Add rudimentary user management to dashboard
This commit is contained in:
Dragory
parent
48c4b3578d
commit
3b09d2d679
12 changed files with 395 additions and 81 deletions
|
|
@ -3,15 +3,21 @@ import express, { Request, Response } from "express";
|
|||
import { YAMLException } from "js-yaml";
|
||||
import { validateGuildConfig } from "../configValidator";
|
||||
import { AllowedGuilds } from "../data/AllowedGuilds";
|
||||
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";
|
||||
import { ApiPermissionAssignments, ApiPermissionTypes } from "../data/ApiPermissionAssignments";
|
||||
import { Configs } from "../data/Configs";
|
||||
import { apiTokenAuthHandlers } from "./auth";
|
||||
import { hasGuildPermission, requireGuildPermission } from "./permissions";
|
||||
import { clientError, ok, serverError, unauthorized } from "./responses";
|
||||
import { loadYamlSafely } from "../utils/loadYamlSafely";
|
||||
import { ObjectAliasError } from "../utils/validateNoObjectAliases";
|
||||
import { isSnowflake } from "../utils";
|
||||
import moment from "moment-timezone";
|
||||
import { ApiAuditLog } from "../data/ApiAuditLog";
|
||||
import { AuditLogEventTypes } from "../data/apiAuditLogTypes";
|
||||
import { Queue } from "../Queue";
|
||||
|
||||
const apiPermissionAssignments = new ApiPermissionAssignments();
|
||||
const auditLog = new ApiAuditLog();
|
||||
|
||||
export function initGuildsAPI(app: express.Express) {
|
||||
const allowedGuilds = new AllowedGuilds();
|
||||
|
|
@ -25,6 +31,14 @@ export function initGuildsAPI(app: express.Express) {
|
|||
res.json(guilds);
|
||||
});
|
||||
|
||||
guildRouter.get(
|
||||
"/my-permissions", // a
|
||||
async (req: Request, res: Response) => {
|
||||
const permissions = await apiPermissionAssignments.getByUserId(req.user!.userId);
|
||||
res.json(permissions);
|
||||
},
|
||||
);
|
||||
|
||||
guildRouter.get("/:guildId", async (req: Request, res: Response) => {
|
||||
if (!(await hasGuildPermission(req.user!.userId, req.params.guildId, ApiPermissions.ViewGuild))) {
|
||||
return unauthorized(res);
|
||||
|
|
@ -101,5 +115,65 @@ export function initGuildsAPI(app: express.Express) {
|
|||
},
|
||||
);
|
||||
|
||||
const permissionManagementQueue = new Queue();
|
||||
guildRouter.post(
|
||||
"/:guildId/set-target-permissions",
|
||||
requireGuildPermission(ApiPermissions.ManageAccess),
|
||||
async (req: Request, res: Response) => {
|
||||
await permissionManagementQueue.add(async () => {
|
||||
const { type, targetId, permissions, expiresAt } = req.body;
|
||||
|
||||
if (type !== ApiPermissionTypes.User) {
|
||||
return clientError(res, "Invalid type");
|
||||
}
|
||||
if (!isSnowflake(targetId)) {
|
||||
return clientError(res, "Invalid targetId");
|
||||
}
|
||||
const validPermissions = new Set(Object.values(ApiPermissions));
|
||||
validPermissions.delete(ApiPermissions.Owner);
|
||||
if (!Array.isArray(permissions) || permissions.some(p => !validPermissions.has(p))) {
|
||||
return clientError(res, "Invalid permissions");
|
||||
}
|
||||
if (expiresAt != null && !moment.utc(expiresAt).isValid()) {
|
||||
return clientError(res, "Invalid expiresAt");
|
||||
}
|
||||
|
||||
const existingAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, targetId);
|
||||
if (existingAssignment && existingAssignment.permissions.includes(ApiPermissions.Owner)) {
|
||||
return clientError(res, "Can't change owner permissions");
|
||||
}
|
||||
|
||||
if (permissions.length === 0) {
|
||||
await apiPermissionAssignments.removeUser(req.params.guildId, targetId);
|
||||
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.REMOVE_API_PERMISSION, {
|
||||
type: ApiPermissionTypes.User,
|
||||
target_id: targetId,
|
||||
});
|
||||
} else {
|
||||
const existing = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, targetId);
|
||||
if (existing) {
|
||||
await apiPermissionAssignments.updateUserPermissions(req.params.guildId, targetId, permissions);
|
||||
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.EDIT_API_PERMISSION, {
|
||||
type: ApiPermissionTypes.User,
|
||||
target_id: targetId,
|
||||
permissions,
|
||||
expires_at: existing.expires_at,
|
||||
});
|
||||
} else {
|
||||
await apiPermissionAssignments.addUser(req.params.guildId, targetId, permissions, expiresAt);
|
||||
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.ADD_API_PERMISSION, {
|
||||
type: ApiPermissionTypes.User,
|
||||
target_id: targetId,
|
||||
permissions,
|
||||
expires_at: expiresAt,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
ok(res);
|
||||
});
|
||||
},
|
||||
);
|
||||
|
||||
app.use("/guilds", guildRouter);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue