check if user is creator and prevent role change for him

2022-10-14 15:02:33 +02:00 · 2022-10-14 15:02:33 +02:00 · 3cb6e576ce
parent d16d669b37
commit 3cb6e576ce
3 changed files with 8 additions and 1 deletions
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -24,6 +24,7 @@ model User {
 enum Role {
  USER
  ADMIN
  CREATOR
 }
 model Post {
--- a/src/api/users/roles.ts
+++ b/src/api/users/roles.ts
@ -4,7 +4,7 @@ import { changeUserRoles, getUserById } from "@/controller/UserController";
 export default async (req: Request, res: Response) => {
  try {
    const user = await getUserById(req.userId);
-    if (user?.role !== "ADMIN") {
+    if (user?.role !== "ADMIN" && user?.role !== "CREATOR") {
      return res.status(403).send({ error: "Forbidden" });
    }
    const id = parseInt(req.params.id);
--- a/src/controller/UserController.ts
+++ b/src/controller/UserController.ts
@ -62,6 +62,9 @@ const newUser = async (user: User) => {
 };
 export const changeUserRoles = async (id: number, role: Role) => {
  if (role === 'CREATOR') {
    return new Error('You cannot change user role to CREATOR');
  }
  const currentUser = await prisma.user.findUnique({
    where: {
      id,
@ -74,6 +77,9 @@ export const changeUserRoles = async (id: number, role: Role) => {
  if (currentUser.role === role) {
    throw new Error('User already has this role');
  }
  if (currentUser.role === 'CREATOR') {
    throw new Error('You cannot change role of user with CREATOR role');
  }
  const updatedUser = await prisma.user.update({
    where: {