = await req({
|
||||||
|
url: '/users/2/permissions',
|
||||||
|
method: 'post',
|
||||||
|
data: {
|
||||||
|
domainId: 100
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
assert.equal(res.status, 403, 'Add of permission should fail for user.');
|
||||||
});
|
});
|
||||||
});
|
});
|
Loading…
Reference in a new issue