remove ROLE_USER
every authenticated user has ROLE_USER. So, this role is superfluous
This commit is contained in:
Girish Ramakrishnan
@@ -80,7 +80,6 @@ function initializeExpressSync() {
|
||||
const password = routes.accesscontrol.passwordAuth;
|
||||
const token = routes.accesscontrol.tokenAuth;
|
||||
const authorizeAdmin = routes.accesscontrol.authorize(accesscontrol.ROLE_ADMIN);
|
||||
const authorizeUser = routes.accesscontrol.authorize(accesscontrol.ROLE_USER);
|
||||
|
||||
// public routes
|
||||
router.post('/api/v1/cloudron/setup', routes.provision.providerTokenAuth, routes.provision.setup); // only available until no-domain
|
||||
@@ -127,9 +126,9 @@ function initializeExpressSync() {
|
||||
router.post('/api/v1/tasks/:taskId/stop', token, authorizeAdmin, routes.tasks.stopTask);
|
||||
|
||||
// notifications
|
||||
router.get ('/api/v1/notifications', token, authorizeUser, routes.notifications.verifyOwnership, routes.notifications.list);
|
||||
router.get ('/api/v1/notifications/:notificationId', token, authorizeUser, routes.notifications.verifyOwnership, routes.notifications.get);
|
||||
router.post('/api/v1/notifications/:notificationId', token, authorizeUser, routes.notifications.verifyOwnership, routes.notifications.ack);
|
||||
router.get ('/api/v1/notifications', token, routes.notifications.verifyOwnership, routes.notifications.list);
|
||||
router.get ('/api/v1/notifications/:notificationId', token, routes.notifications.verifyOwnership, routes.notifications.get);
|
||||
router.post('/api/v1/notifications/:notificationId', token, routes.notifications.verifyOwnership, routes.notifications.ack);
|
||||
|
||||
// backups
|
||||
router.get ('/api/v1/backups', token, authorizeAdmin, routes.backups.list);
|
||||
@@ -137,29 +136,29 @@ function initializeExpressSync() {
|
||||
router.post('/api/v1/backups/cleanup', token, authorizeAdmin, routes.backups.cleanup);
|
||||
|
||||
// config route (for dashboard)
|
||||
router.get ('/api/v1/config', token, authorizeUser, routes.cloudron.getConfig);
|
||||
router.get ('/api/v1/config', token, routes.cloudron.getConfig);
|
||||
|
||||
// working off the user behind the provided token
|
||||
router.get ('/api/v1/profile', token, authorizeUser, routes.profile.get);
|
||||
router.post('/api/v1/profile', token, authorizeUser, routes.profile.update);
|
||||
router.get ('/api/v1/profile', token, routes.profile.get);
|
||||
router.post('/api/v1/profile', token, routes.profile.update);
|
||||
router.get ('/api/v1/profile/avatar/:identifier', routes.profile.getAvatar); // this is not scoped so it can used directly in img tag
|
||||
router.post('/api/v1/profile/avatar', token, authorizeUser, multipart, routes.profile.setAvatar);
|
||||
router.del ('/api/v1/profile/avatar', token, authorizeUser, routes.profile.clearAvatar);
|
||||
router.post('/api/v1/profile/password', token, authorizeUser, routes.users.verifyPassword, routes.profile.changePassword);
|
||||
router.post('/api/v1/profile/twofactorauthentication', token, authorizeUser, routes.profile.setTwoFactorAuthenticationSecret);
|
||||
router.post('/api/v1/profile/twofactorauthentication/enable', token, authorizeUser, routes.profile.enableTwoFactorAuthentication);
|
||||
router.post('/api/v1/profile/twofactorauthentication/disable', token, authorizeUser, routes.users.verifyPassword, routes.profile.disableTwoFactorAuthentication);
|
||||
router.post('/api/v1/profile/avatar', token, multipart, routes.profile.setAvatar);
|
||||
router.del ('/api/v1/profile/avatar', token, routes.profile.clearAvatar);
|
||||
router.post('/api/v1/profile/password', token, routes.users.verifyPassword, routes.profile.changePassword);
|
||||
router.post('/api/v1/profile/twofactorauthentication', token, routes.profile.setTwoFactorAuthenticationSecret);
|
||||
router.post('/api/v1/profile/twofactorauthentication/enable', token, routes.profile.enableTwoFactorAuthentication);
|
||||
router.post('/api/v1/profile/twofactorauthentication/disable', token, routes.users.verifyPassword, routes.profile.disableTwoFactorAuthentication);
|
||||
|
||||
router.get ('/api/v1/app_passwords', token, authorizeUser, routes.appPasswords.list);
|
||||
router.post('/api/v1/app_passwords', token, authorizeUser, routes.appPasswords.add);
|
||||
router.get ('/api/v1/app_passwords/:id', token, authorizeUser, routes.appPasswords.get);
|
||||
router.del ('/api/v1/app_passwords/:id', token, authorizeUser, routes.appPasswords.del);
|
||||
router.get ('/api/v1/app_passwords', token, routes.appPasswords.list);
|
||||
router.post('/api/v1/app_passwords', token, routes.appPasswords.add);
|
||||
router.get ('/api/v1/app_passwords/:id', token, routes.appPasswords.get);
|
||||
router.del ('/api/v1/app_passwords/:id', token, routes.appPasswords.del);
|
||||
|
||||
// access tokens
|
||||
router.get ('/api/v1/tokens', token, authorizeUser, routes.tokens.getAll);
|
||||
router.post('/api/v1/tokens', token, authorizeUser, routes.tokens.add);
|
||||
router.get ('/api/v1/tokens/:id', token, authorizeUser, routes.tokens.verifyOwnership, routes.tokens.get);
|
||||
router.del ('/api/v1/tokens/:id', token, authorizeUser, routes.tokens.verifyOwnership, routes.tokens.del);
|
||||
router.get ('/api/v1/tokens', token, routes.tokens.getAll);
|
||||
router.post('/api/v1/tokens', token, routes.tokens.add);
|
||||
router.get ('/api/v1/tokens/:id', token, routes.tokens.verifyOwnership, routes.tokens.get);
|
||||
router.del ('/api/v1/tokens/:id', token, routes.tokens.verifyOwnership, routes.tokens.del);
|
||||
|
||||
// user routes
|
||||
router.get ('/api/v1/users', token, authorizeAdmin, routes.users.list);
|
||||
@@ -188,9 +187,9 @@ function initializeExpressSync() {
|
||||
router.get ('/api/v1/appstore/apps/:appstoreId/versions/:versionId', token, authorizeAdmin, routes.appstore.getAppVersion);
|
||||
|
||||
// app routes
|
||||
router.get ('/api/v1/apps', token, authorizeUser, routes.apps.getApps);
|
||||
router.get ('/api/v1/apps', token, routes.apps.getApps);
|
||||
router.get ('/api/v1/apps/:id', token, authorizeAdmin, routes.apps.getApp);
|
||||
router.get ('/api/v1/apps/:id/icon', token, authorizeUser, routes.apps.getAppIcon);
|
||||
router.get ('/api/v1/apps/:id/icon', token, routes.apps.getAppIcon);
|
||||
|
||||
router.post('/api/v1/apps/install', token, authorizeAdmin, routes.apps.installApp);
|
||||
router.post('/api/v1/apps/:id/uninstall', token, authorizeAdmin, routes.apps.uninstallApp);
|
||||
@@ -269,7 +268,7 @@ function initializeExpressSync() {
|
||||
|
||||
// domain routes
|
||||
router.post('/api/v1/domains', token, authorizeAdmin, routes.domains.add);
|
||||
router.get ('/api/v1/domains', token, authorizeUser, routes.domains.getAll);
|
||||
router.get ('/api/v1/domains', token, routes.domains.getAll);
|
||||
router.get ('/api/v1/domains/:domain', token, authorizeAdmin, routes.domains.get); // this is manage scope because it returns non-restricted fields
|
||||
router.put ('/api/v1/domains/:domain', token, authorizeAdmin, routes.domains.update);
|
||||
router.del ('/api/v1/domains/:domain', token, authorizeAdmin, routes.domains.del);
|
||||
|
||||
Reference in New Issue
Block a user