80f9023020
Closes #3196 * adds `/roles/` endpoint * is given the current user as context * wraps everything in a canthis.browse.role * gets all the available roles (should "Owner" be filtered out?) * optional parameter: `permission=assign`. Gets all roles authenticated user could assign * if we're not signed in, gives a "please sign in" (standard) error * if we're signed in, but user is not in the context, gives a "there was no user in the context" error * if the user is an "Author", gives a "there are no available roles to assign" error * implemented hacky filter because when.js produces heisenbugs past 3.2.3 (when.filter not available) * added extra fixtures to `permissions.json`. Might need a migration. Caveats: * there are no tests * for some reason the setup functional test was failing for me locally
61 lines
2.1 KiB
JavaScript
61 lines
2.1 KiB
JavaScript
// # Posts API
|
|
// RESTful API for the Post resource
|
|
var when = require('when'),
|
|
_ = require('lodash'),
|
|
canThis = require('../permissions').canThis,
|
|
dataProvider = require('../models'),
|
|
errors = require('../errors'),
|
|
|
|
roles;
|
|
|
|
/**
|
|
* ## Roles API Methods
|
|
*
|
|
* **See:** [API Methods](index.js.html#api%20methods)
|
|
*/
|
|
roles = {
|
|
/**
|
|
* ### Browse
|
|
* Find all roles
|
|
*
|
|
* Will return all roles that the current user is able to assign
|
|
*
|
|
*
|
|
* @public
|
|
* @param {{context, page, limit, status, staticPages, tag}} options (optional)
|
|
* @returns {Promise(Roles)} Roles Collection
|
|
*/
|
|
browse: function browse(options) {
|
|
var permissionMap = [];
|
|
options = options || {};
|
|
|
|
return canThis(options.context).browse.role().then(function () {
|
|
return dataProvider.Role.findAll(options).then(function (foundRoles) {
|
|
if (options.permissions === 'assign') {
|
|
// Hacky implementation of filtering because when.filter is only available in when 3.4.0,
|
|
// but that's buggy and kills other tests and introduces Heisenbugs. Until we turn everything
|
|
// to Bluebird, this works. Sorry.
|
|
// TODO: replace with better filter when bluebird lands
|
|
_.each(foundRoles.toJSON(), function (role) {
|
|
permissionMap.push(canThis(options.context).assign.role(role).then(function () {
|
|
return role;
|
|
}, function () {
|
|
return null;
|
|
}));
|
|
});
|
|
|
|
return when.all(permissionMap).then(function (resolved) {
|
|
return { roles: _.filter(resolved, function (role) {
|
|
return role !== null;
|
|
}) };
|
|
}).catch(errors.logAndThrowError);
|
|
}
|
|
return { roles: foundRoles.toJSON() };
|
|
});
|
|
})
|
|
.catch(errors.logAndThrowError);
|
|
}
|
|
};
|
|
|
|
module.exports = roles;
|