17th-Ranger-Battalion-ORG/milsim-site-v4
8
1
Fork 0
Code Issues 38 Pull Requests 1 Actions 3 Packages Projects 1 Releases 14 Wiki Activity

implemented role and state based authorization

Browse Source
This commit is contained in:
ajdj100
2025-12-13 17:01:50 -05:00
parent 7c4e8d7db8
commit b91ecacb60
8 changed files with 101 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
api/src/routes/applications.ts
View File

@@ -9,7 +9,7 @@ import { ApplicationFull, CommentRow } from "@app/shared/types/application"
import { assignUserToStatus } from '../services/statusService';
import { Request, response, Response } from 'express';
import { getUserRoles } from '../services/rolesService';
import { requireLogin } from '../middleware/auth';
import { requireLogin, requireRole } from '../middleware/auth';
//get CoC
router.get('/coc', async (req: Request, res: Response) => {
@@ -48,7 +48,7 @@ router.post('/', [requireLogin], async (req, res) => {
});
// GET /application/all
router.get('/all', [requireLogin], async (req, res) => {
router.get('/all', [requireLogin, requireRole("Recruiter")], async (req, res) => {
try {
const rows = await getApplicationList();
res.status(200).json(rows);
@@ -124,22 +124,10 @@ router.get('/me/:id', [requireLogin], async (req: Request, res: Response) => {
});
// GET /application/:id
router.get('/:id', [requireLogin], async (req: Request, res: Response) => {
router.get('/:id', [requireLogin, requireRole("Recruiter")], async (req: Request, res: Response) => {
let appID = Number(req.params.id);
let asAdmin = !!req.query.admin || false;
let user = req.user.id;
//TODO: Replace this with bigger authorization system eventually
if (asAdmin) {
let allowed = (await getUserRoles(user)).some((role) =>
role.name.toLowerCase() === 'dev' ||
role.name.toLowerCase() === 'recruiter' ||
role.name.toLowerCase() === 'administrator')
console.log(allowed)
if (!allowed) {
return res.sendStatus(403)
}
}
try {
const application = await getApplicationByID(appID);
if (application === undefined)
@@ -160,7 +148,7 @@ router.get('/:id', [requireLogin], async (req: Request, res: Response) => {
});
// POST /application/approve/:id
router.post('/approve/:id', [requireLogin], async (req: Request, res: Response) => {
router.post('/approve/:id', [requireLogin, requireRole("Recruiter")], async (req: Request, res: Response) => {
const appID = Number(req.params.id);
const approved_by = req.user.id;
@@ -189,7 +177,7 @@ router.post('/approve/:id', [requireLogin], async (req: Request, res: Response)
});
// POST /application/deny/:id
router.post('/deny/:id', [requireLogin], async (req, res) => {
router.post('/deny/:id', [requireLogin, requireRole("Recruiter")], async (req, res) => {
const appID = req.params.id;
try {
@@ -247,7 +235,7 @@ VALUES(?, ?, ?);`
});
// POST /application/:id/comment
router.post('/:id/adminComment', [requireLogin], async (req: Request, res: Response) => {
router.post('/:id/adminComment', [requireLogin, requireRole("Recruiter")], async (req: Request, res: Response) => {
const appID = req.params.id;
const data = req.body.message;
const user = req.user;