ExpressJs

⌘K
  2. Home
  4. Docs
  6. ExpressJs
  8. moduler project
  10. 02.Group And Permission

02.Group And Permission

Create modules/auth/controllers/groupController.js:

// modules/auth/controllers/groupController.js
const Group = require('../models/group.model');
const User = require('../models/user.model');
const Permission = require('../models/permission.model');

exports.createGroup = async (req, res) => {
  try {
    const group = await Group.create(req.body);
    res.status(201).send(group);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.getAllGroups = async (req, res) => {
  try {
    const groups = await Group.findAll();
    res.status(200).send(groups);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.getGroupById = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.id);
    if (!group) {
      return res.status(404).send({ message: "Group not found." });
    }
    res.status(200).send(group);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.updateGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.id);
    if (!group) {
      return res.status(404).send({ message: "Group not found." });
    }
    await group.update(req.body);
    res.status(200).send(group);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.deleteGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.id);
    if (!group) {
      return res.status(404).send({ message: "Group not found." });
    }
    await group.destroy();
    res.status(200).send({ message: "Group deleted successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.assignPermissionToGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.groupId);
    const permission = await Permission.findByPk(req.body.permissionId);
    
    if (!group || !permission) {
      return res.status(404).send({ message: "Group or Permission not found." });
    }

    await group.addPermission(permission);
    res.status(200).send({ message: "Permission assigned to group successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.removePermissionFromGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.groupId);
    const permission = await Permission.findByPk(req.params.permissionId);
    
    if (!group || !permission) {
      return res.status(404).send({ message: "Group or Permission not found." });
    }

    await group.removePermission(permission);
    res.status(200).send({ message: "Permission removed from group successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.assignMultiplePermissionsToGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.groupId);
    if (!group) {
      return res.status(404).send({ message: "Group not found." });
    }

    const { permissionIds } = req.body;
    const permissions = await Permission.findAll({
      where: {
        id: permissionIds
      }
    });

    await group.addPermissions(permissions);
    res.status(200).send({ message: "Permissions assigned to group successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.removeMultiplePermissionsFromGroup = async (req, res) => {
  try {
    const group = await Group.findByPk(req.params.groupId);
    if (!group) {
      return res.status(404).send({ message: "Group not found." });
    }

    const { permissionIds } = req.body;
    const permissions = await Permission.findAll({
      where: {
        id: permissionIds
      }
    });

    await group.removePermissions(permissions);
    res.status(200).send({ message: "Permissions removed from group successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

Create modules/auth/controllers/permissionController.js:

// modules/auth/controllers/permissionController.js
const Permission = require('../models/permission.model');
const User = require('../models/user.model');

exports.createPermission = async (req, res) => {
  try {
    const permission = await Permission.create(req.body);
    res.status(201).send(permission);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.getAllPermissions = async (req, res) => {
  try {
    const permissions = await Permission.findAll();
    res.status(200).send(permissions);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.getPermissionById = async (req, res) => {
  try {
    const permission = await Permission.findByPk(req.params.id);
    if (!permission) {
      return res.status(404).send({ message: "Permission not found." });
    }
    res.status(200).send(permission);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.updatePermission = async (req, res) => {
  try {
    const permission = await Permission.findByPk(req.params.id);
    if (!permission) {
      return res.status(404).send({ message: "Permission not found." });
    }
    await permission.update(req.body);
    res.status(200).send(permission);
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.deletePermission = async (req, res) => {
  try {
    const permission = await Permission.findByPk(req.params.id);
    if (!permission) {
      return res.status(404).send({ message: "Permission not found." });
    }
    await permission.destroy();
    res.status(200).send({ message: "Permission deleted successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.assignPermissionToUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.userId);
    const permission = await Permission.findByPk(req.body.permissionId);
    
    if (!user || !permission) {
      return res.status(404).send({ message: "User or Permission not found." });
    }

    await user.addPermission(permission);
    res.status(200).send({ message: "Permission assigned to user successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.removePermissionFromUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.userId);
    const permission = await Permission.findByPk(req.params.permissionId);
    
    if (!user || !permission) {
      return res.status(404).send({ message: "User or Permission not found." });
    }

    await user.removePermission(permission);
    res.status(200).send({ message: "Permission removed from user successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};


exports.assignMultiplePermissionsToUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.userId);
    if (!user) {
      return res.status(404).send({ message: "User not found." });
    }

    const { permissionIds } = req.body;
    const permissions = await Permission.findAll({
      where: {
        id: permissionIds
      }
    });

    await user.addPermissions(permissions);
    res.status(200).send({ message: "Permissions assigned to user successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

exports.removeMultiplePermissionsFromUser = async (req, res) => {
  try {
    const user = await User.findByPk(req.params.userId);
    if (!user) {
      return res.status(404).send({ message: "User not found." });
    }

    const { permissionIds } = req.body;
    const permissions = await Permission.findAll({
      where: {
        id: permissionIds
      }
    });

    await user.removePermissions(permissions);
    res.status(200).send({ message: "Permissions removed from user successfully." });
  } catch (err) {
    res.status(500).send({ message: err.message });
  }
};

Update modules/auth/routes/auth.routes.js:

// modules/auth/routes/auth.routes.js
const express = require('express');
const authController = require('../controllers/authController');
const groupController = require('../controllers/groupController');
const permissionController = require('../controllers/permissionController');
const verifyToken = require('../middlewares/auth');
const checkPermission = require('../middlewares/permissions');

const router = express.Router();

// Auth routes
router.post('/register', authController.register);
router.post('/login', authController.login);

// Group routes
router.post('/groups', verifyToken, checkPermission('add_group'), groupController.createGroup);
router.get('/groups', verifyToken, checkPermission('view_group'), groupController.getAllGroups);
router.get('/groups/:id', verifyToken, checkPermission('view_group'), groupController.getGroupById);
router.put('/groups/:id', verifyToken, checkPermission('change_group'), groupController.updateGroup);
router.delete('/groups/:id', verifyToken, checkPermission('delete_group'), groupController.deleteGroup);

// Permission routes
router.post('/permissions', verifyToken, checkPermission('add_permission'), permissionController.createPermission);
router.get('/permissions', verifyToken, checkPermission('view_permission'), permissionController.getAllPermissions);
router.get('/permissions/:id', verifyToken, checkPermission('view_permission'), permissionController.getPermissionById);
router.put('/permissions/:id', verifyToken, checkPermission('change_permission'), permissionController.updatePermission);
router.delete('/permissions/:id', verifyToken, checkPermission('delete_permission'), permissionController.deletePermission);

// Assign/Remove permissions to/from groups
router.post('/groups/:groupId/permissions', verifyToken, checkPermission('change_group'), groupController.assignPermissionToGroup);
router.delete('/groups/:groupId/permissions/:permissionId', verifyToken, checkPermission('change_group'), groupController.removePermissionFromGroup);

// Assign/Remove permissions to/from users
router.post('/users/:userId/permissions', verifyToken, checkPermission('change_user'), permissionController.assignPermissionToUser);
router.delete('/users/:userId/permissions/:permissionId', verifyToken, checkPermission('change_user'), permissionController.removePermissionFromUser);

// Assign multiple permissions to group
router.post('/groups/:groupId/permissions/bulk', verifyToken, checkPermission('change_group'), groupController.assignMultiplePermissionsToGroup);

// Remove multiple permissions from group
router.delete('/groups/:groupId/permissions/bulk', verifyToken, checkPermission('change_group'), groupController.removeMultiplePermissionsFromGroup);

// Assign multiple permissions to user
router.post('/users/:userId/permissions/bulk', verifyToken, checkPermission('change_user'), permissionController.assignMultiplePermissionsToUser);

// Remove multiple permissions from user
router.delete('/users/:userId/permissions/bulk', verifyToken, checkPermission('change_user'), permissionController.removeMultiplePermissionsFromUser);

// Example protected route
router.get('/protected', verifyToken, (req, res) => {
  res.status(200).send({ message: "This is a protected route." });
});

// Example route with permission check
router.get('/admin', verifyToken, checkPermission('access_admin'), (req, res) => {
  res.status(200).send({ message: "This is an admin route." });
});

module.exports = router;

Update modules/auth/index.js:

// modules/auth/index.js
const authRoutes = require('./routes/auth.routes');
const User = require('./models/user.model');
const Group = require('./models/group.model');
const Permission = require('./models/permission.model');

module.exports = (app) => {
  app.use('/api/auth', authRoutes);

  // Set up associations
  User.belongsToMany(Group, { through: 'UserGroups' });
  Group.belongsToMany(User, { through: 'UserGroups' });

  User.belongsToMany(Permission, { through: 'UserPermissions' });
  Permission.belongsToMany(User, { through: 'UserPermissions' });

  Group.belongsToMany(Permission, { through: 'GroupPermissions' });
  Permission.belongsToMany(Group, { through: 'GroupPermissions' });
};

How can we help?