beenull/pdnsmanager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added DELETE /users/{user}/permissions/{domainId}

Browse source
This commit is contained in:
Lukas Metzger 2018-04-01 21:20:53 +02:00
parent ff41604aa2
commit 25382d0de3
4 changed files with 78 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
backend/src/controllers/Permissions.php
View file

@ -70,4 +70,27 @@ class Permissions
return $res->withJson(['error' => 'Either domain or user were not found'], 404);
}
}
public function delete(Request $req, Response $res, array $args)
{
$ac = new \Operations\AccessControl($this->c);
if (!$ac->isAdmin($req->getAttribute('userId'))) {
$this->logger->info('Non admin user tries to add permissions');
return $res->withJson(['error' => 'You must be admin to use this feature'], 403);
}
$user = intval($args['user']);
$domainId = intval($args['domainId']);
$permissions = new \Operations\Permissions($this->c);
try {
$permissions->deletePermission($user, $domainId);
$this->logger->info('Permission was removed:', ['by' => $req->getAttribute('userId'), 'user' => $user, 'domain' => $domainId]);
return $res->withStatus(204);
} catch (\Exceptions\NotFoundException $e) {
return $res->withJson(['error' => 'Either domain or user were not found'], 404);
}
}
}

33
backend/src/operations/Permissions.php
View file

@ -73,6 +73,8 @@ class Permissions
* @param $domainId Domain for which access should be granted
*
* @return void
*
* @throws NotFoundException If domain or user was not found
*/
public function addPermission(int $userId, int $domainId) : void
{
@ -107,4 +109,35 @@ class Permissions
$this->db->commit();
}
/**
* Delete a permission
*
* @param $userId User id
* @param $domainId Domain for which access should be revoked
*
* @return void
*
* @throws NotFoundException if the entry was not found
*/
public function deletePermission(int $userId, int $domainId) : void
{
$this->db->beginTransaction();
$query = $this->db->prepare('SELECT * FROM permissions WHERE domain_id=:domainId AND user_id=:userId');
$query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
$query->bindValue(':userId', $userId, \PDO::PARAM_INT);
$query->execute();
if ($query->fetch() === false) {
$this->db->rollBack();
throw new \Exceptions\NotFoundException();
}
$query = $this->db->prepare('DELETE FROM permissions WHERE domain_id=:domainId AND user_id=:userId');
$query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
$query->bindValue(':userId', $userId, \PDO::PARAM_INT);
$query->execute();
$this->db->commit();
}
}

1
backend/src/public/index.php
View file

@ -50,6 +50,7 @@ $app->group('/v1', function () {
$this->get('/users/{user}/permissions', '\Controllers\Permissions:getList');
$this->post('/users/{user}/permissions', '\Controllers\Permissions:postNew');
$this->delete('/users/{user}/permissions/{domainId}', '\Controllers\Permissions:delete');
})->add('\Middlewares\Authentication');
});

21
backend/test/tests/permissions.js
View file

@ -66,7 +66,21 @@ test.run(async function () {
assert.equal(res.status, 204, 'Add of permission should succeed for not existing permission.');
// Revoke the new permission
var res = await req({
url: '/users/2/permissions/3',
method: 'delete'
});
assert.equal(res.status, 204, 'Revoking should succeed');
// Revoke the new permission again
var res = await req({
url: '/users/2/permissions/3',
method: 'delete'
});
assert.equal(res.status, 404, 'Second revocation of the same permission should fail');
});
await test('user', async function (assert, req) {
@ -86,5 +100,12 @@ test.run(async function () {
});
assert.equal(res.status, 403, 'Add of permission should fail for user.');
var res = await req({
url: '/users/2/permissions/1',
method: 'delete'
});
assert.equal(res.status, 403, 'Revoke of permission should fail for user.');
});
});