bcgov/common-object-management-service

View on GitHub
app/src/controllers/objectPermission.js

Summary

Maintainability
B
4 hrs
Test Coverage
A
90%
const { NIL: SYSTEM_USER } = require('uuid');
const errorToProblem = require('../components/errorToProblem');
const utils = require('../components/utils');

const { objectPermissionService, userService } = require('../services');

const SERVICE = 'ObjectPermissionService';

/**
 * The Permission Controller
 */
const controller = {
  /**
   * @function searchPermissions
   * Searches for object permissions
   * @param {object} req Express request object
   * @param {object} res Express response object
   * @param {function} next The next callback function
   * @returns {function} Express middleware function
   */
  async searchPermissions(req, res, next) {
    try {
      const bucketIds = utils.mixedQueryToArray(req.query.bucketId);
      const objIds = utils.mixedQueryToArray(req.query.objectId);
      const permCodes = utils.mixedQueryToArray(req.query.permCode);
      const userIds = utils.mixedQueryToArray(req.query.userId);
      const result = await objectPermissionService.searchPermissions({
        bucketId: bucketIds ? bucketIds.map(id => utils.addDashesToUuid(id)) : bucketIds,
        objId: objIds ? objIds.map(id => utils.addDashesToUuid(id)) : objIds,
        userId: userIds ? userIds.map(id => utils.addDashesToUuid(id)) : userIds,
        permCode: permCodes
      });
      const response = utils.groupByObject('objectId', 'permissions', result);

      // if also returning inheritied permissions
      if (utils.isTruthy(req.query.bucketPerms)) {
        const objectIds = await objectPermissionService.listInheritedObjectIds(userIds, bucketIds, permCodes);

        // merge list of object permissions
        objectIds.forEach(objectId => {
          if (!response.map(r => r.objectId).includes(objectId) &&
            // limit to objectId request query parameter if given
            (!objIds?.length || objIds?.includes(objectId))) {
            response.push({
              objectId: objectId,
              permissions: []
            });
          }
        });
      }

      res.status(200).json(response);
    } catch (e) {
      next(errorToProblem(SERVICE, e));
    }
  },

  /**
   * @function listPermissions
   * Returns the object permissions
   * @param {object} req Express request object
   * @param {object} res Express response object
   * @param {function} next The next callback function
   * @returns {function} Express middleware function
   */
  async listPermissions(req, res, next) {
    try {
      const userIds = utils.mixedQueryToArray(req.query.userId);
      const response = await objectPermissionService.searchPermissions({
        objId: utils.addDashesToUuid(req.params.objectId),
        userId: userIds ? userIds.map(id => utils.addDashesToUuid(id)) : userIds,
        permCode: utils.mixedQueryToArray(req.query.permCode)
      });
      res.status(200).json(response);
    } catch (e) {
      next(errorToProblem(SERVICE, e));
    }
  },

  /**
   * @function addPermissions
   * Grants object permissions to users
   * @param {object} req Express request object
   * @param {object} res Express response object
   * @param {function} next The next callback function
   * @returns {function} Express middleware function
   */
  async addPermissions(req, res, next) {
    try {
      const userId = await userService.getCurrentUserId(utils.getCurrentIdentity(req.currentUser, SYSTEM_USER));
      const response = await objectPermissionService.addPermissions(
        utils.addDashesToUuid(req.params.objectId), req.body, userId
      );
      res.status(201).json(response);
    } catch (e) {
      next(errorToProblem(SERVICE, e));
    }
  },

  /**
   * @function removePermissions
   * Deletes object permissions for a user
   * @param {object} req Express request object
   * @param {object} res Express response object
   * @param {function} next The next callback function
   * @returns {function} Express middleware function
   */
  async removePermissions(req, res, next) {
    try {
      const userArray = utils.mixedQueryToArray(req.query.userId);
      const userIds = userArray ? userArray.map(id => utils.addDashesToUuid(id)) : userArray;
      const permissions = utils.mixedQueryToArray(req.query.permCode);
      const response = await objectPermissionService.removePermissions(req.params.objectId, userIds, permissions);
      res.status(200).json(response);
    } catch (e) {
      next(errorToProblem(SERVICE, e));
    }
  },

};

module.exports = controller;