From 6d1e51c96ad0ff0133052c2a42a175b3458c4e8d Mon Sep 17 00:00:00 2001 From: tnud0 <2001040219@s.hanu.edu.vn> Date: Tue, 16 May 2023 02:00:52 +0700 Subject: [PATCH] Add features for super admin, fix error of list all staff --- src/api/controllers/v1/path.controller.js | 15 +--- src/api/controllers/v1/staff.controller.js | 80 +++++++++++++++++----- src/api/controllers/v1/user.controller.js | 38 ++-------- src/api/middlewares/auth.middleware.js | 4 +- src/api/middlewares/authen.middleware.js | 4 +- src/api/middlewares/staff.middleware.js | 19 ++++- src/api/middlewares/user.middleware.js | 24 +++++++ src/api/routes/v1/image.route.js | 4 +- src/api/routes/v1/staff.route.js | 36 ++++++++-- src/api/routes/v1/user.route.js | 10 +-- src/common/models/user.model.js | 2 +- src/common/utils/Permissions.js | 7 +- src/config/locales/en.json | 3 +- 13 files changed, 162 insertions(+), 84 deletions(-) diff --git a/src/api/controllers/v1/path.controller.js b/src/api/controllers/v1/path.controller.js index e4fc29c..5a0ad0d 100644 --- a/src/api/controllers/v1/path.controller.js +++ b/src/api/controllers/v1/path.controller.js @@ -193,17 +193,4 @@ exports.deleteMultiple = (req, res, next) => { } catch (ex) { return ErrorHandel(ex, req, res, next); } -}; - -// exports.downloadZipFolder = (req,res,next) => { -// try{ - -// const user = req.user; -// const namefile = `${user.name}-${Date.now()}.zip`; -// const dir = `${storageConfig.uri}/${user.id}/${namefile}`; - - -// }catch(ex ) { -// return ErrorHandel(ex,req,res,next); -// } -// }; +}; \ No newline at end of file diff --git a/src/api/controllers/v1/staff.controller.js b/src/api/controllers/v1/staff.controller.js index 2285fd1..4a31b3e 100644 --- a/src/api/controllers/v1/staff.controller.js +++ b/src/api/controllers/v1/staff.controller.js @@ -31,20 +31,7 @@ exports.create = async (req, res, next) => { ErrorHandler(ex, req, res, next); - }); - // await User.destroy({ - // where : { - // email: "teststaff@gmail.com" - // } - // }).then( rs => { - // return res.json({ - // ms: "success" - // }); - // }).catch(ex => { - // ErrorHandler(ex,req,res,next); - // }) - - + }); }; /** @@ -57,10 +44,15 @@ exports.create = async (req, res, next) => { exports.list = async (req, res, next) => { req.query.services = User.Services.STAFF; // console.log(req.query) - await User.list( - req.query + await User.findAll( + { + where : { + is_active: true, + service : "staff" + } + } ).then(result => { - console.log(result ); + // console.log(result ); res.json({ code: 0, count: req.totalRecords, @@ -92,6 +84,12 @@ exports.get = async (req, res, next) => res.json({ data: User.transform(req.loca */ exports.update = async (req, res, next) => { const { user } = req.locals; + if (user.service !== "service") { + return res.status(404).json({ + code: 404, + message : messages.NOT_FOUND + }) + } return User.update( req.body, @@ -119,6 +117,12 @@ exports.update = async (req, res, next) => { */ exports.delete = async (req, res, next) => { const { user } = req.locals; + if (user.service !== "service") { + return res.status(404).json({ + code: 404, + message : messages.NOT_FOUND + }) + } return User.update( { @@ -139,6 +143,7 @@ exports.delete = async (req, res, next) => { }).catch(ex => { ErrorHandler(ex, req, res, next); }); + }; exports.getStaffPermission = async (req, res, next) => { @@ -197,3 +202,44 @@ exports.active = async (req, res, next) => { ErrorHandler(ex, req, res, next); }); }; + +exports.addService = async (req,res,next) => { + const {user} = req.locals; + return User.update({ + service: 'service' + }, { + where: { + id: user.id + } + }).then(() => { + res.json({ + code: 0, + message: messages.UPDATE_SUCCESS + }); + }).catch(ex => { + ErrorHandler(ex, req, res, next); + }) +}; + + +exports.changePassword = async(req,res,next) => { + const {current_password, new_password } = req.body; + const {user} = req.locals; + const rounds = 10; + const new_pass = await hash(new_password, rounds); + return User.update( + {password: new_pass}, + { + where: { + id: user.id + } + }, + ).then( async () => { + res.json({ + code: 0, + message: messages.UPDATE_SUCCESS + }); + }).catch(ex => { + ErrorHandler(ex, req, res, next); + }); +}; diff --git a/src/api/controllers/v1/user.controller.js b/src/api/controllers/v1/user.controller.js index 39508b5..7eedf36 100644 --- a/src/api/controllers/v1/user.controller.js +++ b/src/api/controllers/v1/user.controller.js @@ -42,8 +42,11 @@ exports.create = async (req, res, next) => { */ exports.list = async (req, res, next) => { req.query.services = User.Services.USER; - User.list( - req.query + // console.log(req.query.services); + User.list( { + service : "user", + is_active: true + } ).then(result => { res.json({ code: 0, @@ -142,37 +145,6 @@ exports.getStaffPermission = async (req, res, next) => { data: story }); }; - -// exports.addRole = async(req,res,next) => { -// const {user} = req.locals; - -// const admin = ['administrator']; -// // const user.permissions[0] = admin; - -// return User.update({ -// permissions: admin, -// service: 'administrator' -// }, -// { -// where : {id : user.id} -// } -// ).then( async () => { -// const new_user = await User.get(req.params.id); -// console.log(new_user); -// res.json( -// { -// code: 0, -// messages: messages.CREATE_SUCCESS -// } - -// ); -// }).catch( ex => { -// ErrorHandler(ex, req, res, next); - -// }) -// } - - exports.updatePassword = async(req,res,next) => { const {new_password} = req.body; const {user} = req.locals; diff --git a/src/api/middlewares/auth.middleware.js b/src/api/middlewares/auth.middleware.js index 7ffcc3f..493a435 100644 --- a/src/api/middlewares/auth.middleware.js +++ b/src/api/middlewares/auth.middleware.js @@ -238,10 +238,12 @@ const checkPermission = async (req, permissions, additionalCheck) => { switch (req.authInfo.accessLevel) { case ConsumerGroups.SERVICE: // allow all access with service level + return null; case ConsumerGroups.STAFF: // remove user permission // console.log("1231231232"); + console.log("from staff"); if (userPermissionIndex !== -1) { permissionsToCheck.splice(userPermissionIndex, 1); } @@ -252,7 +254,7 @@ const checkPermission = async (req, permissions, additionalCheck) => { } break; case ConsumerGroups.USER: - console.log("req.authInfo.accessLevel1"); + // console.log("from user"); if (userPermissionIndex === -1) { apiError.status = httpStatus.FORBIDDEN; apiError.message = 'Forbidden'; diff --git a/src/api/middlewares/authen.middleware.js b/src/api/middlewares/authen.middleware.js index 3226dfe..ea748f4 100644 --- a/src/api/middlewares/authen.middleware.js +++ b/src/api/middlewares/authen.middleware.js @@ -35,7 +35,7 @@ exports.loadUser = async (req, res, next) => { try { const user = await User.getUserByPhoneOrEmail({ email: req.body.email || req.body.username }); if (!user) { - return res.status(400).json({ message: 'email incorrect' }); + return res.status(400).json({ message: 'email or password is incorrect' }); } req.locals = { user @@ -51,7 +51,7 @@ exports.checkPassword = async (req, res, next) => { // console.log(user); const isCheck = await User.passwordMatches(user, req.body.password); if (!isCheck) { - return res.status(400).json({ message: ' password incorrect' }); + return res.status(400).json({ message: 'email or password is incorrect' }); } return next(); }; diff --git a/src/api/middlewares/staff.middleware.js b/src/api/middlewares/staff.middleware.js index fa25e45..c3faeff 100644 --- a/src/api/middlewares/staff.middleware.js +++ b/src/api/middlewares/staff.middleware.js @@ -3,6 +3,7 @@ import { cloneDeep, pick } from 'lodash'; import { hash } from 'bcryptjs'; import { handler as ErrorHandler } from './error'; import User from '../../common/models/user.model'; +import messages from '../../config/messages'; /** * Converter * @param {*} str @@ -71,7 +72,7 @@ exports.checkExistingEmail = async (req, res, next) => { where: { email: req.body.email } }); if (user) { - return res.status(400).json({ message: 'email have aldready exist', data: user , email: req.body.email}); + return res.status(400).json({ message: 'email have aldready exist'}); } return next(); } catch (ex) { @@ -122,3 +123,19 @@ exports.prepareParamsUpdated = async (req, res, next) => { next(); }; + + +// check current password +exports.checkCurrentPassword = async (req,res,next) => { + const {current_password, new_password} = req.body; + const {user} = req.locals; + const isCheck = await User.passwordMatches(user, current_password); + if (!isCheck) { + return res.status(404).json({ + code : 0, + message : "email or password is incorrect!" + }) + }; + return next(); +} + diff --git a/src/api/middlewares/user.middleware.js b/src/api/middlewares/user.middleware.js index 75376ab..aa360b9 100644 --- a/src/api/middlewares/user.middleware.js +++ b/src/api/middlewares/user.middleware.js @@ -3,6 +3,8 @@ import Moment from 'moment-timezone'; import JWT from 'jsonwebtoken'; import { handler as ErrorHandler } from './error'; import User from '../../common/models/user.model'; +import permissions from '../../common/utils/Permissions'; + /** * Load item by id add to req locals. */ @@ -27,12 +29,34 @@ exports.count = async (req, res, next) => { req.totalRecords = await User.totalRecords( req.query ); + return next(); } catch (ex) { return ErrorHandler(ex, req, res, next); } }; + +/** + * Load count account with user service + */ + + +exports.countUser = async(req,res,next) => { + try{ + req.totalRecords = await User.count({ + where: { + is_active: true, + service : permissions.USER + } + }); + console.log(req.query); + return next(); + } catch (ex ) { + return ErrorHandler(ex,req,res,next); + }; +}; + /** * Load item by id add to req locals. */ diff --git a/src/api/routes/v1/image.route.js b/src/api/routes/v1/image.route.js index 2e603eb..6fcef01 100644 --- a/src/api/routes/v1/image.route.js +++ b/src/api/routes/v1/image.route.js @@ -1,7 +1,7 @@ import express from 'express'; // import validate from 'express-validation'; -// import { authorize } from '../../middlewares/auth.middleware'; -// import Permissions from '../../../common/utils/Permissions'; +import { authorize } from '../../middlewares/auth.middleware'; +import Permissions from '../../../common/utils/Permissions'; import { uploader } from '../../../common/services/adapters/upload-adapter'; import controller from '../../controllers/v1/image.controller'; diff --git a/src/api/routes/v1/staff.route.js b/src/api/routes/v1/staff.route.js index 50218fb..8a47bf8 100644 --- a/src/api/routes/v1/staff.route.js +++ b/src/api/routes/v1/staff.route.js @@ -16,13 +16,15 @@ const router = express.Router(); router .route('/') .get( - authorize([permissions.LOGGED_IN]), + authorize([permissions.SERVICE]), middleware.count, + // middleware.load, controller.list + ) .post( validate(createValidation), - authorize([permissions.LOGGED_IN]), + authorize([permissions.SERVICE]), middleware.prepareParams, middleware.checkExistingEmail, controller.create @@ -31,34 +33,56 @@ router router .route('/:id') .get( + authorize([permissions.SERVICE]), middleware.load, controller.get + // controller.addService ) .put( validate(updateValidation), - authorize([permissions.LOGGED_IN]), + authorize([permissions.SERVICE]), middleware.load, middleware.prepareParamsUpdated, controller.update ) .delete( - authorize([permissions.LOGGED_IN]), + authorize([permissions.SERVICE]), middleware.load, controller.delete ); router .route('/:id/block') .post( - authorize([permissions.LOGGED_IN]), + authorize([permissions.STAFF]), middleware.load, controller.block ); router .route('/:id/active') .post( - authorize([permissions.LOGGED_IN]), + authorize([permissions.STAFF]), middleware.load, controller.active ); + +// super admin change password for themself +router + .route("/resetpassword/:id") + .post( + authorize([permissions.SERVICE]), + middleware.load, + middleware.checkCurrentPassword, + controller.changePassword + + ); + +//super admin change password for admin +router + .route("/change-password/:id") + .post( + authorize([permissions.SERVICE]), + middleware.load, + controller.changePassword + ); export default router; diff --git a/src/api/routes/v1/user.route.js b/src/api/routes/v1/user.route.js index 5d781db..93e76d5 100644 --- a/src/api/routes/v1/user.route.js +++ b/src/api/routes/v1/user.route.js @@ -15,11 +15,13 @@ const router = express.Router(); router .route('/') .get( + authorize([permissions.STAFF]), validate(listValidation), - middleware.count, + middleware.countUser, controller.list ) .post( + authorize([permissions.STAFF]), validate(createValidation), // authorize([permissions.USER_CREATE]), middleware.checkEmail, @@ -34,12 +36,12 @@ router ) .put( validate(updateValidation), - authorize([permissions.LOGGED_IN]), + authorize([permissions.STAFF]), middleware.load, controller.update ) .delete( - authorize([permissions.LOGGED_IN]), + authorize([permissions.STAFF]), middleware.load, controller.delete ); @@ -55,7 +57,7 @@ router.route("/:id/reset-password"). router.route("/change-password/:id"). post( - authorize([permissions.LOGGED_IN]), + authorize([permissions.STAFF]), middleware.load, // middleware.checkCurrentPassword, controller.updatePassword diff --git a/src/common/models/user.model.js b/src/common/models/user.model.js index 1adcbc2..9f43eda 100644 --- a/src/common/models/user.model.js +++ b/src/common/models/user.model.js @@ -770,7 +770,7 @@ User.get = async (userId) => { is_active: true } }); - console.log(user); + // console.log(user); if (isNil(user)) { throw new APIError({ status: httpStatus.NOT_FOUND, diff --git a/src/common/utils/Permissions.js b/src/common/utils/Permissions.js index 98ab1ec..705acba 100644 --- a/src/common/utils/Permissions.js +++ b/src/common/utils/Permissions.js @@ -2,9 +2,12 @@ import { serviceName } from '../../config/vars'; export default { // Service Permission + // service: user : 'user' USER: 'user', - // ADMINISTRATOR : 'administrator', - LOGGED_IN: 'staff', + // service: staff : 'staff' + STAFF: 'staff', + + SERVICE: 'service', // For Product Route PRODUCT_VIEW: `${serviceName}_product_view`, diff --git a/src/config/locales/en.json b/src/config/locales/en.json index adf5344..8592bdb 100644 --- a/src/config/locales/en.json +++ b/src/config/locales/en.json @@ -27,5 +27,6 @@ "column user.services does not exist": "column user.services does not exist", "log is not defined": "log is not defined", "connect ETIMEDOUT 113.177.27.200:5432": "connect ETIMEDOUT 113.177.27.200:5432", - "Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed" + "Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed", + "WHERE parameter \"id\" has invalid \"undefined\" value": "WHERE parameter \"id\" has invalid \"undefined\" value" } \ No newline at end of file