ducky/devices
ducky/devices/apiv1/scopes.go
Add endpoint for retrieving devices. Add an endpoint for retrieving devices, either as a list or by ID. Stub endpoints for updating and deleting devices., along with TODOs marking them as things to still be completed. (Right now, accessing those endpoints is an insta-panic.) Simplify our handleCreateDevices by returning StatusUnauthorized if AuthUser fails, so we can reserve StatusForbidden for when auth succeeds but access is still denied. Also, delay the instantiation and allocation of a Response variable until we're actually going to use it. Create a handleGetDevices handler that authenticates the user, and if no ID is set, returns a list of all their Devices. If one or more IDs are set, only those Devices are returned. If ScopeViewPushToken is one of the scopes associated with the request, the push tokens for each Device will be included in the response. Otherwise, they will be omitted.
| paddy@15 | 1 package apiv1 |
| paddy@15 | 2 |
| paddy@15 | 3 import "code.secondbit.org/scopes.hg/types" |
| paddy@15 | 4 |
| paddy@15 | 5 var ( |
| paddy@15 | 6 // ScopeViewPushToken is a Scope that grants access to viewing pushTokens for |
| paddy@15 | 7 // Devices. |
| paddy@15 | 8 ScopeViewPushToken = scopeTypes.Scope{ |
| paddy@15 | 9 ID: "https://scopes.useducky.com/devices/pushToken/view", |
| paddy@15 | 10 Name: "View device push tokens.", |
| paddy@15 | 11 Description: "View the push tokens that allow sending messages and notifications to your device. This can be used to force your device to open links, and should be granted with extreme caution.", |
| paddy@15 | 12 } |
| paddy@16 | 13 |
| paddy@18 | 14 // ScopeViewDevices is a Scope that grants access to viewing the Devices |
| paddy@18 | 15 // that belong to a user. |
| paddy@18 | 16 ScopeViewDevices = scopeTypes.Scope{ |
| paddy@18 | 17 ID: "https://scopes.useducky.com/devices/view", |
| paddy@18 | 18 Name: "View devices.", |
| paddy@18 | 19 Description: "View the devices that are associated with your account.", |
| paddy@18 | 20 } |
| paddy@18 | 21 |
| paddy@16 | 22 // ScopeImport is a Scope that grants access to bulk importing Devices. It grants |
| paddy@16 | 23 // what equates to admin permissions, including the ability to create Devices for |
| paddy@16 | 24 // other users, and thus should be granted with extreme caution. |
| paddy@16 | 25 ScopeImport = scopeTypes.Scope{ |
| paddy@16 | 26 ID: "https://scopes.useducky.com/devices/import", |
| paddy@16 | 27 Name: "Import devices.", |
| paddy@16 | 28 Description: "Import devices into the system, including creating devices for other users. This should only ever be granted to system resources.", |
| paddy@16 | 29 } |
| paddy@16 | 30 |
| paddy@16 | 31 // ScopeCreateOtherUserDevices is a Scope that grants the user the ability to create |
| paddy@16 | 32 // Devices with an Owner property that doesn't match the authenticated user's ID. |
| paddy@16 | 33 ScopeCreateOtherUserDevices = scopeTypes.Scope{ |
| paddy@16 | 34 ID: "https://scopes.useducky.com/devices/otherUser/create", |
| paddy@16 | 35 Name: "Create devices for other users.", |
| paddy@16 | 36 Description: "Create devices like usual, but make a different user the owner of the device.", |
| paddy@16 | 37 } |
| paddy@15 | 38 ) |