mirror of
https://github.com/fosrl/pangolin.git
synced 2025-08-03 09:34:48 +02:00
more user role stuff
This commit is contained in:
parent
bb17d30c9e
commit
231e1d2e2d
32 changed files with 897 additions and 138 deletions
|
@ -51,6 +51,7 @@ export enum ActionsEnum {
|
|||
// removeUserAction = "removeUserAction",
|
||||
removeUserResource = "removeUserResource",
|
||||
removeUserSite = "removeUserSite",
|
||||
getOrgUser = "getOrgUser",
|
||||
}
|
||||
|
||||
export async function checkUserActionPermission(
|
||||
|
|
|
@ -12,7 +12,6 @@ export async function verifyAdmin(
|
|||
) {
|
||||
const userId = req.user?.userId;
|
||||
const orgId = req.userOrgId;
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -26,16 +25,16 @@ export async function verifyAdmin(
|
|||
);
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const userOrgRes = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId!)))
|
||||
.limit(1);
|
||||
userOrg = userOrgRes[0];
|
||||
req.userOrg = userOrgRes[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -47,7 +46,7 @@ export async function verifyAdmin(
|
|||
const userRole = await db
|
||||
.select()
|
||||
.from(roles)
|
||||
.where(eq(roles.roleId, userOrg.roleId))
|
||||
.where(eq(roles.roleId, req.userOrg.roleId))
|
||||
.limit(1);
|
||||
|
||||
if (userRole.length === 0 || !userRole[0].isAdmin) {
|
||||
|
|
|
@ -12,7 +12,6 @@ export async function verifyOrgAccess(
|
|||
) {
|
||||
const userId = req.user!.userId;
|
||||
const orgId = req.params.orgId;
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -27,17 +26,17 @@ export async function verifyOrgAccess(
|
|||
}
|
||||
|
||||
try {
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const userOrgRes = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
|
||||
);
|
||||
userOrg = userOrgRes[0];
|
||||
req.userOrg = userOrgRes[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -46,7 +45,7 @@ export async function verifyOrgAccess(
|
|||
);
|
||||
} else {
|
||||
// User has access, attach the user's role to the request for potential future use
|
||||
req.userOrgRoleId = userOrg.roleId;
|
||||
req.userOrgRoleId = req.userOrg.roleId;
|
||||
req.userOrgId = orgId;
|
||||
return next();
|
||||
}
|
||||
|
|
|
@ -18,7 +18,6 @@ export async function verifyResourceAccess(
|
|||
const userId = req.user!.userId;
|
||||
const resourceId =
|
||||
req.params.resourceId || req.body.resourceId || req.query.resourceId;
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -51,7 +50,7 @@ export async function verifyResourceAccess(
|
|||
);
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const userOrgRole = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
|
@ -62,10 +61,10 @@ export async function verifyResourceAccess(
|
|||
)
|
||||
)
|
||||
.limit(1);
|
||||
userOrg = userOrgRole[0];
|
||||
req.userOrg = userOrgRole[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -74,7 +73,7 @@ export async function verifyResourceAccess(
|
|||
);
|
||||
}
|
||||
|
||||
const userOrgRoleId = userOrg.roleId;
|
||||
const userOrgRoleId = req.userOrg.roleId;
|
||||
req.userOrgRoleId = userOrgRoleId;
|
||||
req.userOrgId = resource[0].orgId;
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@ export async function verifyRoleAccess(
|
|||
const roleId = parseInt(
|
||||
req.params.roleId || req.body.roleId || req.query.roleId
|
||||
);
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -43,7 +42,7 @@ export async function verifyRoleAccess(
|
|||
);
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const userOrgRole = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
|
@ -54,10 +53,10 @@ export async function verifyRoleAccess(
|
|||
)
|
||||
)
|
||||
.limit(1);
|
||||
userOrg = userOrgRole[0];
|
||||
req.userOrg = userOrgRole[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -66,8 +65,17 @@ export async function verifyRoleAccess(
|
|||
);
|
||||
}
|
||||
|
||||
req.userOrgRoleId = userOrg.roleId;
|
||||
req.userOrgId = userOrg.orgId;
|
||||
if (req.userOrg.orgId !== role[0].orgId) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"Role does not belong to the organization"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
req.userOrgRoleId = req.userOrg.roleId;
|
||||
req.userOrgId = req.userOrg.orgId;
|
||||
|
||||
return next();
|
||||
} catch (error) {
|
||||
|
|
|
@ -57,19 +57,22 @@ export async function verifySiteAccess(
|
|||
);
|
||||
}
|
||||
|
||||
// Get user's role ID in the organization
|
||||
const userOrgRole = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(
|
||||
eq(userOrgs.userId, userId),
|
||||
eq(userOrgs.orgId, site[0].orgId)
|
||||
if (!req.userOrg) {
|
||||
// Get user's role ID in the organization
|
||||
const userOrgRole = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(
|
||||
eq(userOrgs.userId, userId),
|
||||
eq(userOrgs.orgId, site[0].orgId)
|
||||
)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
.limit(1);
|
||||
req.userOrg = userOrgRole[0];
|
||||
}
|
||||
|
||||
if (userOrgRole.length === 0) {
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -78,7 +81,7 @@ export async function verifySiteAccess(
|
|||
);
|
||||
}
|
||||
|
||||
const userOrgRoleId = userOrgRole[0].roleId;
|
||||
const userOrgRoleId = req.userOrg.roleId;
|
||||
req.userOrgRoleId = userOrgRoleId;
|
||||
req.userOrgId = site[0].orgId;
|
||||
|
||||
|
|
|
@ -12,7 +12,6 @@ export async function verifyTargetAccess(
|
|||
) {
|
||||
const userId = req.user!.userId;
|
||||
const targetId = parseInt(req.params.targetId);
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -36,7 +35,7 @@ export async function verifyTargetAccess(
|
|||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`target with ID ${targetId} not found`
|
||||
`Target with ID ${targetId} not found`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -47,7 +46,7 @@ export async function verifyTargetAccess(
|
|||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
`target with ID ${targetId} does not have a resource ID`
|
||||
`Target with ID ${targetId} does not have a resource ID`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -77,7 +76,7 @@ export async function verifyTargetAccess(
|
|||
);
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const res = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
|
@ -87,10 +86,10 @@ export async function verifyTargetAccess(
|
|||
eq(userOrgs.orgId, resource[0].orgId)
|
||||
)
|
||||
);
|
||||
userOrg = res[0];
|
||||
req.userOrg = res[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -98,7 +97,7 @@ export async function verifyTargetAccess(
|
|||
)
|
||||
);
|
||||
} else {
|
||||
req.userOrgRoleId = userOrg.roleId;
|
||||
req.userOrgRoleId = req.userOrg.roleId;
|
||||
req.userOrgId = resource[0].orgId!;
|
||||
next();
|
||||
}
|
||||
|
|
|
@ -13,8 +13,6 @@ export async function verifyUserAccess(
|
|||
const userId = req.user!.userId;
|
||||
const reqUserId = req.params.userId || req.body.userId || req.query.userId;
|
||||
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
|
||||
|
@ -26,7 +24,7 @@ export async function verifyUserAccess(
|
|||
}
|
||||
|
||||
try {
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const res = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
|
@ -37,10 +35,10 @@ export async function verifyUserAccess(
|
|||
)
|
||||
)
|
||||
.limit(1);
|
||||
userOrg = res[0];
|
||||
req.userOrg = res[0];
|
||||
}
|
||||
|
||||
if (userOrg) {
|
||||
if (req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
|
@ -12,7 +12,6 @@ export async function verifyUserIsOrgOwner(
|
|||
) {
|
||||
const userId = req.user!.userId;
|
||||
const orgId = req.params.orgId;
|
||||
let userOrg = req.userOrg;
|
||||
|
||||
if (!userId) {
|
||||
return next(
|
||||
|
@ -30,17 +29,17 @@ export async function verifyUserIsOrgOwner(
|
|||
}
|
||||
|
||||
try {
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
const res = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(
|
||||
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
|
||||
);
|
||||
userOrg = res[0];
|
||||
req.userOrg = res[0];
|
||||
}
|
||||
|
||||
if (!userOrg) {
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
@ -49,7 +48,7 @@ export async function verifyUserIsOrgOwner(
|
|||
);
|
||||
}
|
||||
|
||||
if (!userOrg.isOwner) {
|
||||
if (!req.userOrg.isOwner) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
|
|
|
@ -19,7 +19,6 @@ import {
|
|||
verifyResourceAccess,
|
||||
verifyTargetAccess,
|
||||
verifyRoleAccess,
|
||||
verifyAdmin,
|
||||
verifyUserInRole,
|
||||
verifyUserAccess,
|
||||
} from "./auth";
|
||||
|
@ -195,7 +194,6 @@ authenticated.delete(
|
|||
authenticated.put(
|
||||
"/org/:orgId/role",
|
||||
verifyOrgAccess,
|
||||
verifyAdmin,
|
||||
verifyUserHasAction(ActionsEnum.createRole),
|
||||
role.createRole
|
||||
);
|
||||
|
@ -215,17 +213,22 @@ authenticated.get(
|
|||
// authenticated.post(
|
||||
// "/role/:roleId",
|
||||
// verifyRoleAccess,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.updateRole),
|
||||
// role.updateRole
|
||||
// );
|
||||
// authenticated.delete(
|
||||
// "/role/:roleId",
|
||||
// verifyRoleAccess,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.deleteRole),
|
||||
// role.deleteRole
|
||||
// );
|
||||
authenticated.delete(
|
||||
"/role/:roleId",
|
||||
verifyRoleAccess,
|
||||
verifyUserHasAction(ActionsEnum.deleteRole),
|
||||
role.deleteRole
|
||||
);
|
||||
authenticated.post(
|
||||
"/role/:roleId/add/:userId",
|
||||
verifyRoleAccess,
|
||||
verifyUserAccess,
|
||||
verifyUserHasAction(ActionsEnum.addUserRole),
|
||||
user.addUserRole
|
||||
);
|
||||
|
||||
// authenticated.put(
|
||||
// "/role/:roleId/site",
|
||||
|
@ -280,7 +283,6 @@ authenticated.get(
|
|||
// "/role/:roleId/action",
|
||||
// verifyRoleAccess,
|
||||
// verifyUserInRole,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.removeRoleAction),
|
||||
// role.removeRoleAction
|
||||
// );
|
||||
|
@ -288,13 +290,13 @@ authenticated.get(
|
|||
// "/role/:roleId/actions",
|
||||
// verifyRoleAccess,
|
||||
// verifyUserInRole,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.listRoleActions),
|
||||
// role.listRoleActions
|
||||
// );
|
||||
|
||||
unauthenticated.get("/user", verifySessionMiddleware, user.getUser);
|
||||
|
||||
authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
|
||||
authenticated.get(
|
||||
"/org/:orgId/users",
|
||||
verifyOrgAccess,
|
||||
|
@ -341,7 +343,6 @@ authenticated.delete(
|
|||
// "/org/:orgId/user/:userId/action",
|
||||
// verifyOrgAccess,
|
||||
// verifyUserAccess,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.addRoleAction),
|
||||
// role.addRoleAction
|
||||
// );
|
||||
|
@ -349,7 +350,6 @@ authenticated.delete(
|
|||
// "/org/:orgId/user/:userId/action",
|
||||
// verifyOrgAccess,
|
||||
// verifyUserAccess,
|
||||
// verifyAdmin,
|
||||
// verifyUserHasAction(ActionsEnum.removeRoleAction),
|
||||
// role.removeRoleAction
|
||||
// );
|
||||
|
|
|
@ -2,7 +2,7 @@ import { Request, Response, NextFunction } from "express";
|
|||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { orgs, userOrgs } from "@server/db/schema";
|
||||
import { orgs, roleActions, roles, userOrgs } from "@server/db/schema";
|
||||
import response from "@server/utils/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
|
@ -10,6 +10,7 @@ import logger from "@server/logger";
|
|||
import { createAdminRole } from "@server/db/ensureActions";
|
||||
import config from "@server/config";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { defaultRoleAllowedActions } from "../role";
|
||||
|
||||
const createOrgSchema = z.object({
|
||||
orgId: z.string(),
|
||||
|
@ -96,6 +97,26 @@ export async function createOrg(
|
|||
})
|
||||
.execute();
|
||||
|
||||
const memberRole = await db
|
||||
.insert(roles)
|
||||
.values({
|
||||
name: "Member",
|
||||
description: "Members can only view resources",
|
||||
orgId,
|
||||
})
|
||||
.returning();
|
||||
|
||||
await db
|
||||
.insert(roleActions)
|
||||
.values(
|
||||
defaultRoleAllowedActions.map((action) => ({
|
||||
roleId: memberRole[0].roleId,
|
||||
actionId: action,
|
||||
orgId,
|
||||
}))
|
||||
)
|
||||
.execute();
|
||||
|
||||
return response(res, {
|
||||
data: newOrg[0],
|
||||
success: true,
|
||||
|
|
|
@ -19,6 +19,14 @@ const createRoleSchema = z.object({
|
|||
description: z.string().optional(),
|
||||
});
|
||||
|
||||
export const defaultRoleAllowedActions: ActionsEnum[] = [
|
||||
ActionsEnum.getOrg,
|
||||
ActionsEnum.getResource,
|
||||
ActionsEnum.listResources,
|
||||
];
|
||||
|
||||
export type CreateRoleBody = z.infer<typeof createRoleSchema>;
|
||||
|
||||
export type CreateRoleResponse = Role;
|
||||
|
||||
export async function createRole(
|
||||
|
@ -78,17 +86,10 @@ export async function createRole(
|
|||
})
|
||||
.returning();
|
||||
|
||||
// default allowed actions for a non admin role
|
||||
const allowedActions: ActionsEnum[] = [
|
||||
ActionsEnum.getOrg,
|
||||
ActionsEnum.getResource,
|
||||
ActionsEnum.listResources,
|
||||
];
|
||||
|
||||
await db
|
||||
.insert(roleActions)
|
||||
.values(
|
||||
allowedActions.map((action) => ({
|
||||
defaultRoleAllowedActions.map((action) => ({
|
||||
roleId: newRole[0].roleId,
|
||||
actionId: action,
|
||||
orgId,
|
||||
|
|
|
@ -9,19 +9,20 @@ import createHttpError from "http-errors";
|
|||
import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
|
||||
const addUserRoleSchema = z.object({
|
||||
const addUserRoleParamsSchema = z.object({
|
||||
userId: z.string(),
|
||||
roleId: z.number().int().positive(),
|
||||
orgId: z.string(),
|
||||
});
|
||||
|
||||
export type AddUserRoleResponse = z.infer<typeof addUserRoleParamsSchema>;
|
||||
|
||||
export async function addUserRole(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedBody = addUserRoleSchema.safeParse(req.body);
|
||||
const parsedBody = addUserRoleParamsSchema.safeParse(req.body);
|
||||
if (!parsedBody.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
|
@ -31,7 +32,42 @@ export async function addUserRole(
|
|||
);
|
||||
}
|
||||
|
||||
const { userId, roleId, orgId } = parsedBody.data;
|
||||
const { userId, roleId } = parsedBody.data;
|
||||
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"You do not have access to this organization"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const orgId = req.userOrg.orgId;
|
||||
|
||||
const existingUser = await db
|
||||
.select()
|
||||
.from(userOrgs)
|
||||
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
|
||||
.limit(1);
|
||||
|
||||
if (existingUser.length === 0) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
"User not found or does not belong to the specified organization"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
if (existingUser[0].isOwner) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"Cannot change the role of the owner of the organization"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const roleExists = await db
|
||||
.select()
|
||||
|
@ -59,7 +95,7 @@ export async function addUserRole(
|
|||
success: true,
|
||||
error: false,
|
||||
message: "Role added to user successfully",
|
||||
status: HttpCode.CREATED,
|
||||
status: HttpCode.OK,
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
120
server/routers/user/getOrgUser.ts
Normal file
120
server/routers/user/getOrgUser.ts
Normal file
|
@ -0,0 +1,120 @@
|
|||
import { Request, Response, NextFunction } from "express";
|
||||
import { z } from "zod";
|
||||
import { db } from "@server/db";
|
||||
import { roles, userOrgs, users } from "@server/db/schema";
|
||||
import { and, eq } from "drizzle-orm";
|
||||
import response from "@server/utils/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
import createHttpError from "http-errors";
|
||||
import logger from "@server/logger";
|
||||
import { fromError } from "zod-validation-error";
|
||||
import { ActionsEnum, checkUserActionPermission } from "@server/auth/actions";
|
||||
|
||||
async function queryUser(orgId: string, userId: string) {
|
||||
const [user] = await db
|
||||
.select({
|
||||
orgId: userOrgs.orgId,
|
||||
userId: users.userId,
|
||||
email: users.email,
|
||||
roleId: userOrgs.roleId,
|
||||
roleName: roles.name,
|
||||
isOwner: userOrgs.isOwner,
|
||||
isAdmin: roles.isAdmin,
|
||||
})
|
||||
.from(userOrgs)
|
||||
.leftJoin(roles, eq(userOrgs.roleId, roles.roleId))
|
||||
.leftJoin(users, eq(userOrgs.userId, users.userId))
|
||||
.where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
|
||||
.limit(1);
|
||||
return user;
|
||||
}
|
||||
|
||||
export type GetOrgUserResponse = NonNullable<
|
||||
Awaited<ReturnType<typeof queryUser>>
|
||||
>;
|
||||
|
||||
const getOrgUserParamsSchema = z.object({
|
||||
userId: z.string(),
|
||||
orgId: z.string(),
|
||||
});
|
||||
|
||||
export async function getOrgUser(
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
): Promise<any> {
|
||||
try {
|
||||
const parsedParams = getOrgUserParamsSchema.safeParse(req.params);
|
||||
if (!parsedParams.success) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.BAD_REQUEST,
|
||||
fromError(parsedParams.error).toString()
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const { orgId, userId } = parsedParams.data;
|
||||
|
||||
if (!req.userOrg) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"You do not have access to this organization"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
let user;
|
||||
user = await queryUser(orgId, userId);
|
||||
|
||||
if (!user) {
|
||||
const [fullUser] = await db
|
||||
.select()
|
||||
.from(users)
|
||||
.where(eq(users.email, userId))
|
||||
.limit(1);
|
||||
|
||||
if (fullUser) {
|
||||
user = await queryUser(orgId, fullUser.userId);
|
||||
}
|
||||
}
|
||||
|
||||
if (!user) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
`User with ID ${userId} not found in org`
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
if (user.userId !== req.userOrg.userId) {
|
||||
const hasPermission = await checkUserActionPermission(
|
||||
ActionsEnum.getOrgUser,
|
||||
req
|
||||
);
|
||||
if (!hasPermission) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"User does not have permission perform this action"
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return response<GetOrgUserResponse>(res, {
|
||||
data: user,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "User retrieved successfully",
|
||||
status: HttpCode.OK,
|
||||
});
|
||||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
|
||||
);
|
||||
}
|
||||
}
|
|
@ -8,11 +8,23 @@ import HttpCode from "@server/types/HttpCode";
|
|||
import createHttpError from "http-errors";
|
||||
import logger from "@server/logger";
|
||||
|
||||
export type GetUserResponse = {
|
||||
email: string;
|
||||
twoFactorEnabled: boolean;
|
||||
emailVerified: boolean;
|
||||
};
|
||||
async function queryUser(userId: string) {
|
||||
const [user] = await db
|
||||
.select({
|
||||
userId: users.userId,
|
||||
email: users.email,
|
||||
twoFactorEnabled: users.twoFactorEnabled,
|
||||
emailVerified: users.emailVerified,
|
||||
})
|
||||
.from(users)
|
||||
.where(eq(users.userId, userId))
|
||||
.limit(1);
|
||||
return user;
|
||||
}
|
||||
|
||||
export type GetUserResponse = NonNullable<
|
||||
Awaited<ReturnType<typeof queryUser>>
|
||||
>;
|
||||
|
||||
export async function getUser(
|
||||
req: Request,
|
||||
|
@ -28,13 +40,9 @@ export async function getUser(
|
|||
);
|
||||
}
|
||||
|
||||
const user = await db
|
||||
.select()
|
||||
.from(users)
|
||||
.where(eq(users.userId, userId))
|
||||
.limit(1);
|
||||
const user = await queryUser(userId);
|
||||
|
||||
if (user.length === 0) {
|
||||
if (!user) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.NOT_FOUND,
|
||||
|
@ -44,11 +52,7 @@ export async function getUser(
|
|||
}
|
||||
|
||||
return response<GetUserResponse>(res, {
|
||||
data: {
|
||||
email: user[0].email,
|
||||
twoFactorEnabled: user[0].twoFactorEnabled,
|
||||
emailVerified: user[0].emailVerified,
|
||||
},
|
||||
data: user,
|
||||
success: true,
|
||||
error: false,
|
||||
message: "User retrieved successfully",
|
||||
|
@ -57,10 +61,7 @@ export async function getUser(
|
|||
} catch (error) {
|
||||
logger.error(error);
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.INTERNAL_SERVER_ERROR,
|
||||
"An error occurred..."
|
||||
)
|
||||
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
export * from "./getUser";
|
||||
export * from "./removeUserOrg";
|
||||
export * from "./listUsers";
|
||||
export * from "./setUserRole";
|
||||
export * from "./addUserRole";
|
||||
export * from "./inviteUser";
|
||||
export * from "./acceptInvite";
|
||||
export * from "./acceptInvite";
|
||||
export * from "./getOrgUser";
|
2
server/types/ArrayElement.ts
Normal file
2
server/types/ArrayElement.ts
Normal file
|
@ -0,0 +1,2 @@
|
|||
export type ArrayElement<ArrayType extends readonly unknown[]> =
|
||||
ArrayType extends readonly (infer ElementType)[] ? ElementType : never;
|
Loading…
Add table
Add a link
Reference in a new issue