add checks on user (office)role update

2023-08-16 11:09:48 +02:00 · 2023-08-16 11:09:48 +02:00 · 24327a99a3
commit 24327a99a3
parent 8b1934d49e
3 changed files with 65 additions and 6 deletions
--- a/src/app/api/admin/UsersController.ts
+++ b/src/app/api/admin/UsersController.ts
@ -10,11 +10,13 @@ import ruleHandler from "@App/middlewares/RulesHandler";
 import userHandler from "@App/middlewares/OfficeMembershipHandlers/UserHandler";
 import { validateOrReject } from "class-validator";
 import roleHandler from "@App/middlewares/RolesHandler";
+import RolesService from "@Services/admin/RolesService/RolesService";
+import OfficeRolesService from "@Services/admin/OfficeRolesService/OfficeRolesService";

@Controller()
@Service()
 export default class UsersController extends ApiController {
-	constructor(private usersService: UsersService) {
+	constructor(private usersService: UsersService, private roleService: RolesService, private officeRoleService: OfficeRolesService) {
 		super();
 	}

@ -75,7 +77,7 @@ export default class UsersController extends ApiController {
 					return;
 				}
 	
-				const userFound = await this.usersService.getByUid(uid);
+				const userFound = await this.usersService.getByUidWithRole(uid);
 	
 				if (!userFound) {
 					this.httpNotFoundRequest(response, "user not found");
@ -87,7 +89,30 @@ export default class UsersController extends ApiController {
 	
 				//validate user
 				await validateOrReject(userEntity, { groups: ["updateUser"] });
-	
+				
+				if(userEntity.role) {
+					const role = await this.roleService.getByUid(userEntity.role.uid!);
+					if(!role) {
+						this.httpBadRequest(response, "Role not found");
+						return;
+					}
+					if (role.name === "super-admin" || userFound.role.name === "super-admin" ) {
+						this.httpBadRequest(response, "Cannot assign or remove super-admin role");
+						return;
+					}
+				}
+
+				if(userEntity.office_role) {
+					const officeRole = await this.officeRoleService.getByUid(userEntity.office_role.uid!);
+					if(!officeRole) {
+						this.httpBadRequest(response, "Office role not found");
+						return;
+					}
+					if (officeRole.office_uid != userFound.office_uid) {
+						this.httpBadRequest(response, "Cannot assign an office role from another office");
+						return;
+					}
+				}
 				//call service to get prisma entity
 				const userEntityUpdated = await this.usersService.update(uid, userEntity);
 	
--- a/src/app/api/super-admin/UsersController.ts
+++ b/src/app/api/super-admin/UsersController.ts
@ -8,11 +8,13 @@ import User from "le-coffre-resources/dist/SuperAdmin";
 import authHandler from "@App/middlewares/AuthHandler";
 import ruleHandler from "@App/middlewares/RulesHandler";
 import roleHandler from "@App/middlewares/RolesHandler";
+import RolesService from "@Services/super-admin/RolesService/RolesService";
+import OfficeRolesService from "@Services/super-admin/OfficeRolesService/OfficeRolesService";

@Controller()
@Service()
 export default class UsersController extends ApiController {
-	constructor(private usersService: UsersService) {
+	constructor(private usersService: UsersService, private roleService: RolesService, private officeRoleService: OfficeRolesService) {
 		super();
 	}

@ -97,7 +99,7 @@ export default class UsersController extends ApiController {
 				return;
 			}

-			const userFound = await this.usersService.getByUid(uid, {role: true, votes: true});
+			const userFound = await this.usersService.getByUidWithRole(uid);

 			if (!userFound) {
 				this.httpNotFoundRequest(response, "user not found");
@ -109,6 +111,30 @@ export default class UsersController extends ApiController {

 			//validate user
 			await validateOrReject(userEntity, { groups: ["updateUser"] });
+
+			if(userEntity.role) {
+				const role = await this.roleService.getByUid(userEntity.role.uid!);
+				if(!role) {
+					this.httpBadRequest(response, "Role not found");
+					return;
+				}
+				if (role.name === "super-admin" || userFound.role.name === "super-admin" ) {
+					this.httpBadRequest(response, "Cannot assign or remove super-admin role");
+					return;
+				}
+			}
+
+			if(userEntity.office_role) {
+				const officeRole = await this.officeRoleService.getByUid(userEntity.office_role.uid!);
+				if(!officeRole) {
+					this.httpBadRequest(response, "Office role not found");
+					return;
+				}
+				if (officeRole.office_uid != userFound.office_uid) {
+					this.httpBadRequest(response, "Cannot assign an office role from another office");
+					return;
+				}
+			}
 			
 			//call service to get prisma entity
 			const userEntityUpdated = await this.usersService.update(uid, userEntity);
--- a/src/services/admin/UsersService/UsersService.ts
+++ b/src/services/admin/UsersService/UsersService.ts
@ -31,7 +31,7 @@ export default class UsersService extends BaseService {
 	 * @description : Modify a user
 	 * @throws {Error} If user modification failed
 	 */
-	public update(uid: string, userEntity: User): Promise<Users> {
+	public async update(uid: string, userEntity: User): Promise<Users> {
 		return this.userRepository.updateRole(uid, userEntity);
 	}

@ -51,6 +51,14 @@ export default class UsersService extends BaseService {
 		return this.userRepository.findOneByUidWithOffice(uid);
 	}

+	/**
+	 * @description : Get a user by uid with office
+	 * @throws {Error} If user cannot be get by uid
+	 */
+	public getByUidWithRole(uid: string) {
+		return this.userRepository.findOneByUidWithRole(uid);
+	}
+
 	/**
 	 * @description : Get a user by uid
 	 * @throws {Error} If user cannot be get by uid