Added test and query call

2019-11-01 01:16:23 +01:00
parent 03a7086162
commit 0ed5fb89c3
7 changed files with 84 additions and 68 deletions
--- a/endpoints/testuserperm.js
+++ b/endpoints/testuserperm.js
@@ -1,14 +1,11 @@
 //Call for testing if a particular user has a particular permission over a
 // particular object. Returns true or false. 
 //
-//Requiremenst for checking data in DB
-const checkmemb= require('../helpfunctions/checkmemb');
-
 const condTest = (req, res, db) => {
    //Parsing req body 
    const { reqowner, reqobjname, reqtype} =req.body;

-    //Checking for owner with particular permission over a particular object 
+    //Checking for owner with  particular permission over a particular object 
    db.transaction (trx => {
        trx.select('objname')
        .from('permissions')
@@ -22,40 +19,28 @@ const condTest = (req, res, db) => {
            if (found.length !==0) {
                return res.json(true);
            }
-            //Checking for permissions inherited from groups
-            return trx('permissions')
-                .returning('owner')
-                //Checking only for groups
-                .where('ownertype', 'ilike', 'group')
-                //Checking for existance of group with particular permission over a particular object
-                .andWhere('objname', 'ilike', reqobjname)
-                .andWhere('type', 'ilike', reqtype)
-                .then (found => {
-                    //?
-                    console.log('found', found);
-                    //Found is an array of objects (rows from permissions table) where group has needed permisions
-                    //Check for every group if user is a member
-                    found.forEach( (row, index) => {
-                        //?
-                        console.log('row.owner', row.owner);
-                         // Check if our user is in found group and have inherited permission
-                        return trx('groups')
-                        .returning('*')
-                        .where('username', 'ilike', reqowner)
-                        .andWhere('groupname', 'ilike', 'admins')
-                        .then ( data => {
-                            console.log('data', data);
-                            if (data.length!==0) {
-                                return res.json(true);
-                            }
-                        })
-                        .then(trx.commit)
-                        .catch(trx.rollback)
-                    });
-                    return res.json(false);
-                })
-                
-        }) 
+        })
+        .then(trx.commit)
+        .catch(trx.rollback)
+        .catch (err => res.status(400).json('Error accesing database.'))
+    })
+    //Checking for permissions inherited from groups
+    db.transaction ( trx => {
+        trx.select('*')
+        .from('groups')
+        .fullOuterJoin('permissions', 'groups.groupname', 'permissions.owner')
+        //Checking only for groups
+        .where('ownertype', 'ilike', 'group')
+        .andWhere('username', 'ilike', reqowner)
+        .then ( found => {
+            if (found.length !==0) {
+                return res.json(true);
+            }
+            else {
+                //If no searched permission is found then it does not exists
+                return res.json(false);
+            }
+        })
        .then(trx.commit)
        .catch(trx.rollback)
        .catch (err => res.status(400).json('Error accesing database.'))