fixup! Add RESTful API endpoints for managing Groups members

src/app.js

@@ -300,22 +300,25 @@ app.routeAsync("/groups/:groupName")
   .getAsync(endpoints.static.sendGatsbyEntrypoint)
 ;
 
-app.routeAsync("/groups/:groupName/members")
+app.use("/groups/:groupName/settings",
+  endpoints.groups.setGroup(req => req.params.groupName));
+
+app.routeAsync("/groups/:groupName/settings/members")
   .getAsync(endpoints.groups.listMembers);
 
-app.routeAsync("/groups/:groupName/roles")
+app.routeAsync("/groups/:groupName/settings/roles")
   .getAsync(endpoints.groups.listRoles);
 
-app.routeAsync("/groups/:groupName/roles/:roleName/members")
+app.routeAsync("/groups/:groupName/settings/roles/:roleName/members")
   .getAsync(endpoints.groups.listRoleMembers);
 
-app.routeAsync("/groups/:groupName/roles/:roleName/members/:username")
+app.routeAsync("/groups/:groupName/settings/roles/:roleName/members/:username")
   .getAsync(endpoints.groups.getRoleMember)
   .putAsync(endpoints.groups.putRoleMember)
   .deleteAsync(endpoints.groups.deleteRoleMember)
 ;
 
-app.route(["/groups/:groupName/members/*", "/groups/:groupName/roles/*"])
+app.route("/groups/:groupName/settings/*")
   .all(() => { throw new NotFound(); });
 
 // Avoid matching "narratives" as a dataset name.

src/endpoints/groups.js

@@ -5,9 +5,18 @@ const {Group} = require("../groups");
 const {slurp} = require("../utils/iterators");
 
 
+const setGroup = (nameExtractor) => (req, res, next) => {
+  const group = new Group(nameExtractor(req));
+
+  authz.assertAuthorized(req.user, authz.actions.Read, group);
+
+  req.context.group = group;
+  return next();
+};
+
+
 const listMembers = async (req, res) => {
-  const {groupName} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
 
   authz.assertAuthorized(req.user, authz.actions.Read, group);
 
@@ -16,8 +25,7 @@ const listMembers = async (req, res) => {
 
 
 const listRoles = (req, res) => {
-  const {groupName} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
 
   authz.assertAuthorized(req.user, authz.actions.Read, group);
 
@@ -27,8 +35,8 @@ const listRoles = (req, res) => {
 
 
 const listRoleMembers = async (req, res) => {
-  const {groupName, roleName} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
+  const {roleName} = req.params;
 
   authz.assertAuthorized(req.user, authz.actions.Read, group);
 
@@ -37,8 +45,8 @@ const listRoleMembers = async (req, res) => {
 
 
 const getRoleMember = async (req, res) => {
-  const {groupName, roleName, username} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
+  const {roleName, username} = req.params;
 
   authz.assertAuthorized(req.user, authz.actions.Read, group);
 
@@ -53,8 +61,8 @@ const getRoleMember = async (req, res) => {
 
 
 const putRoleMember = async (req, res) => {
-  const {groupName, roleName, username} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
+  const {roleName, username} = req.params;
 
   authz.assertAuthorized(req.user, authz.actions.Write, group);
 
@@ -65,8 +73,8 @@ const putRoleMember = async (req, res) => {
 
 
 const deleteRoleMember = async (req, res) => {
-  const {groupName, roleName, username} = req.params;
-  const group = new Group(groupName);
+  const group = req.context.group;
+  const {roleName, username} = req.params;
 
   authz.assertAuthorized(req.user, authz.actions.Write, group);
 
@@ -77,6 +85,8 @@ const deleteRoleMember = async (req, res) => {
 
 
 module.exports = {
+  setGroup,
+
   listMembers,
   listRoles,
   listRoleMembers,