mirror of
https://github.com/orangecoding/fredy.git
synced 2026-06-16 12:31:07 +00:00
3e5cd97400
* upgrading dependencies, fixing image placeholder * improving processing times label and hide when screen width is too low * aligning run now button * renaming settings -> general settings * smaller security and memory improvements * improving footer * preparing listing management * improve filtering for listings * preparing new settings page * preparing new settings page * storing settings in db * next release version
79 lines
2.5 KiB
JavaScript
79 lines
2.5 KiB
JavaScript
import restana from 'restana';
|
|
import * as userStorage from '../../services/storage/userStorage.js';
|
|
import * as jobStorage from '../../services/storage/jobStorage.js';
|
|
import { getSettings } from '../../services/storage/settingsStorage.js';
|
|
const service = restana();
|
|
const userRouter = service.newRouter();
|
|
function checkIfAnyAdminAfterRemovingUser(userIdToBeRemoved, allUser) {
|
|
return allUser.filter((user) => user.id !== userIdToBeRemoved && user.isAdmin).length > 0;
|
|
}
|
|
function checkIfUserToBeRemovedIsLoggedIn(userIdToBeRemoved, req) {
|
|
return req.session.currentUser === userIdToBeRemoved;
|
|
}
|
|
const nullOrEmpty = (str) => str == null || str.length === 0;
|
|
|
|
userRouter.get('/', async (req, res) => {
|
|
res.body = userStorage.getUsers(false);
|
|
res.send();
|
|
});
|
|
|
|
userRouter.get('/:userId', async (req, res) => {
|
|
const { userId } = req.params;
|
|
res.body = userStorage.getUser(userId);
|
|
res.send();
|
|
});
|
|
userRouter.delete('/', async (req, res) => {
|
|
const settings = await getSettings();
|
|
if (settings.demoMode) {
|
|
res.send(new Error('In demo mode, it is not allowed to remove user.'));
|
|
return;
|
|
}
|
|
|
|
const { userId } = req.body;
|
|
const allUser = userStorage.getUsers(false);
|
|
if (!checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
|
|
res.send(new Error('You are trying to remove the last admin user. This is prohibited.'));
|
|
return;
|
|
}
|
|
if (checkIfUserToBeRemovedIsLoggedIn(userId, req)) {
|
|
res.send(new Error('You are trying to remove yourself. This is prohibited.'));
|
|
return;
|
|
}
|
|
//TODO: Remove also analytics
|
|
jobStorage.removeJobsByUserId(userId);
|
|
userStorage.removeUser(userId);
|
|
res.send();
|
|
});
|
|
userRouter.post('/', async (req, res) => {
|
|
const settings = await getSettings();
|
|
if (settings.demoMode) {
|
|
res.send(new Error('In demo mode, it is not allowed to change or add user.'));
|
|
return;
|
|
}
|
|
|
|
const { username, password, password2, isAdmin, userId } = req.body;
|
|
if (password !== password2) {
|
|
res.send(new Error('Passwords does not match'));
|
|
return;
|
|
}
|
|
if (nullOrEmpty(username) || nullOrEmpty(password) || nullOrEmpty(password2)) {
|
|
res.send(new Error('Username and password are mandatory.'));
|
|
return;
|
|
}
|
|
const allUser = userStorage.getUsers(false);
|
|
if (!isAdmin && !checkIfAnyAdminAfterRemovingUser(userId, allUser)) {
|
|
res.send(
|
|
new Error('You cannot change the admin flag for this user as otherwise, there is no other user in the system'),
|
|
);
|
|
return;
|
|
}
|
|
userStorage.upsertUser({
|
|
userId,
|
|
username,
|
|
password,
|
|
isAdmin,
|
|
});
|
|
res.send();
|
|
});
|
|
export { userRouter };
|