jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

add manage user permission

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-02-13 22:06:54 -08:00
parent 11b5304cb9
commit c537dfabb2
17 changed files with 139 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server.js
+11 -10
View File
@@ -79,7 +79,8 @@ function initializeExpressSync() {
// to keep routes code short
const password = routes.accesscontrol.passwordAuth;
const token = routes.accesscontrol.tokenAuth;
const authorizeAdmin = routes.accesscontrol.authorize(accesscontrol.ROLE_ADMIN);
const authorizeAdmin = routes.accesscontrol.authorize(accesscontrol.PERMISSION_ADMIN);
const authorizeUserManager = routes.accesscontrol.authorize(accesscontrol.PERMISSION_MANAGE_USERS);
// public routes
router.post('/api/v1/cloudron/setup', routes.provision.providerTokenAuth, routes.provision.setup); // only available until no-domain
@@ -161,15 +162,15 @@ function initializeExpressSync() {
router.del ('/api/v1/tokens/:id', token, routes.tokens.verifyOwnership, routes.tokens.del);
// user routes
router.get ('/api/v1/users', token, authorizeAdmin, routes.users.list);
router.post('/api/v1/users', token, authorizeAdmin, routes.users.create);
router.get ('/api/v1/users/:userId', token, authorizeAdmin, routes.users.load, routes.users.get); // this is manage scope because it returns non-restricted fields
router.del ('/api/v1/users/:userId', token, authorizeAdmin, routes.users.load, routes.users.remove);
router.post('/api/v1/users/:userId', token, authorizeAdmin, routes.users.load, routes.users.update);
router.post('/api/v1/users/:userId/password', token, authorizeAdmin, routes.users.load, routes.users.changePassword);
router.put ('/api/v1/users/:userId/groups', token, authorizeAdmin, routes.users.load, routes.users.setGroups);
router.post('/api/v1/users/:userId/send_invite', token, authorizeAdmin, routes.users.load, routes.users.sendInvite);
router.post('/api/v1/users/:userId/create_invite', token, authorizeAdmin,routes.users.load, routes.users.createInvite);
router.get ('/api/v1/users', token, authorizeUserManager, routes.users.list);
router.post('/api/v1/users', token, authorizeUserManager, routes.users.create);
router.get ('/api/v1/users/:userId', token, authorizeUserManager, routes.users.load, routes.users.get); // this is manage scope because it returns non-restricted fields
router.del ('/api/v1/users/:userId', token, authorizeUserManager, routes.users.load, routes.users.remove);
router.post('/api/v1/users/:userId', token, authorizeUserManager, routes.users.load, routes.users.update);
router.post('/api/v1/users/:userId/password', token, authorizeUserManager, routes.users.load, routes.users.changePassword);
router.put ('/api/v1/users/:userId/groups', token, authorizeUserManager, routes.users.load, routes.users.setGroups);
router.post('/api/v1/users/:userId/send_invite', token, authorizeUserManager, routes.users.load, routes.users.sendInvite);
router.post('/api/v1/users/:userId/create_invite', token, authorizeUserManager, routes.users.load, routes.users.createInvite);
// Group management
router.get ('/api/v1/groups', token, authorizeAdmin, routes.groups.list);