Permissions revamp

backend/rbac.json

@@ -0,0 +1,14 @@
+{
+  "resources": {
+    "dev-portfolio": {
+      "attributes": ["meta_only"],
+      "read_only": ["lead"],
+      "read_and_write": ["dev_lead"]
+    },
+    "dev-portfolio-submission": {
+      "attributes": ["email"],
+      "read_only": ["lead"],
+      "read_and_write": ["dev_lead"]
+    }
+  }
+}

backend/src/API/candidateDeciderAPI.ts

@@ -1,6 +1,13 @@
+import { Router } from 'express';
 import CandidateDeciderDao from '../dao/CandidateDeciderDao';
 import { NotFoundError, PermissionError } from '../utils/errors';
 import PermissionsManager from '../utils/permissionsManager';
+import {
+  loginCheckedDelete,
+  loginCheckedGet,
+  loginCheckedPost,
+  loginCheckedPut
+} from '../utils/auth';
 
 const candidateDeciderDao = new CandidateDeciderDao();
 
@@ -142,3 +149,29 @@ export const updateCandidateDeciderComment = async (
   };
   candidateDeciderDao.updateInstance(updatedInstance);
 };
+
+export const candidateDeciderRouter = Router();
+
+loginCheckedGet(candidateDeciderRouter, '/', async (_, user) => ({
+  instances: await getAllCandidateDeciderInstances(user)
+}));
+loginCheckedGet(candidateDeciderRouter, '/:uuid', async (req, user) => ({
+  instance: await getCandidateDeciderInstance(req.params.uuid, user)
+}));
+loginCheckedPost(candidateDeciderRouter, '/', async (req, user) => ({
+  instance: await createNewCandidateDeciderInstance(req.body, user)
+}));
+loginCheckedPut(candidateDeciderRouter, '/:uuid', async (req, user) =>
+  toggleCandidateDeciderInstance(req.params.uuid, user).then(() => ({}))
+);
+loginCheckedDelete(candidateDeciderRouter, '/:uuid', async (req, user) =>
+  deleteCandidateDeciderInstance(req.params.uuid, user).then(() => ({}))
+);
+loginCheckedPut(candidateDeciderRouter, '/:uuid/rating', (req, user) =>
+  updateCandidateDeciderRating(user, req.params.uuid, req.body.id, req.body.rating).then(() => ({}))
+);
+loginCheckedPost(candidateDeciderRouter, '/decider/:uuid/comment', (req, user) =>
+  updateCandidateDeciderComment(user, req.params.uuid, req.body.id, req.body.comment).then(
+    () => ({})
+  )
+);

backend/src/API/devPortfolioAPI.ts

@@ -1,8 +1,16 @@
+import { Router } from 'express';
 import { DateTime } from 'luxon';
 import DevPortfolioDao from '../dao/DevPortfolioDao';
 import PermissionsManager from '../utils/permissionsManager';
 import { PermissionError, BadRequestError, NotFoundError } from '../utils/errors';
 import { validateSubmission, isWithinDates } from '../utils/githubUtil';
+import {
+  loginCheckedDelete,
+  loginCheckedGet,
+  loginCheckedPost,
+  loginCheckedPut
+} from '../utils/auth';
+import DPSubmissionRequestLogDao from '../dao/DPSubmissionRequestLogDao';
 
 const zonedTime = (timestamp: number, ianatz = 'America/New_York') =>
   DateTime.fromMillis(timestamp, { zone: ianatz });
@@ -158,3 +166,81 @@ export const regradeSubmissions = async (uuid: string, user: IdolMember): Promis
   await devPortfolioDao.updateInstance(updatedDP);
   return updatedDP;
 };
+
+export const devPortfolioRouter = Router();
+const devPortfolioSubmissionRouter = Router({ mergeParams: true });
+devPortfolioRouter.use('/:uuid/submission', devPortfolioSubmissionRouter);
+
+// /dev-portfolio
+loginCheckedGet(
+  devPortfolioRouter,
+  '/',
+  async (req, user) => ({
+    portfolios: !req.query.meta_only
+      ? await getAllDevPortfolios(user)
+      : await getAllDevPortfolioInfo()
+  }),
+  'dev-portfolio'
+);
+loginCheckedGet(
+  devPortfolioRouter,
+  '/:uuid',
+  async (req, user) => ({
+    portfolio: !req.query.meta_only
+      ? await getDevPortfolio(req.params.uuid, user)
+      : await getDevPortfolioInfo(req.params.uuid)
+  }),
+  'dev-portfolio'
+);
+
+loginCheckedPost(
+  devPortfolioRouter,
+  '/',
+  async (req, user) => ({
+    portfolio: await createNewDevPortfolio(req.body, user)
+  }),
+  'dev-portfolio'
+);
+loginCheckedDelete(
+  devPortfolioRouter,
+  '/:uuid',
+  async (req, user) => deleteDevPortfolio(req.params.uuid, user).then(() => ({})),
+  'dev-portfolio'
+);
+
+// devPortfolioSubmissionRouter: /dev-portfolio/:uuid/submission
+loginCheckedPost(
+  devPortfolioSubmissionRouter,
+  '/',
+  async (req, user) => {
+    await DPSubmissionRequestLogDao.logRequest(user.email, req.body.uuid, req.body.submission);
+    return {
+      submission: await makeDevPortfolioSubmission(req.body.uuid, req.body.submission)
+    };
+  },
+  'dev-portfolio-submission'
+);
+loginCheckedPut(
+  devPortfolioSubmissionRouter,
+  '/regrade',
+  async (req, user) => ({
+    portfolio: await regradeSubmissions(req.body.uuid, user)
+  }),
+  'dev-portfolio-submission'
+);
+loginCheckedPut(
+  devPortfolioSubmissionRouter,
+  '/',
+  async (req, user) => ({
+    portfolio: await updateSubmissions(req.params.uuid, req.body.updatedSubmissions, user)
+  }),
+  'dev-portfolio-submission'
+);
+loginCheckedGet(
+  devPortfolioSubmissionRouter,
+  '/:email',
+  async (req, user) => ({
+    submissions: await getUsersDevPortfolioSubmissions(req.params.uuid, user)
+  }),
+  'dev-portfolio-submission'
+);

backend/src/API/imageAPI.ts

@@ -1,6 +1,8 @@
+import { Router } from 'express';
 import { bucket } from '../firebase';
 import { getNetIDFromEmail, filterImagesResponse } from '../utils/memberUtil';
 import { NotFoundError } from '../utils/errors';
+import { loginCheckedGet } from '../utils/auth';
 
 export const allMemberImages = async (): Promise<readonly ProfileImage[]> => {
   const files = await bucket.getFiles({ prefix: 'images/' });
@@ -44,3 +46,18 @@ export const getMemberImage = async (user: IdolMember): Promise<string> => {
   });
   return signedUrl[0];
 };
+
+export const memberImageRouter = Router();
+
+loginCheckedGet(memberImageRouter, '/:email', async (_, user) => ({
+  url: await getMemberImage(user)
+}));
+
+loginCheckedGet(memberImageRouter, '/signedURL', async (_, user) => ({
+  url: await setMemberImage(user)
+}));
+
+memberImageRouter.get('/', async (_, res) => {
+  const images = await allMemberImages();
+  res.status(200).json({ images });
+});

backend/src/API/memberAPI.ts

@@ -1,10 +1,16 @@
-import { Request } from 'express';
+import { Request, Router } from 'express';
 import MembersDao from '../dao/MembersDao';
 import PermissionsManager from '../utils/permissionsManager';
 import { BadRequestError, PermissionError } from '../utils/errors';
 import { bucket } from '../firebase';
 import { getNetIDFromEmail, computeMembersDiff } from '../utils/memberUtil';
 import { sendMemberUpdateNotifications } from './mailAPI';
+import {
+  loginCheckedDelete,
+  loginCheckedGet,
+  loginCheckedPost,
+  loginCheckedPut
+} from '../utils/auth';
 
 const membersDao = new MembersDao();
 
@@ -119,3 +125,40 @@ export const reviewUserInformationChange = async (
     MembersDao.revertMemberInformationChanges(rejected)
   ]);
 };
+
+export const memberRouter = Router();
+export const memberDiffRouter = Router();
+
+memberRouter.get('/', async (req, res) => {
+  const type = req.query.type as string | undefined;
+  let members;
+  switch (type) {
+    case 'all-semesters':
+      members = await MembersDao.getMembersFromAllSemesters();
+      break;
+    case 'approved':
+      members = await allApprovedMembers();
+      break;
+    default:
+      members = await allMembers();
+  }
+  res.status(200).json({ members });
+});
+
+loginCheckedPost(memberRouter, '/', async (req, user) => ({
+  member: await setMember(req.body, user)
+}));
+loginCheckedDelete(memberRouter, '/:email', async (req, user) => {
+  await deleteMember(req.params.email, user);
+  return {};
+});
+loginCheckedPut(memberRouter, '/', async (req, user) => ({
+  member: await updateMember(req, req.body, user)
+}));
+
+loginCheckedGet(memberDiffRouter, '/', async (_, user) => ({
+  diffs: await getUserInformationDifference(user)
+}));
+loginCheckedPut(memberDiffRouter, '/', async (req, user) => ({
+  member: await reviewUserInformationChange(req.body.approved, req.body.rejected, user)
+}));

backend/src/API/shoutoutAPI.ts

@@ -1,6 +1,13 @@
+import { Router } from 'express';
 import PermissionsManager from '../utils/permissionsManager';
 import { NotFoundError, PermissionError } from '../utils/errors';
 import ShoutoutsDao from '../dao/ShoutoutsDao';
+import {
+  loginCheckedGet,
+  loginCheckedPost,
+  loginCheckedPut,
+  loginCheckedDelete
+} from '../utils/auth';
 
 const shoutoutsDao = new ShoutoutsDao();
 
@@ -58,3 +65,27 @@ export const deleteShoutout = async (uuid: string, user: IdolMember): Promise<vo
   }
   await shoutoutsDao.deleteShoutout(uuid);
 };
+
+export const shoutoutRouter = Router();
+
+loginCheckedGet(shoutoutRouter, '/:email/:type', async (req, user) => ({
+  shoutouts: await getShoutouts(req.params.email, req.params.type as 'given' | 'received', user)
+}));
+
+loginCheckedGet(shoutoutRouter, '/', async () => ({
+  shoutouts: await getAllShoutouts()
+}));
+
+loginCheckedPost(shoutoutRouter, '/', async (req, user) => ({
+  shoutout: await giveShoutout(req.body, user)
+}));
+
+loginCheckedPut(shoutoutRouter, '/', async (req, user) => {
+  await hideShoutout(req.body.uuid, req.body.hide, user);
+  return {};
+});
+
+loginCheckedDelete(shoutoutRouter, '/:uuid', async (req, user) => {
+  await deleteShoutout(req.params.uuid, user);
+  return {};
+});

backend/src/API/signInFormAPI.ts

@@ -1,7 +1,9 @@
+import { Router } from 'express';
 import SignInFormDao from '../dao/SignInFormDao';
 import { PermissionError, BadRequestError, NotFoundError } from '../utils/errors';
 import { signInFormCollection, memberCollection } from '../firebase';
 import PermissionsManager from '../utils/permissionsManager';
+import { loginCheckedGet, loginCheckedPost } from '../utils/auth';
 
 const checkIfDocExists = async (id: string): Promise<boolean> =>
   (await signInFormCollection.doc(id).get()).exists;
@@ -87,3 +89,25 @@ export const getSignInPrompt = async (id: string): Promise<string | undefined> =
   if (!signInForm) throw new NotFoundError(`Sign-in form with id ${id} does not exist!`);
   return signInForm.prompt;
 };
+
+export const signInRouter = Router();
+loginCheckedPost(signInRouter, '/signInExists', async (req, _) => ({
+  exists: await signInFormExists(req.body.id)
+}));
+loginCheckedPost(signInRouter, '/signInExpired', async (req, _) => ({
+  expired: await signInFormExpired(req.body.id)
+}));
+loginCheckedPost(signInRouter, '/signInCreate', async (req, user) =>
+  createSignInForm(req.body.id, req.body.expireAt, req.body.prompt, user)
+);
+loginCheckedPost(signInRouter, '/signInDelete', async (req, user) => {
+  await deleteSignInForm(req.body.id, user);
+  return {};
+});
+loginCheckedPost(signInRouter, '/signIn', async (req, user) =>
+  signIn(req.body.id, req.body.response, user)
+);
+loginCheckedPost(signInRouter, '/signInAll', async (_, user) => allSignInForms(user));
+loginCheckedGet(signInRouter, '/signInPrompt/:id', async (req, _) => ({
+  prompt: await getSignInPrompt(req.params.id)
+}));

backend/src/API/siteIntegrationAPI.ts

@@ -1,7 +1,9 @@
+import { Router } from 'express';
 import { Octokit } from '@octokit/rest';
 import { PRResponse } from '../types/GithubTypes';
 import PermissionsManager from '../utils/permissionsManager';
 import { PermissionError, BadRequestError } from '../utils/errors';
+import { loginCheckedGet, loginCheckedPost } from '../utils/auth';
 
 require('dotenv').config();
 
@@ -108,3 +110,15 @@ const checkPermissions = async (user: IdolMember): Promise<void> => {
     );
   }
 };
+
+export const siteIntegrationRouter = Router();
+
+loginCheckedPost(siteIntegrationRouter, '/pullIDOLChanges', (_, user) =>
+  requestIDOLPullDispatch(user)
+);
+
+loginCheckedGet(siteIntegrationRouter, '/getIDOLChangesPR', (_, user) => getIDOLChangesPR(user));
+
+loginCheckedPost(siteIntegrationRouter, '/acceptIDOLChanges', (_, user) => acceptIDOLChanges(user));
+
+loginCheckedPost(siteIntegrationRouter, '/rejectIDOLChanges', (_, user) => rejectIDOLChanges(user));

backend/src/API/teamAPI.ts

@@ -1,8 +1,10 @@
+import { Router } from 'express';
 import { v4 as uuidv4 } from 'uuid';
 import PermissionsManager from '../utils/permissionsManager';
 import { Team } from '../types/DataTypes';
 import { BadRequestError, PermissionError } from '../utils/errors';
 import MembersDao from '../dao/MembersDao';
+import { loginCheckedGet, loginCheckedPost, loginCheckedPut } from '../utils/auth';
 
 const membersDao = new MembersDao();
 
@@ -119,3 +121,16 @@ export const deleteTeam = async (teamBody: Team, member: IdolMember): Promise<Te
   await updateTeamMembers({ ...teamBody, members: [], leaders: [], formerMembers: [] });
   return teamBody;
 };
+
+export const teamRouter = Router();
+
+loginCheckedGet(teamRouter, '/', async () => ({ teams: await allTeams() }));
+
+loginCheckedPut(teamRouter, '/', async (req, user) => ({
+  team: await setTeam(req.body, user)
+}));
+
+// TODO: should eventually make this a delete request
+loginCheckedPost(teamRouter, '/', async (req, user) => ({
+  team: await deleteTeam(req.body, user)
+}));