Merge pull request #16 from foyzulkarim/feature/rbac/role-crud

Add Role Management API Routes

Author: foyzulkarim

src/domains/index.js

@@ -2,12 +2,14 @@ const productRoutes = require('./product');
 const userRoutes = require('./user');
 const repositoryRoutes = require('./repository');
 const prRoutes = require('./pull');
+const roleRoutes = require('./role');
 
 const defineRoutes = async (expressRouter) => {
   productRoutes(expressRouter);
   userRoutes(expressRouter);
   repositoryRoutes(expressRouter);
   prRoutes(expressRouter);
+  roleRoutes(expressRouter);
 };
 
 module.exports = defineRoutes;

src/domains/role/api.js

@@ -0,0 +1,127 @@
+const express = require('express');
+const logger = require('../../libraries/log/logger');
+const { AppError } = require('../../libraries/error-handling/AppError');
+
+const {
+  create,
+  search,
+  count,
+  getById,
+  updateById,
+  deleteById,
+} = require('./service');
+
+const {
+  createSchema,
+  updateSchema,
+  idSchema,
+  searchSchema,
+} = require('./request');
+const { validateRequest } = require('../../middlewares/request-validate');
+const { logRequest } = require('../../middlewares/log');
+const { isAuthorized } = require('../../middlewares/auth/authorization');
+
+const model = 'Role';
+
+const routes = () => {
+  const router = express.Router();
+  logger.info(`Setting up routes for ${model}`);
+
+  router.get(
+    '/search',
+    logRequest({}),
+    validateRequest({ schema: searchSchema, isQuery: true }),
+    async (req, res, next) => {
+      try {
+        const items = await search(req.query);
+        res.json(items);
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  router.get(
+    '/count',
+    logRequest({}),
+    validateRequest({ schema: searchSchema, isQuery: true }),
+    async (req, res, next) => {
+      try {
+        const total = await count(req.query);
+        res.json({ total });
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  router.post(
+    '/',
+    logRequest({}),
+    isAuthorized,
+    validateRequest({ schema: createSchema }),
+    async (req, res, next) => {
+      try {
+        const item = await create(req.body);
+        res.status(201).json(item);
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  router.get(
+    '/:id',
+    logRequest({}),
+    validateRequest({ schema: idSchema, isParam: true }),
+    async (req, res, next) => {
+      try {
+        const item = await getById(req.params.id);
+        if (!item) {
+          throw new AppError(`${model} not found`, `${model} not found`, 404);
+        }
+        res.status(200).json(item);
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  router.put(
+    '/:id',
+    logRequest({}),
+    isAuthorized,
+    validateRequest({ schema: idSchema, isParam: true }),
+    validateRequest({ schema: updateSchema }),
+    async (req, res, next) => {
+      try {
+        const item = await updateById(req.params.id, req.body);
+        if (!item) {
+          throw new AppError(`${model} not found`, `${model} not found`, 404);
+        }
+        res.status(200).json(item);
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  router.delete(
+    '/:id',
+    logRequest({}),
+    isAuthorized,
+    validateRequest({ schema: idSchema, isParam: true }),
+    async (req, res, next) => {
+      try {
+        await deleteById(req.params.id);
+        res.status(204).json({ message: `${model} is deleted` });
+      } catch (error) {
+        next(error);
+      }
+    }
+  );
+
+  return router;
+};
+
+module.exports = { routes };

src/domains/role/event.js

@@ -0,0 +1,7 @@
+const { routes } = require('./api');
+
+const defineRoutes = (expressRouter) => {
+  expressRouter.use('/roles', routes());
+};
+
+module.exports = defineRoutes;

src/domains/role/index.js

@@ -0,0 +1,52 @@
+const Joi = require('joi');
+const mongoose = require('mongoose');
+
+const createSchema = Joi.object().keys({
+  name: Joi.string().required(),
+  displayName: Joi.string().required(),
+  description: Joi.string().allow('').optional(),
+  permissions: Joi.array().items(
+    Joi.string().custom((value, helpers) => {
+      if (!mongoose.Types.ObjectId.isValid(value)) {
+        return helpers.error('any.invalid');
+      }
+      return value;
+    }, 'ObjectId validation')
+  ).optional(),
+  isSystem: Joi.boolean().default(false)
+});
+
+const updateSchema = Joi.object().keys({
+  name: Joi.string(),
+  displayName: Joi.string(),
+  description: Joi.string().allow(''),
+  permissions: Joi.array().items(
+    Joi.string().custom((value, helpers) => {
+      if (!mongoose.Types.ObjectId.isValid(value)) {
+        return helpers.error('any.invalid');
+      }
+      return value;
+    }, 'ObjectId validation')
+  ),
+  isSystem: Joi.boolean()
+});
+
+const idSchema = Joi.object().keys({
+  id: Joi.string()
+    .custom((value, helpers) => {
+      if (!mongoose.Types.ObjectId.isValid(value)) {
+        return helpers.error('any.invalid');
+      }
+      return value;
+    }, 'ObjectId validation')
+    .required(),
+});
+
+const searchSchema = Joi.object({
+  keyword: Joi.string().allow('').optional().max(10),
+  page: Joi.number().integer().min(0),
+  orderBy: Joi.string(),
+  order: Joi.string().valid('asc', 'desc'),
+});
+
+module.exports = { createSchema, updateSchema, idSchema, searchSchema };

src/domains/role/request.js

@@ -0,0 +1,32 @@
+const mongoose = require('mongoose');
+const { baseSchema } = require('../../libraries/db/base-schema');
+
+const schema = new mongoose.Schema({
+  name: {
+    type: String,
+    required: true,
+    unique: true,
+    lowercase: true,
+    trim: true,
+  },
+  displayName: {
+    type: String,
+    required: true,
+  },
+  description: {
+    type: String,
+    default: '',
+  },
+  permissions: [{
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'Permission'
+  }],
+  isSystem: {
+    type: Boolean,
+    default: false  // To mark system-level roles like 'superadmin'
+  }
+});
+
+schema.add(baseSchema);
+
+module.exports = mongoose.model('Role', schema);

src/domains/role/schema.js

@@ -0,0 +1,118 @@
+const logger = require('../../libraries/log/logger');
+const Model = require('./schema');
+const { AppError } = require('../../libraries/error-handling/AppError');
+
+const model = 'role';
+
+const create = async (data) => {
+  try {
+    const item = new Model(data);
+    const saved = await item.save();
+    logger.info(`create(): ${model} created`, {
+      id: saved._id,
+    });
+    return saved;
+  } catch (error) {
+    logger.error(`create(): Failed to create ${model}`, error);
+    throw new AppError(`Failed to create ${model}`, error.message);
+  }
+};
+
+const search = async (query) => {
+  try {
+    logger.info(`search(): ${model} search`, { query });
+    const pageSize = 10;
+    const {
+      keyword,
+      page = 0,
+      orderBy = 'name',
+      order = 'asc',
+    } = query ?? {};
+
+    const filter = {};
+    if (keyword) {
+      filter.$or = [
+        { name: { $regex: keyword, $options: 'i' } },
+        { displayName: { $regex: keyword, $options: 'i' } },
+      ];
+    }
+
+    const items = await Model.find(filter)
+      .sort({ [orderBy]: order === 'asc' ? 1 : -1 })
+      .skip(page * pageSize)
+      .limit(pageSize);
+
+    logger.info('search(): filter and count', {
+      filter,
+      count: items.length,
+    });
+    return items;
+  } catch (error) {
+    logger.error(`search(): Failed to search ${model}`, error);
+    throw new AppError(`Failed to search ${model}`, error.message, 400);
+  }
+};
+
+const count = async (query) => {
+  try {
+    const { keyword } = query ?? {};
+    const filter = {};
+    if (keyword) {
+      filter.$or = [
+        { name: { $regex: keyword, $options: 'i' } },
+        { displayName: { $regex: keyword, $options: 'i' } },
+      ];
+    }
+    const total = await Model.countDocuments(filter);
+    logger.info('count(): filter and count', {
+      filter,
+      count: total,
+    });
+    return total;
+  } catch (error) {
+    logger.error(`count(): Failed to count ${model}`, error);
+    throw new AppError(`Failed to count ${model}`, error.message, 400);
+  }
+};
+
+const getById = async (id) => {
+  try {
+    const item = await Model.findById(id);
+    logger.info(`getById(): ${model} fetched`, { id });
+    return item;
+  } catch (error) {
+    logger.error(`getById(): Failed to get ${model}`, error);
+    throw new AppError(`Failed to get ${model}`, error.message);
+  }
+};
+
+const updateById = async (id, data) => {
+  try {
+    const item = await Model.findByIdAndUpdate(id, data, { new: true });
+    logger.info(`updateById(): ${model} updated`, { id });
+    return item;
+  } catch (error) {
+    logger.error(`updateById(): Failed to update ${model}`, error);
+    throw new AppError(`Failed to update ${model}`, error.message);
+  }
+};
+
+const deleteById = async (id) => {
+  try {
+    await Model.findByIdAndDelete(id);
+    logger.info(`deleteById(): ${model} deleted`, { id });
+    return true;
+  } catch (error) {
+    logger.error(`deleteById(): Failed to delete ${model}`, error);
+    throw new AppError(`Failed to delete ${model}`, error.message);
+  }
+};
+
+module.exports = {
+  create,
+  search,
+  count,
+  getById,
+  updateById,
+  deleteById,
+};