vanja/feishin
1
0
Fork 0
mirror of https://github.com/jeffvli/feishin.git synced 2026-05-14 20:40:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add initial users manager

Browse Source
This commit is contained in:
jeffvli
2022-11-08 18:46:56 -08:00
parent df8e38cedd
commit 445e4b56b7
19 changed files with 664 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/routes/users.route.ts
+31 -8
View File
@@ -2,25 +2,48 @@ import express, { Router } from 'express';
import { controller } from '@controllers/index';
import { service } from '@services/index';
import { ApiError } from '@utils/index';
import { validation } from '@validations/index';
import { validateRequest } from '@validations/shared.validation';
import { authenticateAdmin } from '../middleware/authenticate-admin';
export const router: Router = express.Router({ mergeParams: true });
router
.route('/')
.get(authenticateAdmin, controller.users.getUserList)
.post(authenticateAdmin, controller.users.createUser);
.get(
authenticateAdmin,
validateRequest(validation.users.list),
controller.users.getUserList
)
.post(
authenticateAdmin,
validateRequest(validation.users.createUser),
controller.users.createUser
);
router.param('userId', async (req, _res, next, userId) => {
await service.users.findById(req.authUser, { id: userId });
const user = await service.users.findById(req.authUser, { id: userId });
if (req.authUser.isAdmin || req.authUser.id === userId) {
if (req.authUser.id === userId) {
return next();
}
throw ApiError.forbidden('You are not allowed to access this resource');
// Only superadmins can modify other admins
if (user.isAdmin && !req.authUser.isSuperAdmin) {
throw ApiError.forbidden('You are not authorized to access this resource');
}
return next();
});
router.route('/:userId/update').post(controller.users.updateUser);
router.route('/:userId/delete').post(controller.users.deleteUser);
router
.route('/:userId')
.get(validateRequest(validation.users.detail), controller.users.getUserDetail)
.patch(
validateRequest(validation.users.updateUser),
controller.users.updateUser
)
.delete(
validateRequest(validation.users.deleteUser),
controller.users.deleteUser
);