fosrl.pangolin/server/routers/role/updateRole.ts

125 lines
3.5 KiB
TypeScript
Raw Normal View History

import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { roles } from "@server/db/schema";
import { eq } from "drizzle-orm";
2024-10-12 21:36:14 -04:00
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions";
import logger from "@server/logger";
import { fromError } from "zod-validation-error";
2024-10-12 21:36:14 -04:00
const updateRoleParamsSchema = z.object({
roleId: z.string().transform(Number).pipe(z.number().int().positive()),
2024-10-12 21:36:14 -04:00
});
const updateRoleBodySchema = z
.object({
name: z.string().min(1).max(255).optional(),
description: z.string().optional(),
})
.refine((data) => Object.keys(data).length > 0, {
message: "At least one field must be provided for update",
});
2024-10-12 21:36:14 -04:00
export async function updateRole(
req: Request,
res: Response,
next: NextFunction
): Promise<any> {
2024-10-12 21:36:14 -04:00
try {
const parsedParams = updateRoleParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedParams.error).toString()
2024-10-12 21:36:14 -04:00
)
);
}
const parsedBody = updateRoleBodySchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
2024-10-12 21:36:14 -04:00
)
);
}
const { roleId } = parsedParams.data;
const updateData = parsedBody.data;
// Check if the user has permission to update roles
const hasPermission = await checkUserActionPermission(
ActionsEnum.updateRole,
req
);
2024-10-12 21:36:14 -04:00
if (!hasPermission) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have permission to perform this action"
)
);
2024-10-12 21:36:14 -04:00
}
const role = await db
.select()
.from(roles)
.where(eq(roles.roleId, roleId))
.limit(1);
2024-10-12 21:36:14 -04:00
if (role.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Role with ID ${roleId} not found`
)
);
}
2024-11-03 17:28:12 -05:00
if (role[0].isSuperUserRole) {
2024-10-12 21:36:14 -04:00
return next(
createHttpError(
HttpCode.FORBIDDEN,
2024-11-03 17:28:12 -05:00
`Cannot update a Super User role`
2024-10-12 21:36:14 -04:00
)
);
}
const updatedRole = await db
.update(roles)
2024-10-12 21:36:14 -04:00
.set(updateData)
.where(eq(roles.roleId, roleId))
.returning();
if (updatedRole.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Role with ID ${roleId} not found`
)
);
}
return response(res, {
data: updatedRole[0],
success: true,
error: false,
message: "Role updated successfully",
status: HttpCode.OK,
});
} catch (error) {
logger.error(error);
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"An error occurred..."
)
);
2024-10-12 21:36:14 -04:00
}
}