cheveguerra/whaticket-community
1
0
Fork 0
mirror of https://github.com/cheveguerra/whaticket-community.git synced 2026-04-17 19:37:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allowing user editing only to admins

Browse Source
This commit is contained in:
canove
2020-09-04 11:22:53 -03:00
parent 364b94c8ab
commit 3cb3fc1a20
1 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
backend/src/controllers/UserController.js
View File

@@ -40,6 +40,7 @@ exports.index = async (req, res) => {
};
exports.store = async (req, res, next) => {
console.log(req.url);
const schema = Yup.object().shape({
name: Yup.string().required().min(2),
email: Yup.string()
@@ -56,12 +57,18 @@ exports.store = async (req, res, next) => {
password: Yup.string().required().min(5),
});
const { value: userCreation } = await Setting.findByPk("userCreation");
if (req.url === "/signup") {
const { value: userCreation } = await Setting.findByPk("userCreation");
if (userCreation === "disabled") {
if (userCreation === "disabled") {
return res
.status(403)
.json({ error: "User creation is disabled by administrator." });
}
} else if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "User creation is disabled by administrator" });
.json({ error: "Only administrators can create users." });
}
await schema.validate(req.body);
@@ -98,7 +105,11 @@ exports.update = async (req, res) => {
password: Yup.string(),
});
console.log("cai aqui");
if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "Only administrators can edit users." });
}
await schema.validate(req.body);
@@ -113,6 +124,16 @@ exports.update = async (req, res) => {
res.status(400).json({ error: "No user found with this id." });
}
if (user.profile === "admin" && req.body.profile === "user") {
const adminUsers = await User.count({ where: { profile: "admin" } });
if (adminUsers <= 1) {
return res
.status(403)
.json({ error: "There must be at leat one admin user." });
}
console.log("found", adminUsers);
}
await user.update(req.body);
io.emit("user", {
@@ -133,6 +154,12 @@ exports.delete = async (req, res) => {
res.status(400).json({ error: "No user found with this id." });
}
if (req.user.profile !== "admin") {
return res
.status(403)
.json({ error: "Only administrators can edit users." });
}
await user.destroy();
io.emit("user", {