polynux
/
groupomania
mirror of https://github.com/polynux/groupomania-openclassrooms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix error in role checking

This commit is contained in:
Guillaume Dorce 2022-10-14 15:23:39 +02:00
parent 3cb6e576ce
commit 53dfb81e7e
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/api/users/roles.ts
View File

@ -3,12 +3,21 @@ import { changeUserRoles, getUserById } from "@/controller/UserController";
export default async (req: Request, res: Response) => { export default async (req: Request, res: Response) => {
try { try {
const user = await getUserById(req.userId);
if (user?.role !== "ADMIN" && user?.role !== "CREATOR") {
return res.status(403).send({ error: "Forbidden" });
}
const id = parseInt(req.params.id);
const role = req.body.role; const role = req.body.role;
if (!role) {
return res.status(400).json({ error: "Role is required" });
}
const user = await getUserById(req.userId);
if (!user) {
return res.status(404).json({ error: "User not found" });
}
if (user.role !== 'ADMIN' && user.role !== 'CREATOR') {
return res.status(403).json({ error: "You are not allowed to do this" });
}
const id = parseInt(req.params.id);
const changedUser = await changeUserRoles(id, role); const changedUser = await changeUserRoles(id, role);
if (changedUser instanceof Error) { if (changedUser instanceof Error) {
return res.status(403).send(changedUser.message); return res.status(403).send(changedUser.message);