#93 added check on admin rpoject rights while addd remove user and delete project

planner-api/src/helpers.ts

@@ -3,6 +3,7 @@ import { myDataSource } from "./app-data-source";
 import { Task } from "./models/Task";
 import { User } from "./models/User";
 import nodemailer from  'nodemailer';
+import { Member } from "./models/Member";
 
 
 const dataSource = myDataSource;
@@ -103,7 +104,30 @@ export const authAuthorOrExecutorOfDateTimeTask = async(req: Request,res: Respon
 }
 
 
+/**check if user is admin of the project, receives userId and projectId*/
+export const authAdminProject = async(req: Request,res: Response, next:NextFunction):Promise<void | express.Response<Response>>=>{
+    const token = req.get('Authorization');
+    const {projectId} = req.body;
+    const adminOfProject =  await dataSource
+    .createQueryBuilder()
+    .select("user")
+    .from(User, "user")
+    .leftJoinAndSelect("user.members","member")
+    .leftJoinAndSelect('member.project', 'project' )
+    .where("user.token = :token", { token })
+    .andWhere('project.id=:projectId',{projectId})
+    .andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
+    .getOne()
+    if (!adminOfProject){
+        return res.send({message:'User is not authorized'})
+    } 
+    req.body ={...req.body,adminStatus:true}
+    next()
+}
+
 
+/** return user  if is in the given project, recieves userId adn projectId */
+  
 
 /**task finder by id, return one task */
 export const taskFinderById = async (taskId:string):Promise<null | Task>=>{
@@ -122,6 +146,30 @@ export const taskFinderById = async (taskId:string):Promise<null | Task>=>{
     return task
 }
 
+/**member finder by userId and projectId, return one task */
+
+export const memberFinderById = async (userId:string, projectId:string)=>{
+    const member = await dataSource
+    .getRepository(Member)
+    .findOne({
+        relations:{
+            user:true,
+            project:true,
+        },
+        where:{
+            user:{
+                id : userId
+            },
+            project:{
+                id:projectId
+            }
+        }
+    })
+
+    return member
+}
+
+
 
 
 export let  transporter = nodemailer.createTransport({

planner-api/src/models/Member.ts

@@ -32,10 +32,10 @@ import {
     @CreateDateColumn({ name: 'createdAt', type: Date, default: new Date() })
     createdAt!: Date;
 
-    @ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true,  onUpdate:'CASCADE',eager:true})
+    @ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true,  onUpdate:'CASCADE', onDelete: 'CASCADE',eager:true})
     user!: User;
 
-    @ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true,  onUpdate:'CASCADE',nullable:true})
+    @ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true,  onUpdate:'CASCADE', onDelete: 'CASCADE',nullable:true})
     project!: Project;
 
     @Column({

planner-api/src/models/Project.ts

@@ -46,7 +46,7 @@ import {
     @OneToMany(() => Task, (task: { project: Project; })=>task.project,{nullable:true})
     tasks!:Task[];
 
-    @OneToMany(() => Member, (member: { project: Project; })=>member.project)
+    @OneToMany(() => Member, (member: { project: Project; })=>member.project, {onDelete: 'CASCADE'})
     members!:Member[];
  
  }
\ No newline at end of file

planner-api/src/models/User.ts

@@ -80,7 +80,7 @@ export class User extends BaseEntity implements IUser {
   @OneToMany(() => Task, (task: { user: User }) =>task.user)
   tasks!: Task[];
 
-  @OneToMany(() => Member, (member: { user: User }) => member.user)
+  @OneToMany(() => Member, (member: { user: User }) => member.user, {onDelete: 'CASCADE'})
   members!: Member[];
 
 

planner-api/src/routers/projects.ts

 import express,{Router, Request, Response} from 'express';
 import {Project} from '../models/Project';
 import {myDataSource} from '../app-data-source';
-import { User } from '../models/User';
 import { Member, MemberRole } from '../models/Member';
-import { userInfo } from 'os';
-import { Task } from '../models/Task';
-import { auth } from '../helpers';
+import { auth, authAdminProject } from '../helpers';
 
 const router:Router = express.Router();
 const dataSource = myDataSource;
@@ -91,7 +88,7 @@ router.get("/:id",async (req:Request, res:Response): Promise<Response> => {
 })
 
 /** Delete project by project ID*/
-router.delete('/:projectId',async (req: Request, res: Response):Promise<Response>=>{
+router.delete('/:projectId',authAdminProject,async (req: Request, res: Response):Promise<Response>=>{
     const projectId = req.params.projectId;
     await myDataSource
     .createQueryBuilder()
@@ -119,9 +116,8 @@ router.get('/user/:userId', async (req : Request, res : Response): Promise<Respo
 
 /** Add user to specific project  */
 
-router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=>{
+router.post('/add-user/', authAdminProject, async (req: Request, res: Response):Promise<Response>=>{
     const {userId, projectId, roleProject} = req.body;
-    console.log("req body" + req.body)
     const newMember:Member = new Member();
     try{
     newMember.user= userId;
@@ -136,38 +132,50 @@ router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=
 })
 
 
-/** Remove user from specific project  */
+/** Remove user from specific project by userId  */
 
-router.post('/remove-user', async (req: Request, res: Response):Promise<Response>=> {
-    const token = req.get('Authorization');
-    const {userId, projectId} = req.body;
-    const adminOfProject =  await dataSource
+router.delete('/remove-user/:userId', authAdminProject,async (req: Request, res: Response):Promise<Response>=> {
+    const {projectId} = req.body;
+    const {userId }=req.params;
+    try{
+                await dataSource
+                .createQueryBuilder()
+                .delete()
+                .from(Member)
+                .where("user= :userId", { userId })
+                .andWhere("project=:projectId",{projectId})
+                .execute()
+            return res.send({message:"User removed from project successfully" })
+            } catch(e){
+                return res.send({message:'Failed to remove user from project'})
+            }
+    
+}) 
+
+
+/**change rights of user inside of project by admin, recieve userId, new roleProject  */
+
+router.put('/change-project-role/:userId',authAdminProject,  async (req: Request, res: Response):Promise<Response|void> =>{
+    const {userId}= req.params
+    const {projectId, newRoleProject} =req.body
+    const member = await dataSource
     .createQueryBuilder()
-    .select("user")
-    .from(User, "user")
-    .leftJoinAndSelect("user.members","member")
+    .select("member")
+    .from(Member, "member")
+    .leftJoinAndSelect("member.user","user")
     .leftJoinAndSelect('member.project', 'project' )
-    .where("user.token = :token", { token })
-    .andWhere('project.id=:projectId',{projectId})
-    .andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
+    .where("user.id = :userId", { userId })
+    .andWhere("project.id=:projectId",{projectId})
     .getOne()
-    if (!adminOfProject){
-        return res.send({message:'User is not authorized'})
-    } 
-    
+    if(!member) return res.status(404).send({Message:'user and project are not relevant'})
     try{
-        await dataSource
-        .createQueryBuilder()
-        .delete()
-        .from(Member)
-        .where("user = :userId", { userId })
-        .andWhere("project=:projectId",{projectId})
-        .execute()
-    return res.send({message:"User removed from project successfully" })
+        member.roleProject = newRoleProject
+        await member.save()
+
     } catch(e){
-        return res.send({message:'Failed to remove user from project'})
+        return res.send({message:"failed to change role"})
     }
-}) 
-
+    return res.send({message:"User's new role ", newRoleProject})
+})
 
 export default router;