✨ 🚧 Add admin api and ui for timetable management

2023-06-20 23:10:52 +02:00
parent 0e2cc70a6b
commit 0ae553cca8
10 changed files with 307 additions and 5 deletions
--- a/server/api/admin.js
+++ b/server/api/admin.js
@ -0,0 +1,78 @@
+import Prisma from "@prisma/client";
+const prisma = new Prisma.PrismaClient();
+
+export function registerAdmin(app) {
+  app.get("/api/admin/timetable", listTimetables);
+  app.post("/api/admin/timetable", createTimetable);
+  app.put("/api/admin/timetable", editTimetable);
+  app.delete("/api/admin/timetable", deleteTimetable);
+}
+
+function sendMissingArguments(res) {
+  res.status(400).send({
+    success: false,
+    error: "missing_arguments",
+  });
+}
+
+async function listTimetables(_, res) {
+  res.send(
+    await prisma.timetable.findMany({
+      select: {
+        id: true,
+        title: true,
+        class: true,
+        source: true,
+        trusted: true,
+      },
+    })
+  );
+}
+
+async function createTimetable(req, res) {
+  let data = req.body;
+  if (!data.title || !data.data || !data.class) {
+    sendMissingArguments(res);
+    return;
+  }
+  const timetable = await prisma.timetable.create({
+    data: req.body,
+  });
+  res.status(201).send(timetable);
+}
+
+async function editTimetable(req, res) {
+  let id = parseInt(req.query.id);
+  if (!id) {
+    sendMissingArguments(res);
+    return;
+  }
+  try {
+    const timetable = await prisma.timetable.update({
+      where: {
+        id,
+      },
+      data: req.body,
+    });
+    res.status(201).send(timetable);
+  } catch (e) {
+    res.status(500).send(e);
+  }
+}
+
+async function deleteTimetable(req, res) {
+  if (!req.query.id) {
+    sendMissingArguments(res);
+    return;
+  }
+  try {
+    await prisma.timetable.delete({
+      where: {
+        id: parseInt(req.query.id),
+      },
+    });
+    res.status(200).send();
+  } catch (e) {
+    res.status(500).send(e);
+  }
+}
--- a/server/api/permission.js
+++ b/server/api/permission.js
@ -32,6 +32,18 @@ export async function hasPermission(sessionToken, permission, forValue) {
  return hasPermission;
 }

+export async function checkAdmin(req, res, next) {
+  if (!(await hasPermission(req.locals.session, "admin"))) {
+    res.status(401).send({
+      success: false,
+      error: "admin_only",
+      message: "You need to be admin to do this!",
+    });
+    return;
+  }
+  next();
+}
+
 export async function applyKey(sessionToken, key) {
  if (!key) return false;
  const foundKey = await prisma.key.findUnique({
--- a/server/index.js
+++ b/server/index.js
@ -17,6 +17,8 @@ import auth from "./api/auth.js";
 import { Parser } from "./parser/index.js";
 import { BolleClient } from "./parser/bolle.js";
 import { parseSubstitutionPlan } from "./parser/untis.js";
+import { registerAdmin } from "./api/admin.js";
+import { checkAdmin } from "./api/permission.js";

 // Check that credentials are supplied
 if (
@ -69,6 +71,11 @@ app.get("/api/substitutions", getSubstitutions);
 app.get("/api/history", getHistory);
 app.get("/api/classes", getClasses);
 app.post("/api/token", auth.token);
+
+// Register Admin endpoints
+app.use("/api/admin", checkAdmin);
+registerAdmin(app);
+
 // Respond with 400 for non-existent endpoints
 app.get("/api/*", (_req, res) => {
  res.sendStatus(400);