refacto(controller): add checks on user (office)role update (#63)

solve this ticket :
https://www.notion.so/smart-chain/8451b1abb95046ceae81b49cfe26fe71?v=ac57690f41144dd8b703ad8ce35b8f3f&p=bc4296a15d104d41958ae73b5c456796&pm=s

src/app/api/admin/UsersController.ts

@@ -10,11 +10,13 @@ import ruleHandler from "@App/middlewares/RulesHandler";
 import userHandler from "@App/middlewares/OfficeMembershipHandlers/UserHandler";
 import { validateOrReject } from "class-validator";
 import roleHandler from "@App/middlewares/RolesHandler";
+import RolesService from "@Services/admin/RolesService/RolesService";
+import OfficeRolesService from "@Services/admin/OfficeRolesService/OfficeRolesService";
 
 @Controller()
 @Service()
 export default class UsersController extends ApiController {
-	constructor(private usersService: UsersService) {
+	constructor(private usersService: UsersService, private roleService: RolesService, private officeRoleService: OfficeRolesService) {
 		super();
 	}
 
@@ -75,7 +77,7 @@ export default class UsersController extends ApiController {
 					return;
 				}
 	
-				const userFound = await this.usersService.getByUid(uid);
+				const userFound = await this.usersService.getByUidWithRole(uid);
 	
 				if (!userFound) {
 					this.httpNotFoundRequest(response, "user not found");
@@ -88,6 +90,29 @@ export default class UsersController extends ApiController {
 				//validate user
 				await validateOrReject(userEntity, { groups: ["updateUser"] });
 				
+				if(userEntity.role) {
+					const role = await this.roleService.getByUid(userEntity.role.uid!);
+					if(!role) {
+						this.httpBadRequest(response, "Role not found");
+						return;
+					}
+					if (role.name === "super-admin" || userFound.role.name === "super-admin" ) {
+						this.httpBadRequest(response, "Cannot assign or remove super-admin role");
+						return;
+					}
+				}
+
+				if(userEntity.office_role) {
+					const officeRole = await this.officeRoleService.getByUid(userEntity.office_role.uid!);
+					if(!officeRole) {
+						this.httpBadRequest(response, "Office role not found");
+						return;
+					}
+					if (officeRole.office_uid != userFound.office_uid) {
+						this.httpBadRequest(response, "Cannot assign an office role from another office");
+						return;
+					}
+				}
 				//call service to get prisma entity
 				const userEntityUpdated = await this.usersService.update(uid, userEntity);
 	

src/app/api/super-admin/UsersController.ts

@@ -8,11 +8,13 @@ import User from "le-coffre-resources/dist/SuperAdmin";
 import authHandler from "@App/middlewares/AuthHandler";
 import ruleHandler from "@App/middlewares/RulesHandler";
 import roleHandler from "@App/middlewares/RolesHandler";
+import RolesService from "@Services/super-admin/RolesService/RolesService";
+import OfficeRolesService from "@Services/super-admin/OfficeRolesService/OfficeRolesService";
 
 @Controller()
 @Service()
 export default class UsersController extends ApiController {
-	constructor(private usersService: UsersService) {
+	constructor(private usersService: UsersService, private roleService: RolesService, private officeRoleService: OfficeRolesService) {
 		super();
 	}
 
@@ -97,7 +99,7 @@ export default class UsersController extends ApiController {
 				return;
 			}
 
-			const userFound = await this.usersService.getByUid(uid, {role: true, votes: true});
+			const userFound = await this.usersService.getByUidWithRole(uid);
 
 			if (!userFound) {
 				this.httpNotFoundRequest(response, "user not found");
@@ -110,6 +112,30 @@ export default class UsersController extends ApiController {
 			//validate user
 			await validateOrReject(userEntity, { groups: ["updateUser"] });
 
+			if(userEntity.role) {
+				const role = await this.roleService.getByUid(userEntity.role.uid!);
+				if(!role) {
+					this.httpBadRequest(response, "Role not found");
+					return;
+				}
+				if (role.name === "super-admin" || userFound.role.name === "super-admin" ) {
+					this.httpBadRequest(response, "Cannot assign or remove super-admin role");
+					return;
+				}
+			}
+
+			if(userEntity.office_role) {
+				const officeRole = await this.officeRoleService.getByUid(userEntity.office_role.uid!);
+				if(!officeRole) {
+					this.httpBadRequest(response, "Office role not found");
+					return;
+				}
+				if (officeRole.office_uid != userFound.office_uid) {
+					this.httpBadRequest(response, "Cannot assign an office role from another office");
+					return;
+				}
+			}
+			
 			//call service to get prisma entity
 			const userEntityUpdated = await this.usersService.update(uid, userEntity);
 

src/services/admin/UsersService/UsersService.ts

@@ -31,7 +31,7 @@ export default class UsersService extends BaseService {
 	 * @description : Modify a user
 	 * @throws {Error} If user modification failed
 	 */
-	public update(uid: string, userEntity: User): Promise<Users> {
+	public async update(uid: string, userEntity: User): Promise<Users> {
 		return this.userRepository.updateRole(uid, userEntity);
 	}
 
@@ -51,6 +51,14 @@ export default class UsersService extends BaseService {
 		return this.userRepository.findOneByUidWithOffice(uid);
 	}
 
+	/**
+	 * @description : Get a user by uid with office
+	 * @throws {Error} If user cannot be get by uid
+	 */
+	public getByUidWithRole(uid: string) {
+		return this.userRepository.findOneByUidWithRole(uid);
+	}
+
 	/**
 	 * @description : Get a user by uid
 	 * @throws {Error} If user cannot be get by uid