Merge branch 'task-93-enhance/delete_req_params_userId' into 'development'

#93 added check on admin rpoject rights while addd remove user and delete project

See merge request !69
parents 5b0ba753 475e4580
...@@ -3,6 +3,7 @@ import { myDataSource } from "./app-data-source"; ...@@ -3,6 +3,7 @@ import { myDataSource } from "./app-data-source";
import { Task } from "./models/Task"; import { Task } from "./models/Task";
import { User } from "./models/User"; import { User } from "./models/User";
import nodemailer from 'nodemailer'; import nodemailer from 'nodemailer';
import { Member } from "./models/Member";
const dataSource = myDataSource; const dataSource = myDataSource;
...@@ -103,7 +104,30 @@ export const authAuthorOrExecutorOfDateTimeTask = async(req: Request,res: Respon ...@@ -103,7 +104,30 @@ export const authAuthorOrExecutorOfDateTimeTask = async(req: Request,res: Respon
} }
/**check if user is admin of the project, receives userId and projectId*/
export const authAdminProject = async(req: Request,res: Response, next:NextFunction):Promise<void | express.Response<Response>>=>{
const token = req.get('Authorization');
const {projectId} = req.body;
const adminOfProject = await dataSource
.createQueryBuilder()
.select("user")
.from(User, "user")
.leftJoinAndSelect("user.members","member")
.leftJoinAndSelect('member.project', 'project' )
.where("user.token = :token", { token })
.andWhere('project.id=:projectId',{projectId})
.andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
.getOne()
if (!adminOfProject){
return res.send({message:'User is not authorized'})
}
req.body ={...req.body,adminStatus:true}
next()
}
/** return user if is in the given project, recieves userId adn projectId */
/**task finder by id, return one task */ /**task finder by id, return one task */
export const taskFinderById = async (taskId:string):Promise<null | Task>=>{ export const taskFinderById = async (taskId:string):Promise<null | Task>=>{
...@@ -122,6 +146,30 @@ export const taskFinderById = async (taskId:string):Promise<null | Task>=>{ ...@@ -122,6 +146,30 @@ export const taskFinderById = async (taskId:string):Promise<null | Task>=>{
return task return task
} }
/**member finder by userId and projectId, return one task */
export const memberFinderById = async (userId:string, projectId:string)=>{
const member = await dataSource
.getRepository(Member)
.findOne({
relations:{
user:true,
project:true,
},
where:{
user:{
id : userId
},
project:{
id:projectId
}
}
})
return member
}
export let transporter = nodemailer.createTransport({ export let transporter = nodemailer.createTransport({
......
...@@ -32,10 +32,10 @@ import { ...@@ -32,10 +32,10 @@ import {
@CreateDateColumn({ name: 'createdAt', type: Date, default: new Date() }) @CreateDateColumn({ name: 'createdAt', type: Date, default: new Date() })
createdAt!: Date; createdAt!: Date;
@ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true, onUpdate:'CASCADE',eager:true}) @ManyToOne(() => User, (user: { members: Member[]; }) => user.members,{cascade: true, onUpdate:'CASCADE', onDelete: 'CASCADE',eager:true})
user!: User; user!: User;
@ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true, onUpdate:'CASCADE',nullable:true}) @ManyToOne(() => Project, (project: { members: Member[]; }) => project.members,{cascade: true, onUpdate:'CASCADE', onDelete: 'CASCADE',nullable:true})
project!: Project; project!: Project;
@Column({ @Column({
......
...@@ -46,7 +46,7 @@ import { ...@@ -46,7 +46,7 @@ import {
@OneToMany(() => Task, (task: { project: Project; })=>task.project,{nullable:true}) @OneToMany(() => Task, (task: { project: Project; })=>task.project,{nullable:true})
tasks!:Task[]; tasks!:Task[];
@OneToMany(() => Member, (member: { project: Project; })=>member.project) @OneToMany(() => Member, (member: { project: Project; })=>member.project, {onDelete: 'CASCADE'})
members!:Member[]; members!:Member[];
} }
\ No newline at end of file
...@@ -80,7 +80,7 @@ export class User extends BaseEntity implements IUser { ...@@ -80,7 +80,7 @@ export class User extends BaseEntity implements IUser {
@OneToMany(() => Task, (task: { user: User }) =>task.user) @OneToMany(() => Task, (task: { user: User }) =>task.user)
tasks!: Task[]; tasks!: Task[];
@OneToMany(() => Member, (member: { user: User }) => member.user) @OneToMany(() => Member, (member: { user: User }) => member.user, {onDelete: 'CASCADE'})
members!: Member[]; members!: Member[];
......
import express,{Router, Request, Response} from 'express'; import express,{Router, Request, Response} from 'express';
import {Project} from '../models/Project'; import {Project} from '../models/Project';
import {myDataSource} from '../app-data-source'; import {myDataSource} from '../app-data-source';
import { User } from '../models/User';
import { Member, MemberRole } from '../models/Member'; import { Member, MemberRole } from '../models/Member';
import { userInfo } from 'os'; import { auth, authAdminProject } from '../helpers';
import { Task } from '../models/Task';
import { auth } from '../helpers';
const router:Router = express.Router(); const router:Router = express.Router();
const dataSource = myDataSource; const dataSource = myDataSource;
...@@ -91,7 +88,7 @@ router.get("/:id",async (req:Request, res:Response): Promise<Response> => { ...@@ -91,7 +88,7 @@ router.get("/:id",async (req:Request, res:Response): Promise<Response> => {
}) })
/** Delete project by project ID*/ /** Delete project by project ID*/
router.delete('/:projectId',async (req: Request, res: Response):Promise<Response>=>{ router.delete('/:projectId',authAdminProject,async (req: Request, res: Response):Promise<Response>=>{
const projectId = req.params.projectId; const projectId = req.params.projectId;
await myDataSource await myDataSource
.createQueryBuilder() .createQueryBuilder()
...@@ -119,9 +116,8 @@ router.get('/user/:userId', async (req : Request, res : Response): Promise<Respo ...@@ -119,9 +116,8 @@ router.get('/user/:userId', async (req : Request, res : Response): Promise<Respo
/** Add user to specific project */ /** Add user to specific project */
router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=>{ router.post('/add-user/', authAdminProject, async (req: Request, res: Response):Promise<Response>=>{
const {userId, projectId, roleProject} = req.body; const {userId, projectId, roleProject} = req.body;
console.log("req body" + req.body)
const newMember:Member = new Member(); const newMember:Member = new Member();
try{ try{
newMember.user= userId; newMember.user= userId;
...@@ -136,38 +132,50 @@ router.post('/add-user/', async (req: Request, res: Response):Promise<Response>= ...@@ -136,38 +132,50 @@ router.post('/add-user/', async (req: Request, res: Response):Promise<Response>=
}) })
/** Remove user from specific project */ /** Remove user from specific project by userId */
router.post('/remove-user', async (req: Request, res: Response):Promise<Response>=> { router.delete('/remove-user/:userId', authAdminProject,async (req: Request, res: Response):Promise<Response>=> {
const token = req.get('Authorization'); const {projectId} = req.body;
const {userId, projectId} = req.body; const {userId }=req.params;
const adminOfProject = await dataSource try{
await dataSource
.createQueryBuilder()
.delete()
.from(Member)
.where("user= :userId", { userId })
.andWhere("project=:projectId",{projectId})
.execute()
return res.send({message:"User removed from project successfully" })
} catch(e){
return res.send({message:'Failed to remove user from project'})
}
})
/**change rights of user inside of project by admin, recieve userId, new roleProject */
router.put('/change-project-role/:userId',authAdminProject, async (req: Request, res: Response):Promise<Response|void> =>{
const {userId}= req.params
const {projectId, newRoleProject} =req.body
const member = await dataSource
.createQueryBuilder() .createQueryBuilder()
.select("user") .select("member")
.from(User, "user") .from(Member, "member")
.leftJoinAndSelect("user.members","member") .leftJoinAndSelect("member.user","user")
.leftJoinAndSelect('member.project', 'project' ) .leftJoinAndSelect('member.project', 'project' )
.where("user.token = :token", { token }) .where("user.id = :userId", { userId })
.andWhere('project.id=:projectId',{projectId}) .andWhere("project.id=:projectId",{projectId})
.andWhere('member.roleProject=:roleProject',{roleProject:'admin'})
.getOne() .getOne()
if (!adminOfProject){ if(!member) return res.status(404).send({Message:'user and project are not relevant'})
return res.send({message:'User is not authorized'})
}
try{ try{
await dataSource member.roleProject = newRoleProject
.createQueryBuilder() await member.save()
.delete()
.from(Member)
.where("user = :userId", { userId })
.andWhere("project=:projectId",{projectId})
.execute()
return res.send({message:"User removed from project successfully" })
} catch(e){ } catch(e){
return res.send({message:'Failed to remove user from project'}) return res.send({message:"failed to change role"})
} }
}) return res.send({message:"User's new role ", newRoleProject})
})
export default router; export default router;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment