New assets, fixed list box scrolling, header text, etc..
This commit is contained in:
John Lyon-Smith
@@ -90,13 +90,13 @@ export class AuthRoutes {
|
||||
res.set('Authorization', `Bearer ${savedUser.loginToken}`)
|
||||
res.json(savedUser.toClient())
|
||||
} else {
|
||||
return Promise.reject(createError.BadRequest('Email or password incorrect'))
|
||||
return Promise.reject(createError.BadRequest('email or password incorrect'))
|
||||
}
|
||||
}).catch((err) => {
|
||||
if (err instanceof createError.HttpError) {
|
||||
next(err)
|
||||
} else {
|
||||
next(createError.InternalServerError(`Unable to login. ${err ? err.message : ''}`))
|
||||
next(createError.InternalServerError(`${err ? err.message : ''}`))
|
||||
}
|
||||
})
|
||||
}
|
||||
@@ -126,11 +126,10 @@ export class AuthRoutes {
|
||||
let existingEmail = req.body.existingEmail
|
||||
const newEmail = req.body.newEmail
|
||||
let User = this.db.User
|
||||
const role = req.user.role
|
||||
const isAdminOrExec = (role === 'executive' || role === 'administrator')
|
||||
const isAdmin = !!req.user.administrator
|
||||
|
||||
if (existingEmail) {
|
||||
if (!isAdminOrExec) {
|
||||
if (!isAdmin) {
|
||||
return next(createError.Forbidden('Only admins can resend change email to any user'))
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -24,9 +24,6 @@ export class UserRoutes {
|
||||
.post(passport.authenticate('bearer', { session: false }), this.createUser)
|
||||
.put(passport.authenticate('bearer', { session: false }), this.updateUser)
|
||||
|
||||
app.route('/users/brokers')
|
||||
.get(passport.authenticate('bearer', { session: false }), this.listBrokerUsers)
|
||||
|
||||
app.route('/users/:_id([a-f0-9]{24})')
|
||||
.get(passport.authenticate('bearer', { session: false }), this.getUser)
|
||||
.delete(passport.authenticate('bearer', { session: false }), this.deleteUser)
|
||||
@@ -45,9 +42,9 @@ export class UserRoutes {
|
||||
const User = this.db.User
|
||||
const limit = req.params.limit || 20
|
||||
const skip = req.params.skip || 0
|
||||
const role = req.user.role
|
||||
const isAdmin = !!req.user.administrator
|
||||
|
||||
if (role !== 'executive' && role !== 'administrator') {
|
||||
if (!isAdmin) {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
@@ -76,41 +73,14 @@ export class UserRoutes {
|
||||
})
|
||||
}
|
||||
|
||||
listBrokerUsers(req, res, next) {
|
||||
let User = this.db.User
|
||||
const role = req.user.role
|
||||
|
||||
if (role !== 'executive' && role !== 'administrator') {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
let users = []
|
||||
let cursor = User.find({ role: 'broker' })
|
||||
.select('_id firstName lastName thumbnailImageId t12 aum numHouseholds cellPhone').cursor()
|
||||
|
||||
cursor.on('data', (doc) => {
|
||||
users.push(doc)
|
||||
})
|
||||
cursor.on('end', () => {
|
||||
res.json({
|
||||
total: users.length,
|
||||
offset: 0,
|
||||
count: users.length,
|
||||
items: users
|
||||
})
|
||||
})
|
||||
cursor.on('error', (err) => {
|
||||
next(createError.InternalServerError(err.message))
|
||||
})
|
||||
}
|
||||
|
||||
getUser(req, res, next) {
|
||||
let User = this.db.User
|
||||
const _id = req.params._id
|
||||
const isSelf = (_id === req.user._id)
|
||||
const isAdmin = req.user.administrator
|
||||
|
||||
// User can see themselves, otherwise must be super user
|
||||
if (!isSelf && role !== 'executive' && role !== 'administrator') {
|
||||
if (!isSelf && !isAdmin) {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
@@ -130,9 +100,9 @@ export class UserRoutes {
|
||||
}
|
||||
|
||||
createUser(req, res, next) {
|
||||
const role = req.user.role
|
||||
const isAdmin = req.user.administrator
|
||||
|
||||
if (role !== 'executive' && role !== 'administrator') {
|
||||
if (!isAdmin) {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
@@ -168,7 +138,7 @@ export class UserRoutes {
|
||||
}
|
||||
|
||||
updateUser(req, res, next) {
|
||||
const role = req.user.role
|
||||
const isAdmin = req.user.administrator
|
||||
|
||||
// Do this here because Mongoose will add it automatically otherwise
|
||||
if (!req.body._id) {
|
||||
@@ -178,7 +148,7 @@ export class UserRoutes {
|
||||
const isSelf = (req.body._id === req.user._id.toString())
|
||||
|
||||
// User can change themselves, otherwise must be super user
|
||||
if (!isSelf && role !== 'executive' && role !== 'administrator') {
|
||||
if (!isSelf && !isAdmin) {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
@@ -191,8 +161,8 @@ export class UserRoutes {
|
||||
return next(createError.BadRequest('Invalid data'))
|
||||
}
|
||||
|
||||
if (isSelf && userUpdates.role && userUpdates.role !== req.user.role) {
|
||||
return next(createError.BadRequest('Cannot modify own role'))
|
||||
if (isSelf && !isAdmin) {
|
||||
return next(createError.BadRequest('Cannot modify own administrator level'))
|
||||
}
|
||||
|
||||
User.findById(userUpdates._id).then((foundUser) => {
|
||||
@@ -213,7 +183,7 @@ export class UserRoutes {
|
||||
}
|
||||
|
||||
setImage(req, res, next) {
|
||||
const role = req.user.role
|
||||
const isAdmin = req.user.administrator
|
||||
const { _id, imageId } = req.body
|
||||
|
||||
if (!_id || !imageId) {
|
||||
@@ -223,7 +193,7 @@ export class UserRoutes {
|
||||
const isSelf = (_id === req.user._id.toString())
|
||||
|
||||
// User can change themselves, otherwise must be super user
|
||||
if (!isSelf && role !== 'executive' && role !== 'administrator') {
|
||||
if (!isSelf && !isAdmin) {
|
||||
return next(new createError.Forbidden())
|
||||
}
|
||||
|
||||
@@ -304,9 +274,9 @@ export class UserRoutes {
|
||||
}
|
||||
|
||||
deleteUser(req, res, next) {
|
||||
const role = req.user.role
|
||||
const isAdmin = req.user.administrator
|
||||
|
||||
if (role !== 'executive' && role !== 'administrator') {
|
||||
if (!isAdmin) {
|
||||
return new createError.Forbidden()
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ new DB().connect(mongoUri).then((db) => {
|
||||
|
||||
const User = db.User
|
||||
let user = new User({
|
||||
role: "administrator"
|
||||
administrator: true,
|
||||
})
|
||||
user.firstName = readlineSync.question('First name? ')
|
||||
user.lastName = readlineSync.question('Last name? ')
|
||||
|
||||
@@ -31,14 +31,11 @@ export let userSchema = new Schema({
|
||||
},
|
||||
firstName: { type: String, required: true },
|
||||
lastName: { type: String, required: true },
|
||||
role: { type: String, required: true, enum: {
|
||||
values: [ 'administrator', 'normal'],
|
||||
message: 'enum validator failed for path `{PATH}` with value `{VALUE}`'
|
||||
}},
|
||||
administrator: { type: Boolean, required: true },
|
||||
}, { timestamps: true, id: false })
|
||||
|
||||
userSchema.methods.toClient = function(authUser) {
|
||||
if (authUser === undefined) {
|
||||
if (!authUser) {
|
||||
authUser = this
|
||||
}
|
||||
|
||||
@@ -50,23 +47,7 @@ userSchema.methods.toClient = function(authUser) {
|
||||
thumbnailImageId: this.thumbnailImageId,
|
||||
firstName: this.firstName,
|
||||
lastName: this.lastName,
|
||||
role: this.role
|
||||
}
|
||||
|
||||
if ((authUser.role === 'administrator' || authUser.role === 'executive') || authUser._id.equals(this._id)) {
|
||||
user.zip = this.zip
|
||||
user.state = this.state
|
||||
user.city = this.city
|
||||
user.address1 = this.address1
|
||||
user.address2 = this.address2
|
||||
user.homePhone = this.homePhone
|
||||
user.cellPhone = this.cellPhone
|
||||
user.ssn = this.ssn
|
||||
user.dateOfBirth = this.dateOfBirth
|
||||
user.dateOfHire = this.dateOfHire
|
||||
user.numHouseholds = this.numHouseholds
|
||||
user.t12 = this.t12
|
||||
user.aum = this.aum
|
||||
administrator: this.administrator
|
||||
}
|
||||
|
||||
return user
|
||||
|
||||
Reference in New Issue
Block a user