shpaq/sct-overseerr
1
0
Fork 0
mirror of https://github.com/sct/overseerr.git synced 2025-09-17 17:24:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: user edit functionality (managing permissions)

Browse Source
This commit is contained in:
sct
2020-11-17 05:48:59 +00:00
parent ff8b9d8e7e
commit 185ac2648f
17 changed files with 415 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
server/routes/user.ts
View File

@@ -1,6 +1,7 @@
import { Router } from 'express';
import { getRepository } from 'typeorm';
import { User } from '../entity/User';
import { hasPermission, Permission } from '../lib/permissions';
const router = Router();
@@ -50,6 +51,36 @@ router.put<{ id: string }>('/:id', async (req, res, next) => {
where: { id: Number(req.params.id) },
});
// Only let the owner user modify themselves
if (user.id === 1 && req.user?.id !== 1) {
return next({
status: 403,
message: 'You do not have permission to modify this user',
});
}
// Only let the owner grant admin privileges
if (
hasPermission(Permission.ADMIN, req.body.permissions) &&
req.user?.id !== 1
) {
return next({
status: 403,
message: 'You do not have permission to grant this level of access',
});
}
// Only let users with the manage settings permission, grant the same permission
if (
hasPermission(Permission.MANAGE_SETTINGS, req.body.permissions) &&
!hasPermission(Permission.MANAGE_SETTINGS, req.user?.permissions ?? 0)
) {
return next({
status: 403,
message: 'You do not have permission to grant this level of access',
});
}
Object.assign(user, req.body);
await userRepository.save(user);