diff --git a/app/routes/routes.js b/app/routes/routes.js index f9bee8c..6f927dd 100755 --- a/app/routes/routes.js +++ b/app/routes/routes.js @@ -8,6 +8,7 @@ var login = require('./login.js'); var panel = require('./panel.js'); var keys = require('./keys.js'); var invites = require('./invites.js'); +var users = require('./users.js'); var Key = require('../models/Key.js'); @@ -50,6 +51,7 @@ module.exports = function (app) { app.use('/api/auth', auth); app.use('/api/keys', requireLogin, keys); app.use('/api/invites', requireLogin, invites); + app.use('/api/users', requireLogin, users); app.use('/register', register); app.use('/login', login); app.use('/panel', requireLogin, panel); diff --git a/app/routes/users.js b/app/routes/users.js new file mode 100644 index 0000000..c5270a6 --- /dev/null +++ b/app/routes/users.js @@ -0,0 +1,33 @@ +var express = require('express'); +var router = express.Router(); + +var User = require('../models/User.js'); + +var requireScope = function (perm) { + return function(req, res, next) { + User.findOne({username: req.session.passport.user}, function(err, user) { + if (err) throw err; + if (user.scope.indexOf(perm) === -1) + res.status(400).json({'message': 'No permission.'}); + else + next(); + }); + } +}; + +router.get('/get', requireScope('users.view'), function (req, res, next) { + var query = {}; + + if (req.body.username) + query.username = req.body.username; + + User.find(query, function (err, users) { + if (err) { + next(err) + } else { + res.status(200).json(users); + } + }) +}); + +module.exports = router; \ No newline at end of file