#93 added check on admin rpoject rights while addd remove user and delete project

parent 5b0ba753
......@@ -3,6 +3,7 @@ import { myDataSource } from "./app-data-source";
import { Task } from "./models/Task";
import { User } from "./models/User";
import nodemailer from 'nodemailer';
import { Member } from "./models/Member";
const dataSource = myDataSource;
......@@ -103,6 +104,29 @@ export const authAuthorOrExecutorOfDateTimeTask = async(req: Request,res: Respon
}
/**check if user is admin of the project, receives userId and projectId*/
export const authAdminProject = async(req: Request,res: Response, next:NextFunction):Promise<void | express.Response<Response>>=>{
const token = req.get('Authorization');
const {projectId} = req.body;
const adminOfProject = await dataSource
.createQueryBuilder()
.select("user")
.from(User, "user")
.leftJoinAndSelect("user.members","member")
.leftJoinAndSelect('member.project', 'project' )
.where("user.token = :token", { token })
.andWhere('project.id=:projectId',{projectId})
.andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
.getOne()
if (!adminOfProject){
return res.send({message:'User is not authorized'})
}
req.body ={...req.body,adminStatus:true}
next()
}
/** return user if is in the given project, recieves userId adn projectId */
/**task finder by id, return one task */
......@@ -122,6 +146,30 @@ export const taskFinderById = async (taskId:string):Promise<null | Task>=>{
return task
}
/**member finder by userId and projectId, return one task */
export const memberFinderById = async (userId:string, projectId:string)=>{
const member = await dataSource
.getRepository(Member)
.findOne({
relations:{
user:true,
project:true,
},
where:{
user:{
id : userId
},
project:{
id:projectId
}
}
})
return member
}
export let transporter = nodemailer.createTransport({
......
......@@ -32,10 +32,10 @@ import {
@CreateDateColumn({ name: 'createdAt', type: Date, default: new Date() })
createdAt!: Date;
@ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true, onUpdate:'CASCADE',eager:true})
@ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true, onUpdate:'CASCADE', onDelete: 'CASCADE',eager:true})
user!: User;
@ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true, onUpdate:'CASCADE',nullable:true})
@ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true, onUpdate:'CASCADE', onDelete: 'CASCADE',nullable:true})
project!: Project;
@Column({
......
......@@ -46,7 +46,7 @@ import {
@OneToMany(() => Task, (task: { project: Project; })=>task.project,{nullable:true})
tasks!:Task[];
@OneToMany(() => Member, (member: { project: Project; })=>member.project)
@OneToMany(() => Member, (member: { project: Project; })=>member.project, {onDelete: 'CASCADE'})
members!:Member[];
}
\ No newline at end of file
......@@ -80,7 +80,7 @@ export class User extends BaseEntity implements IUser {
@OneToMany(() => Task, (task: { user: User }) =>task.user)
tasks!: Task[];
@OneToMany(() => Member, (member: { user: User }) => member.user)
@OneToMany(() => Member, (member: { user: User }) => member.user, {onDelete: 'CASCADE'})
members!: Member[];
......
import express,{Router, Request, Response} from 'express';
import {Project} from '../models/Project';
import {myDataSource} from '../app-data-source';
import { User } from '../models/User';
import { Member, MemberRole } from '../models/Member';
import { userInfo } from 'os';
import { Task } from '../models/Task';
import { auth } from '../helpers';
import { auth, authAdminProject } from '../helpers';
const router:Router = express.Router();
const dataSource = myDataSource;
......@@ -91,7 +88,7 @@ router.get("/:id",async (req:Request, res:Response): Promise<Response> => {
})
/** Delete project by project ID*/
router.delete('/:projectId',async (req: Request, res: Response):Promise<Response>=>{
router.delete('/:projectId',authAdminProject,async (req: Request, res: Response):Promise<Response>=>{
const projectId = req.params.projectId;
await myDataSource
.createQueryBuilder()
......@@ -119,9 +116,8 @@ router.get('/user/:userId', async (req : Request, res : Response): Promise<Respo
/** Add user to specific project */
router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=>{
router.post('/add-user/', authAdminProject, async (req: Request, res: Response):Promise<Response>=>{
const {userId, projectId, roleProject} = req.body;
console.log("req body" + req.body)
const newMember:Member = new Member();
try{
newMember.user= userId;
......@@ -136,38 +132,50 @@ router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=
})
/** Remove user from specific project */
router.post('/remove-user', async (req: Request, res: Response):Promise<Response>=> {
const token = req.get('Authorization');
const {userId, projectId} = req.body;
const adminOfProject = await dataSource
.createQueryBuilder()
.select("user")
.from(User, "user")
.leftJoinAndSelect("user.members","member")
.leftJoinAndSelect('member.project', 'project' )
.where("user.token = :token", { token })
.andWhere('project.id=:projectId',{projectId})
.andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
.getOne()
if (!adminOfProject){
return res.send({message:'User is not authorized'})
}
/** Remove user from specific project by userId */
router.delete('/remove-user/:userId', authAdminProject,async (req: Request, res: Response):Promise<Response>=> {
const {projectId} = req.body;
const {userId }=req.params;
try{
await dataSource
.createQueryBuilder()
.delete()
.from(Member)
.where("user = :userId", { userId })
.where("user= :userId", { userId })
.andWhere("project=:projectId",{projectId})
.execute()
return res.send({message:"User removed from project successfully" })
} catch(e){
return res.send({message:'Failed to remove user from project'})
}
})
/**change rights of user inside of project by admin, recieve userId, new roleProject */
router.put('/change-project-role/:userId',authAdminProject, async (req: Request, res: Response):Promise<Response|void> =>{
const {userId}= req.params
const {projectId, newRoleProject} =req.body
const member = await dataSource
.createQueryBuilder()
.select("member")
.from(Member, "member")
.leftJoinAndSelect("member.user","user")
.leftJoinAndSelect('member.project', 'project' )
.where("user.id = :userId", { userId })
.andWhere("project.id=:projectId",{projectId})
.getOne()
if(!member) return res.status(404).send({Message:'user and project are not relevant'})
try{
member.roleProject = newRoleProject
await member.save()
} catch(e){
return res.send({message:"failed to change role"})
}
return res.send({message:"User's new role ", newRoleProject})
})
export default router;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment