More permissions and changes to endorsement group creation.

backend/db/config/options.ts

@@ -3,7 +3,7 @@ import path from "path";
 const dir = process.cwd();
 
 module.exports = {
-    config: path.join(dir, "dist/db/config/config.js"),
-    "migrations-path": path.join(dir, "dist/db/migrations"),
-    "seeders-path": path.join(dir, "dist/db/seeders"),
+    config: path.join(dir, "../_build/backend/db/config/config.js"),
+    "migrations-path": path.join(dir, "../_build/backend/db/migrations"),
+    "seeders-path": path.join(dir, "../_build/backend/db/seeders"),
 };

backend/db/migrations/20221115171254-create-endorsement-groups-table.ts

@@ -14,6 +14,10 @@ export const ENDORSEMENT_GROUPS_TABLE_ATTRIBUTES = {
         type: DataType.STRING(70),
         allowNull: false,
     },
+    name_vateud: {
+        type: DataType.STRING(70),
+        allowNull: false,
+    },
     tier: {
         type: DataType.SMALLINT,
         allowNull: false,

backend/db/seeders/20221121101837-PermissionSeeder.ts

@@ -34,11 +34,8 @@ const allPerms = [
     "tech.view",
     "tech.syslog.view",
 
-    "tech.permissions.view",
-    "tech.permissions.role.edit",
-    "tech.permissions.role.view",
-    "tech.permissions.perm.edit",
-    "tech.permissions.perm.view",
+    "tech.role_management.view",
+    "tech.role_management.edit",
     "tech.appsettings.view",
     "tech.joblog.view",
 ];

backend/src/Router.ts

@@ -234,8 +234,8 @@ router.use(
                 r.get("/mentorable", EndorsementGroupAdminController.getMentorable);
 
                 r.get("/", EndorsementGroupAdminController.getAll);
-                r.get("/with-stations", EndorsementGroupAdminController.getAllWithStations);
                 r.post("/", EndorsementGroupAdminController.createEndorsementGroup);
+                r.get("/with-stations", EndorsementGroupAdminController.getAllWithStations);
 
                 r.get("/:id", EndorsementGroupAdminController.getByID);
                 r.patch("/:id", EndorsementGroupAdminController.updateByID);

backend/src/controllers/endorsement-group/EndorsementGroupAdminController.ts

@@ -352,17 +352,19 @@ async function removeUserByID(request: Request, response: Response, next: NextFu
 async function createEndorsementGroup(request: Request, response: Response, next: NextFunction) {
     try {
         const user: User = response.locals.user;
-        const body = request.body as { name: string; tier: number; training_station_ids: number[] };
+        const body = request.body as { name: string; name_vateud: string; tier: number; training_station_ids: number[] };
 
         PermissionHelper.checkUserHasPermission(user, "lm.endorsement_groups.create");
 
         Validator.validate(body, {
             name: [ValidationTypeEnum.NON_NULL],
+            name_vateud: [ValidationTypeEnum.NON_NULL],
             training_station_ids: [ValidationTypeEnum.IS_ARRAY, ValidationTypeEnum.VALID_JSON],
         });
 
         const endorsementGroup = await EndorsementGroup.create({
             name: body.name,
+            name_vateud: body.name_vateud,
             tier: body.tier,
         });
 

backend/src/controllers/log-template/LogTemplateAdminController.ts

@@ -3,7 +3,6 @@ import { TrainingLogTemplate } from "../../models/TrainingLogTemplate";
 import { HttpStatusCode } from "axios";
 import Validator, { ValidationTypeEnum } from "../../utility/Validator";
 import { User } from "../../models/User";
-import { ForbiddenException } from "../../exceptions/ForbiddenException";
 import PermissionHelper from "../../utility/helper/PermissionHelper";
 
 /**

backend/src/controllers/permission/PermissionAdminController.ts

@@ -1,64 +1,88 @@
-import { Request, Response } from "express";
+import { NextFunction, Request, Response } from "express";
 import { Permission } from "../../models/Permission";
+import { User } from "../../models/User";
+import PermissionHelper from "../../utility/helper/PermissionHelper";
+import Validator, { ValidationTypeEnum } from "../../utility/Validator";
+import { GenericException } from "../../exceptions/GenericException";
+import { HttpStatusCode } from "axios";
 
 /**
  * Gets all permissions
- * @param request
+ * @param _request
  * @param response
+ * @param next
  */
-async function getAll(request: Request, response: Response) {
-    const permissions = await Permission.findAll();
-    response.send(permissions);
+async function getAll(_request: Request, response: Response, next: NextFunction) {
+    try {
+        const user: User = response.locals.user;
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.view");
+
+        const permissions = await Permission.findAll();
+        response.send(permissions);
+    } catch (e) {
+        next(e);
+    }
 }
 
 /**
  * Creates a new permission. If the name of this permission exists, returns a 400 error
  * @param request
  * @param response
+ * @param next
  */
-async function create(request: Request, response: Response) {
-    const name = request.body.name;
+async function create(request: Request, response: Response, next: NextFunction) {
+    try {
+        const user: User = response.locals.user;
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit");
 
-    if (name == null || name.length == 0) {
-        response.status(400).send({ code: "VAL_ERR", error: "No name supplied" });
-        return;
-    }
+        const body = request.body as { name: string };
+        Validator.validate(body, {
+            name: [ValidationTypeEnum.NON_NULL]
+        });
 
-    const [perm, created] = await Permission.findOrCreate({
-        where: { name: name },
-        defaults: {
-            name: name,
-        },
-    });
+        const [perm, created] = await Permission.findOrCreate({
+            where: { name: body.name },
+            defaults: {
+                name: body.name,
+            },
+        });
 
-    if (!created) {
-        response.status(400).send({ code: "DUP_ENTRY", error: "Duplicate entry for column name" });
-        return;
-    }
+        if (!created) {
+            throw new GenericException("DUP_ENTRY", "Permission with this name already exists");
+        }
 
-    response.send(perm);
+        response.send(perm);
+    } catch (e) {
+        next(e);
+    }
 }
 
 /**
  * Deletes a permission specified by request.body.perm_id
  * @param request
  * @param response
+ * @param next
  */
-async function destroy(request: Request, response: Response) {
-    const perm_id = request.body.perm_id;
+async function destroy(request: Request, response: Response, next: NextFunction) {
+    try {
+        const user: User = response.locals.user;
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit");
 
-    if (perm_id == null || perm_id == -1) {
-        response.status(400).send({ code: "VAL_ERR", error: "No permission supplied" });
-        return;
-    }
+        const body = request.body as {perm_id: string};
+        Validator.validate(body, {
+            perm_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+        });
 
-    const res = await Permission.destroy({
-        where: {
-            id: perm_id,
-        },
-    });
+        const res = await Permission.destroy({
+            where: {
+                id: body.perm_id,
+            },
+        });
 
-    response.send({ message: "OK", rows: res });
+        response.sendStatus(HttpStatusCode.NoContent);
+    } catch (e) {
+        next(e);
+    }
 }
 
 export default {

backend/src/controllers/permission/RoleAdminController.ts

@@ -9,19 +9,27 @@ import { RoleBelongsToUsers } from "../../models/through/RoleBelongsToUsers";
 
 /**
  * Gets all roles
- * @param request
+ * @param _request
  * @param response
+ * @param next
  */
-async function getAll(request: Request, response: Response) {
-    const roles = await Role.findAll();
-    response.send(roles);
+async function getAll(_request: Request, response: Response, next: NextFunction) {
+    try {
+        const user: User = response.locals.user;
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.view");
+
+        const roles = await Role.findAll();
+        response.send(roles);
+    } catch(e) {
+        next(e);
+    }
 }
 
 async function create(request: Request, response: Response, next: NextFunction) {
     try {
         const user: User = response.locals.user;
         const body = request.body as { name: string };
-        PermissionHelper.checkUserHasPermission(user, "tech.permissions.role.edit");
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.role.edit");
 
         Validator.validate(body, {
             name: [ValidationTypeEnum.NON_NULL],
@@ -41,7 +49,7 @@ async function addUser(request: Request, response: Response, next: NextFunction)
     try {
         const user: User = response.locals.user;
         const body = request.body as { role_id: string; user_id: string };
-        PermissionHelper.checkUserHasPermission(user, "tech.permissions.role.edit");
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit");
 
         Validator.validate(body, {
             role_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
@@ -65,7 +73,7 @@ async function removeUser(request: Request, response: Response, next: NextFuncti
     try {
         const user: User = response.locals.user;
         const body = request.body as { role_id: string; user_id: string };
-        PermissionHelper.checkUserHasPermission(user, "tech.permissions.role.edit");
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit");
 
         Validator.validate(body, {
             role_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
@@ -158,7 +166,7 @@ async function removePermission(request: Request, response: Response) {
     const params = request.params;
     const body = request.body;
 
-    PermissionHelper.checkUserHasPermission(user, "tech.permissions.role.edit", true);
+    PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit", true);
 
     // const validation = ValidationHelper.validate([
     //     {
@@ -193,33 +201,29 @@ async function removePermission(request: Request, response: Response) {
  * Adds a permission to a role
  * @param request
  * @param response
+ * @param next
  */
-async function addPermission(request: Request, response: Response) {
-    const user: User = response.locals.user;
-    const params = request.params;
-    const body = request.body;
+async function addPermission(request: Request, response: Response, next: NextFunction) {
+    try {
+        const user: User = response.locals.user;
+        const params = request.params;
+        const body = request.body as {permission_id?: string};
 
-    PermissionHelper.checkUserHasPermission(user, "tech.permissions.role.edit", true);
+        PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit", true);
 
-    // const validate = ValidationHelper.validate([
-    //     {
-    //         name: "role_id",
-    //         validationObject: role_id,
-    //         toValidate: [{ val: ValidationOptions.NON_NULL }, { val: ValidationOptions.NUMBER }],
-    //     },
-    //     {
-    //         name: "permission_id",
-    //         validationObject: permission_id,
-    //         toValidate: [{ val: ValidationOptions.NON_NULL }, { val: ValidationOptions.NUMBER }],
-    //     },
-    // ]);
+        Validator.validate(body, {
+            permission_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+        });
 
-    const res = await RoleHasPermissions.create({
-        role_id: Number(params.role_id),
-        permission_id: Number(body.permission_id),
-    });
+        const res = await RoleHasPermissions.create({
+            role_id: Number(params.role_id),
+            permission_id: Number(body.permission_id),
+        });
 
-    response.send(res);
+        response.send(res);
+    } catch (e) {
+        next(e);
+    }
 }
 
 export default {