bcgov · WalterMoar · Jan 28, 2025 · Jan 24, 2025
diff --git a/app/src/docs/v1.api-spec.yaml b/app/src/docs/v1.api-spec.yaml
@@ -2112,40 +2112,6 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
-    post:
-      summary: Create a new permission
-      operationId: createPermission
-      tags:
-        - Permission
-      security:
-        - BearerAuth: []
-          OpenID:
-            - admin
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              type: array
-              items:
-                $ref: '#/components/schemas/Permission'
-      responses:
-        '201':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Permission'
-        '401':
-          $ref: '#/components/responses/Unauthorized'
-        '403':
-          $ref: '#/components/responses/Forbidden'
-        default:
-          description: Unexpected error
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
   /permissions/{code}:
     get:
       summary: Get a permission
@@ -2181,46 +2147,6 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
-    put:
-      summary: Update a permission
-      operationId: updatePermission
-      tags:
-        - Permission
-      security:
-        - BearerAuth: []
-          OpenID:
-            - admin
-      parameters:
-        - in: path
-          name: code
-          schema:
-            type: string
-          required: true
-          example: submission_read
-          description: code of the permission to update
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Permission'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Permission'
-        '401':
-          $ref: '#/components/responses/Unauthorized'
-        '403':
-          $ref: '#/components/responses/Forbidden'
-        default:
-          description: Unexpected error
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
   /roles:
     get:
       summary: List all roles
@@ -2246,40 +2172,6 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
-    post:
-      summary: Create a new role
-      operationId: createRole
-      tags:
-        - Role
-      security:
-        - BearerAuth: []
-          OpenID:
-            - admin
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              type: array
-              items:
-                $ref: '#/components/schemas/Role'
-      responses:
-        '201':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '401':
-          $ref: '#/components/responses/Unauthorized'
-        '403':
-          $ref: '#/components/responses/Forbidden'
-        default:
-          description: Unexpected error
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
   /roles/{code}:
     get:
       summary: Get a role
@@ -2310,45 +2202,6 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/Error'
-    put:
-      summary: Update a role
-      operationId: updateRole
-      tags:
-        - Role
-      security:
-        - BearerAuth: []
-          OpenID:
-            - admin
-      parameters:
-        - in: path
-          name: code
-          schema:
-            type: string
-          required: true
-          description: code of the role to update
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/Role'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Role'
-        '401':
-          $ref: '#/components/responses/Unauthorized'
-        '403':
-          $ref: '#/components/responses/Forbidden'
-        default:
-          description: Unexpected error
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Error'
   /rbac/current:
     get:
       summary: Get current user details

diff --git a/app/src/forms/permission/controller.js b/app/src/forms/permission/controller.js
@@ -9,14 +9,7 @@ module.exports = {
       next(error);
     }
   },
-  create: async (req, res, next) => {
-    try {
-      const response = await service.create(req.body, req.currentUser);
-      res.status(201).json(response);
-    } catch (error) {
-      next(error);
-    }
-  },
+
   read: async (req, res, next) => {
     try {
       const response = await service.read(req.params.code);
@@ -25,12 +18,4 @@ module.exports = {
       next(error);
     }
   },
-  update: async (req, res, next) => {
-    try {
-      const response = await service.update(req.params.code, req.body, req.currentUser);
-      res.status(200).json(response);
-    } catch (error) {
-      next(error);
-    }
-  },
 };
diff --git a/app/src/forms/permission/routes.js b/app/src/forms/permission/routes.js
@@ -14,16 +14,8 @@ routes.get('/', async (req, res, next) => {
   await controller.list(req, res, next);
 });
 
-routes.post('/', async (req, res, next) => {
-  await controller.create(req, res, next);
-});
-
 routes.get('/:code', async (req, res, next) => {
   await controller.read(req, res, next);
 });
 
-routes.put('/:code', async (req, res, next) => {
-  await controller.update(req, res, next);
-});
-
 module.exports = routes;
diff --git a/app/src/forms/permission/service.js b/app/src/forms/permission/service.js
@@ -7,57 +7,10 @@ const service = {
     return Permission.query().allowGraph('[roles]').withGraphFetched('roles(orderDefault)').modify('orderDefault');
   },
 
-  create: async (data, currentUser) => {
-    let trx;
-    try {
-      trx = await Permission.startTransaction();
-
-      // TODO: validate permission code is unique
-      data.createdBy = currentUser.usernameIdp;
-
-      await Permission.query(trx).insert(data);
-      await trx.commit();
-      const result = await service.read(data.code);
-      return result;
-    } catch (err) {
-      if (trx) await trx.rollback();
-      throw err;
-    }
-  },
-
   read: async (code) => {
     return Permission.query().findOne('code', code).allowGraph('[roles]').withGraphFetched('roles(orderDefault)').throwIfNotFound();
   },
 
-  update: async (code, data, currentUser) => {
-    let trx;
-    try {
-      const obj = await service.read(code);
-      trx = await Permission.startTransaction();
-      if (obj.display !== data.display || obj.description != data.description || obj.active != obj.active) {
-        // update name/description...
-        await Permission.query(trx).patchAndFetchById(obj.code, {
-          display: data.display,
-          description: data.description,
-          active: data.active,
-          updatedBy: currentUser.usernameIdp,
-        });
-      }
-      // clean out existing roles...
-      await trx.raw(`delete from role_permission where "permission" = '${obj.code}'`);
-      // set to specified roles...
-      for (const r of data.roles) {
-        await trx.raw(`insert into role_permission (id, "role", "permission", "createdBy") values ('${uuid.v4()}', '${r.code}', '${obj.code}', '${currentUser.usernameIdp}');`);
-      }
-      await trx.commit();
-
-      return await service.read(obj.code);
-    } catch (err) {
-      if (trx) await trx.rollback();
-      throw err;
-    }
-  },
-
   /**
    * @function setUserEditable
    * Adds editing permissions for all existing submitter users

diff --git a/app/src/forms/role/controller.js b/app/src/forms/role/controller.js
@@ -9,14 +9,7 @@ module.exports = {
       next(error);
     }
   },
-  create: async (req, res, next) => {
-    try {
-      const response = await service.create(req.body, req.currentUser);
-      res.status(201).json(response);
-    } catch (error) {
-      next(error);
-    }
-  },
+
   read: async (req, res, next) => {
     try {
       const response = await service.read(req.params.code);
@@ -25,12 +18,4 @@ module.exports = {
       next(error);
     }
   },
-  update: async (req, res, next) => {
-    try {
-      const response = await service.update(req.params.code, req.body, req.currentUser);
-      res.status(200).json(response);
-    } catch (error) {
-      next(error);
-    }
-  },
 };
diff --git a/app/src/forms/role/routes.js b/app/src/forms/role/routes.js
@@ -5,24 +5,17 @@ const currentUser = require('../auth/middleware/userAccess').currentUser;
 const validateParameter = require('../common/middleware/validateParameter');
 const controller = require('./controller');
 
+jwtService.protect();
 routes.use(currentUser);
 
 routes.param('code', validateParameter.validateRoleCode);
 
-routes.get('/', jwtService.protect(), async (req, res, next) => {
+routes.get('/', async (req, res, next) => {
   await controller.list(req, res, next);
 });
 
-routes.post('/', jwtService.protect('admin'), async (req, res, next) => {
-  await controller.create(req, res, next);
-});
-
-routes.get('/:code', jwtService.protect(), async (req, res, next) => {
+routes.get('/:code', async (req, res, next) => {
   await controller.read(req, res, next);
 });
 
-routes.put('/:code', jwtService.protect('admin'), async (req, res, next) => {
-  await controller.update(req, res, next);
-});
-
 module.exports = routes;
diff --git a/app/src/forms/role/service.js b/app/src/forms/role/service.js
@@ -1,62 +1,13 @@
-const uuid = require('uuid');
 const { Role } = require('../common/models');
 
 const service = {
   list: async () => {
     return Role.query().allowGraph('[permissions]').withGraphFetched('permissions(orderDefault)').modify('orderDefault');
   },
 
-  create: async (data, currentUser) => {
-    let trx;
-    try {
-      trx = await Role.startTransaction();
-
-      // TODO: validate role code is unique
-      data.createdBy = currentUser.usernameIdp;
-
-      await Role.query(trx).insert(data);
-      await trx.commit();
-      const result = await service.read(data.code);
-      return result;
-    } catch (err) {
-      if (trx) await trx.rollback();
-      throw err;
-    }
-  },
-
   read: async (code) => {
     return Role.query().findOne('code', code).allowGraph('[permissions]').withGraphFetched('permissions(orderDefault)').throwIfNotFound();
   },
-
-  update: async (code, data, currentUser) => {
-    let trx;
-    try {
-      const obj = await service.read(code);
-      trx = await Role.startTransaction();
-
-      if (obj.display !== data.display || obj.description != data.description || obj.active != data.active) {
-        // update name/description...
-        await Role.query(trx).patchAndFetchById(obj.code, {
-          display: data.display,
-          description: data.description,
-          active: data.active,
-          updatedBy: currentUser.usernameIdp,
-        });
-      }
-      // clean out existing permissions...
-      await trx.raw(`delete from role_permission where "role" = '${obj.code}'`);
-      // set to specified permissions...
-      for (const p of data.permissions) {
-        await trx.raw(`insert into role_permission (id, "role", "permission", "createdBy") values ('${uuid.v4()}', '${obj.code}', '${p.code}', '${currentUser.usernameIdp}');`);
-      }
-
-      await trx.commit();
-      return await service.read(obj.code);
-    } catch (err) {
-      if (trx) await trx.rollback();
-      throw err;
-    }
-  },
 };
 
 module.exports = service;