Permission System (#47)

* feat(api): permissions system

Adds a permission system for isAuthenticated middleware. Also adds user CRUD.

server/routes/auth.ts

@@ -3,10 +3,11 @@ import { getRepository } from 'typeorm';
 import { User } from '../entity/User';
 import PlexTvAPI from '../api/plextv';
 import { isAuthenticated } from '../middleware/auth';
+import { Permission } from '../lib/permissions';
 
 const authRoutes = Router();
 
-authRoutes.get('/me', isAuthenticated, async (req, res) => {
+authRoutes.get('/me', isAuthenticated(), async (req, res) => {
   const userRepository = getRepository(User);
   if (!req.user) {
     return res.status(500).json({
@@ -54,7 +55,7 @@ authRoutes.post('/login', async (req, res) => {
         user = new User({
           email: account.email,
           plexToken: account.authToken,
-          // TODO: When we add permissions in #52, set admin here
+          permissions: Permission.ADMIN,
         });
         await userRepository.save(user);
       }

server/routes/index.ts

@@ -3,12 +3,17 @@ import user from './user';
 import authRoutes from './auth';
 import { checkUser, isAuthenticated } from '../middleware/auth';
 import settingsRoutes from './settings';
+import { Permission } from '../lib/permissions';
 
 const router = Router();
 
 router.use(checkUser);
-router.use('/user', isAuthenticated, user);
-router.use('/settings', isAuthenticated, settingsRoutes);
+router.use('/user', isAuthenticated(Permission.MANAGE_USERS), user);
+router.use(
+  '/settings',
+  isAuthenticated(Permission.MANAGE_SETTINGS),
+  settingsRoutes
+);
 router.use('/auth', authRoutes);
 
 router.get('/', (req, res) => {

server/routes/user.ts

@@ -12,4 +12,65 @@ router.get('/', async (req, res) => {
   return res.status(200).json(User.filterMany(users));
 });
 
+router.post('/', async (req, res, next) => {
+  try {
+    const userRepository = getRepository(User);
+
+    const user = new User({
+      email: req.body.email,
+      permissions: req.body.permissions,
+      plexToken: '',
+    });
+    await userRepository.save(user);
+    return res.status(201).json(user.filter());
+  } catch (e) {
+    next({ status: 500, message: e.message });
+  }
+});
+
+router.get<{ id: string }>('/:id', async (req, res, next) => {
+  try {
+    const userRepository = getRepository(User);
+
+    const user = await userRepository.findOneOrFail({
+      where: { id: Number(req.params.id) },
+    });
+
+    return res.status(200).json(user.filter());
+  } catch (e) {
+    next({ status: 404, message: 'User not found' });
+  }
+});
+
+router.put<{ id: string }>('/:id', async (req, res, next) => {
+  try {
+    const userRepository = getRepository(User);
+
+    const user = await userRepository.findOneOrFail({
+      where: { id: Number(req.params.id) },
+    });
+
+    Object.assign(user, req.body);
+    await userRepository.save(user);
+
+    return res.status(200).json(user.filter());
+  } catch (e) {
+    next({ status: 404, message: 'User not found' });
+  }
+});
+
+router.delete<{ id: string }>('/:id', async (req, res, next) => {
+  try {
+    const userRepository = getRepository(User);
+
+    const user = await userRepository.findOneOrFail({
+      where: { id: Number(req.params.id) },
+    });
+    await userRepository.delete(user.id);
+    return res.status(200).json(user.filter());
+  } catch (e) {
+    next({ status: 404, message: 'User not found' });
+  }
+});
+
 export default router;