john/deighton-ar
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New assets, fixed list box scrolling, header text, etc..

Browse Source
This commit is contained in:
John Lyon-Smith
2018-03-05 15:18:08 -08:00
parent eaf26343b8
commit 535fffaf41
33 changed files with 354 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
server/src/api/routes/UserRoutes.js
View File

@@ -24,9 +24,6 @@ export class UserRoutes {
.post(passport.authenticate('bearer', { session: false }), this.createUser)
.put(passport.authenticate('bearer', { session: false }), this.updateUser)
app.route('/users/brokers')
.get(passport.authenticate('bearer', { session: false }), this.listBrokerUsers)
app.route('/users/:_id([a-f0-9]{24})')
.get(passport.authenticate('bearer', { session: false }), this.getUser)
.delete(passport.authenticate('bearer', { session: false }), this.deleteUser)
@@ -45,9 +42,9 @@ export class UserRoutes {
const User = this.db.User
const limit = req.params.limit || 20
const skip = req.params.skip || 0
const role = req.user.role
const isAdmin = !!req.user.administrator
if (role !== 'executive' && role !== 'administrator') {
if (!isAdmin) {
return next(new createError.Forbidden())
}
@@ -76,41 +73,14 @@ export class UserRoutes {
})
}
listBrokerUsers(req, res, next) {
let User = this.db.User
const role = req.user.role
if (role !== 'executive' && role !== 'administrator') {
return next(new createError.Forbidden())
}
let users = []
let cursor = User.find({ role: 'broker' })
.select('_id firstName lastName thumbnailImageId t12 aum numHouseholds cellPhone').cursor()
cursor.on('data', (doc) => {
users.push(doc)
})
cursor.on('end', () => {
res.json({
total: users.length,
offset: 0,
count: users.length,
items: users
})
})
cursor.on('error', (err) => {
next(createError.InternalServerError(err.message))
})
}
getUser(req, res, next) {
let User = this.db.User
const _id = req.params._id
const isSelf = (_id === req.user._id)
const isAdmin = req.user.administrator
// User can see themselves, otherwise must be super user
if (!isSelf && role !== 'executive' && role !== 'administrator') {
if (!isSelf && !isAdmin) {
return next(new createError.Forbidden())
}
@@ -130,9 +100,9 @@ export class UserRoutes {
}
createUser(req, res, next) {
const role = req.user.role
const isAdmin = req.user.administrator
if (role !== 'executive' && role !== 'administrator') {
if (!isAdmin) {
return next(new createError.Forbidden())
}
@@ -168,7 +138,7 @@ export class UserRoutes {
}
updateUser(req, res, next) {
const role = req.user.role
const isAdmin = req.user.administrator
// Do this here because Mongoose will add it automatically otherwise
if (!req.body._id) {
@@ -178,7 +148,7 @@ export class UserRoutes {
const isSelf = (req.body._id === req.user._id.toString())
// User can change themselves, otherwise must be super user
if (!isSelf && role !== 'executive' && role !== 'administrator') {
if (!isSelf && !isAdmin) {
return next(new createError.Forbidden())
}
@@ -191,8 +161,8 @@ export class UserRoutes {
return next(createError.BadRequest('Invalid data'))
}
if (isSelf && userUpdates.role && userUpdates.role !== req.user.role) {
return next(createError.BadRequest('Cannot modify own role'))
if (isSelf && !isAdmin) {
return next(createError.BadRequest('Cannot modify own administrator level'))
}
User.findById(userUpdates._id).then((foundUser) => {
@@ -213,7 +183,7 @@ export class UserRoutes {
}
setImage(req, res, next) {
const role = req.user.role
const isAdmin = req.user.administrator
const { _id, imageId } = req.body
if (!_id || !imageId) {
@@ -223,7 +193,7 @@ export class UserRoutes {
const isSelf = (_id === req.user._id.toString())
// User can change themselves, otherwise must be super user
if (!isSelf && role !== 'executive' && role !== 'administrator') {
if (!isSelf && !isAdmin) {
return next(new createError.Forbidden())
}
@@ -304,9 +274,9 @@ export class UserRoutes {
}
deleteUser(req, res, next) {
const role = req.user.role
const isAdmin = req.user.administrator
if (role !== 'executive' && role !== 'administrator') {
if (!isAdmin) {
return new createError.Forbidden()
}