From 7203ff1d93c23581a42a26c07624f708fad15d0e Mon Sep 17 00:00:00 2001 From: Thomas Sibley Date: Wed, 24 Aug 2022 15:28:42 -0700 Subject: [PATCH] fixup! Add RESTful API endpoints for managing Groups members --- src/app.js | 13 ++++++++----- src/endpoints/groups.js | 34 ++++++++++++++++++++++------------ 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/app.js b/src/app.js index e91942560..75b14b7f7 100644 --- a/src/app.js +++ b/src/app.js @@ -300,22 +300,25 @@ app.routeAsync("/groups/:groupName") .getAsync(endpoints.static.sendGatsbyEntrypoint) ; -app.routeAsync("/groups/:groupName/members") +app.use("/groups/:groupName/settings", + endpoints.groups.setGroup(req => req.params.groupName)); + +app.routeAsync("/groups/:groupName/settings/members") .getAsync(endpoints.groups.listMembers); -app.routeAsync("/groups/:groupName/roles") +app.routeAsync("/groups/:groupName/settings/roles") .getAsync(endpoints.groups.listRoles); -app.routeAsync("/groups/:groupName/roles/:roleName/members") +app.routeAsync("/groups/:groupName/settings/roles/:roleName/members") .getAsync(endpoints.groups.listRoleMembers); -app.routeAsync("/groups/:groupName/roles/:roleName/members/:username") +app.routeAsync("/groups/:groupName/settings/roles/:roleName/members/:username") .getAsync(endpoints.groups.getRoleMember) .putAsync(endpoints.groups.putRoleMember) .deleteAsync(endpoints.groups.deleteRoleMember) ; -app.route(["/groups/:groupName/members/*", "/groups/:groupName/roles/*"]) +app.route("/groups/:groupName/settings/*") .all(() => { throw new NotFound(); }); // Avoid matching "narratives" as a dataset name. diff --git a/src/endpoints/groups.js b/src/endpoints/groups.js index 61ac707e4..7a38e6687 100644 --- a/src/endpoints/groups.js +++ b/src/endpoints/groups.js @@ -5,9 +5,18 @@ const {Group} = require("../groups"); const {slurp} = require("../utils/iterators"); +const setGroup = (nameExtractor) => (req, res, next) => { + const group = new Group(nameExtractor(req)); + + authz.assertAuthorized(req.user, authz.actions.Read, group); + + req.context.group = group; + return next(); +}; + + const listMembers = async (req, res) => { - const {groupName} = req.params; - const group = new Group(groupName); + const group = req.context.group; authz.assertAuthorized(req.user, authz.actions.Read, group); @@ -16,8 +25,7 @@ const listMembers = async (req, res) => { const listRoles = (req, res) => { - const {groupName} = req.params; - const group = new Group(groupName); + const group = req.context.group; authz.assertAuthorized(req.user, authz.actions.Read, group); @@ -27,8 +35,8 @@ const listRoles = (req, res) => { const listRoleMembers = async (req, res) => { - const {groupName, roleName} = req.params; - const group = new Group(groupName); + const group = req.context.group; + const {roleName} = req.params; authz.assertAuthorized(req.user, authz.actions.Read, group); @@ -37,8 +45,8 @@ const listRoleMembers = async (req, res) => { const getRoleMember = async (req, res) => { - const {groupName, roleName, username} = req.params; - const group = new Group(groupName); + const group = req.context.group; + const {roleName, username} = req.params; authz.assertAuthorized(req.user, authz.actions.Read, group); @@ -53,8 +61,8 @@ const getRoleMember = async (req, res) => { const putRoleMember = async (req, res) => { - const {groupName, roleName, username} = req.params; - const group = new Group(groupName); + const group = req.context.group; + const {roleName, username} = req.params; authz.assertAuthorized(req.user, authz.actions.Write, group); @@ -65,8 +73,8 @@ const putRoleMember = async (req, res) => { const deleteRoleMember = async (req, res) => { - const {groupName, roleName, username} = req.params; - const group = new Group(groupName); + const group = req.context.group; + const {roleName, username} = req.params; authz.assertAuthorized(req.user, authz.actions.Write, group); @@ -77,6 +85,8 @@ const deleteRoleMember = async (req, res) => { module.exports = { + setGroup, + listMembers, listRoles, listRoleMembers,