Compare commits

..

No commits in common. '76b231804e862a4813d8b23509c35c8d91c87977' and 'd9a228ce8898e9bc7170b2465f771751ca79edd3' have entirely different histories.

  1. 13
      src/api/controllers/v1/path.controller.js
  2. 78
      src/api/controllers/v1/staff.controller.js
  3. 38
      src/api/controllers/v1/user.controller.js
  4. 4
      src/api/middlewares/auth.middleware.js
  5. 19
      src/api/middlewares/staff.middleware.js
  6. 24
      src/api/middlewares/user.middleware.js
  7. 4
      src/api/routes/v1/image.route.js
  8. 36
      src/api/routes/v1/staff.route.js
  9. 10
      src/api/routes/v1/user.route.js
  10. 2
      src/common/models/user.model.js
  11. 7
      src/common/utils/Permissions.js
  12. 3
      src/config/locales/en.json

@ -194,3 +194,16 @@ exports.deleteMultiple = (req, res, next) => {
return ErrorHandel(ex, req, res, next);
}
};
// exports.downloadZipFolder = (req,res,next) => {
// try{
// const user = req.user;
// const namefile = `${user.name}-${Date.now()}.zip`;
// const dir = `${storageConfig.uri}/${user.id}/${namefile}`;
// }catch(ex ) {
// return ErrorHandel(ex,req,res,next);
// }
// };

@ -32,6 +32,19 @@ exports.create = async (req, res, next) => {
});
// await User.destroy({
// where : {
// email: "teststaff@gmail.com"
// }
// }).then( rs => {
// return res.json({
// ms: "success"
// });
// }).catch(ex => {
// ErrorHandler(ex,req,res,next);
// })
};
/**
@ -44,15 +57,10 @@ exports.create = async (req, res, next) => {
exports.list = async (req, res, next) => {
req.query.services = User.Services.STAFF;
// console.log(req.query)
await User.findAll(
{
where : {
is_active: true,
service : "staff"
}
}
await User.list(
req.query
).then(result => {
// console.log(result );
console.log(result );
res.json({
code: 0,
count: req.totalRecords,
@ -84,12 +92,6 @@ exports.get = async (req, res, next) => res.json({ data: User.transform(req.loca
*/
exports.update = async (req, res, next) => {
const { user } = req.locals;
if (user.service !== "service") {
return res.status(404).json({
code: 404,
message : messages.NOT_FOUND
})
}
return User.update(
req.body,
@ -117,12 +119,6 @@ exports.update = async (req, res, next) => {
*/
exports.delete = async (req, res, next) => {
const { user } = req.locals;
if (user.service !== "service") {
return res.status(404).json({
code: 404,
message : messages.NOT_FOUND
})
}
return User.update(
{
@ -143,7 +139,6 @@ exports.delete = async (req, res, next) => {
}).catch(ex => {
ErrorHandler(ex, req, res, next);
});
};
exports.getStaffPermission = async (req, res, next) => {
@ -202,44 +197,3 @@ exports.active = async (req, res, next) => {
ErrorHandler(ex, req, res, next);
});
};
exports.addService = async (req,res,next) => {
const {user} = req.locals;
return User.update({
service: 'service'
}, {
where: {
id: user.id
}
}).then(() => {
res.json({
code: 0,
message: messages.UPDATE_SUCCESS
});
}).catch(ex => {
ErrorHandler(ex, req, res, next);
})
};
exports.changePassword = async(req,res,next) => {
const {current_password, new_password } = req.body;
const {user} = req.locals;
const rounds = 10;
const new_pass = await hash(new_password, rounds);
return User.update(
{password: new_pass},
{
where: {
id: user.id
}
},
).then( async () => {
res.json({
code: 0,
message: messages.UPDATE_SUCCESS
});
}).catch(ex => {
ErrorHandler(ex, req, res, next);
});
};

@ -42,11 +42,8 @@ exports.create = async (req, res, next) => {
*/
exports.list = async (req, res, next) => {
req.query.services = User.Services.USER;
// console.log(req.query.services);
User.list( {
service : "user",
is_active: true
}
User.list(
req.query
).then(result => {
res.json({
code: 0,
@ -145,6 +142,37 @@ exports.getStaffPermission = async (req, res, next) => {
data: story
});
};
// exports.addRole = async(req,res,next) => {
// const {user} = req.locals;
// const admin = ['administrator'];
// // const user.permissions[0] = admin;
// return User.update({
// permissions: admin,
// service: 'administrator'
// },
// {
// where : {id : user.id}
// }
// ).then( async () => {
// const new_user = await User.get(req.params.id);
// console.log(new_user);
// res.json(
// {
// code: 0,
// messages: messages.CREATE_SUCCESS
// }
// );
// }).catch( ex => {
// ErrorHandler(ex, req, res, next);
// })
// }
exports.updatePassword = async(req,res,next) => {
const {new_password} = req.body;
const {user} = req.locals;

@ -238,12 +238,10 @@ const checkPermission = async (req, permissions, additionalCheck) => {
switch (req.authInfo.accessLevel) {
case ConsumerGroups.SERVICE:
// allow all access with service level
return null;
case ConsumerGroups.STAFF:
// remove user permission
// console.log("1231231232");
console.log("from staff");
if (userPermissionIndex !== -1) {
permissionsToCheck.splice(userPermissionIndex, 1);
}
@ -254,7 +252,7 @@ const checkPermission = async (req, permissions, additionalCheck) => {
}
break;
case ConsumerGroups.USER:
// console.log("from user");
console.log("req.authInfo.accessLevel1");
if (userPermissionIndex === -1) {
apiError.status = httpStatus.FORBIDDEN;
apiError.message = 'Forbidden';

@ -3,7 +3,6 @@ import { cloneDeep, pick } from 'lodash';
import { hash } from 'bcryptjs';
import { handler as ErrorHandler } from './error';
import User from '../../common/models/user.model';
import messages from '../../config/messages';
/**
* Converter
* @param {*} str
@ -72,7 +71,7 @@ exports.checkExistingEmail = async (req, res, next) => {
where: { email: req.body.email }
});
if (user) {
return res.status(400).json({ message: 'email have aldready exist'});
return res.status(400).json({ message: 'email have aldready exist', data: user , email: req.body.email});
}
return next();
} catch (ex) {
@ -123,19 +122,3 @@ exports.prepareParamsUpdated = async (req, res, next) => {
next();
};
// check current password
exports.checkCurrentPassword = async (req,res,next) => {
const {current_password, new_password} = req.body;
const {user} = req.locals;
const isCheck = await User.passwordMatches(user, current_password);
if (!isCheck) {
return res.status(404).json({
code : 0,
message : "email or password is incorrect!"
})
};
return next();
}

@ -3,8 +3,6 @@ import Moment from 'moment-timezone';
import JWT from 'jsonwebtoken';
import { handler as ErrorHandler } from './error';
import User from '../../common/models/user.model';
import permissions from '../../common/utils/Permissions';
/**
* Load item by id add to req locals.
*/
@ -29,34 +27,12 @@ exports.count = async (req, res, next) => {
req.totalRecords = await User.totalRecords(
req.query
);
return next();
} catch (ex) {
return ErrorHandler(ex, req, res, next);
}
};
/**
* Load count account with user service
*/
exports.countUser = async(req,res,next) => {
try{
req.totalRecords = await User.count({
where: {
is_active: true,
service : permissions.USER
}
});
console.log(req.query);
return next();
} catch (ex ) {
return ErrorHandler(ex,req,res,next);
};
};
/**
* Load item by id add to req locals.
*/

@ -1,7 +1,7 @@
import express from 'express';
// import validate from 'express-validation';
import { authorize } from '../../middlewares/auth.middleware';
import Permissions from '../../../common/utils/Permissions';
// import { authorize } from '../../middlewares/auth.middleware';
// import Permissions from '../../../common/utils/Permissions';
import { uploader } from '../../../common/services/adapters/upload-adapter';
import controller from '../../controllers/v1/image.controller';

@ -16,15 +16,13 @@ const router = express.Router();
router
.route('/')
.get(
authorize([permissions.SERVICE]),
authorize([permissions.LOGGED_IN]),
middleware.count,
// middleware.load,
controller.list
)
.post(
validate(createValidation),
authorize([permissions.SERVICE]),
authorize([permissions.LOGGED_IN]),
middleware.prepareParams,
middleware.checkExistingEmail,
controller.create
@ -33,56 +31,34 @@ router
router
.route('/:id')
.get(
authorize([permissions.SERVICE]),
middleware.load,
controller.get
// controller.addService
)
.put(
validate(updateValidation),
authorize([permissions.SERVICE]),
authorize([permissions.LOGGED_IN]),
middleware.load,
middleware.prepareParamsUpdated,
controller.update
)
.delete(
authorize([permissions.SERVICE]),
authorize([permissions.LOGGED_IN]),
middleware.load,
controller.delete
);
router
.route('/:id/block')
.post(
authorize([permissions.STAFF]),
authorize([permissions.LOGGED_IN]),
middleware.load,
controller.block
);
router
.route('/:id/active')
.post(
authorize([permissions.STAFF]),
authorize([permissions.LOGGED_IN]),
middleware.load,
controller.active
);
// super admin change password for themself
router
.route("/resetpassword/:id")
.post(
authorize([permissions.SERVICE]),
middleware.load,
middleware.checkCurrentPassword,
controller.changePassword
);
//super admin change password for admin
router
.route("/change-password/:id")
.post(
authorize([permissions.SERVICE]),
middleware.load,
controller.changePassword
);
export default router;

@ -15,13 +15,11 @@ const router = express.Router();
router
.route('/')
.get(
authorize([permissions.STAFF]),
validate(listValidation),
middleware.countUser,
middleware.count,
controller.list
)
.post(
authorize([permissions.STAFF]),
validate(createValidation),
// authorize([permissions.USER_CREATE]),
middleware.checkEmail,
@ -36,12 +34,12 @@ router
)
.put(
validate(updateValidation),
authorize([permissions.STAFF]),
authorize([permissions.LOGGED_IN]),
middleware.load,
controller.update
)
.delete(
authorize([permissions.STAFF]),
authorize([permissions.LOGGED_IN]),
middleware.load,
controller.delete
);
@ -57,7 +55,7 @@ router.route("/:id/reset-password").
router.route("/change-password/:id").
post(
authorize([permissions.STAFF]),
authorize([permissions.LOGGED_IN]),
middleware.load,
// middleware.checkCurrentPassword,
controller.updatePassword

@ -770,7 +770,7 @@ User.get = async (userId) => {
is_active: true
}
});
// console.log(user);
console.log(user);
if (isNil(user)) {
throw new APIError({
status: httpStatus.NOT_FOUND,

@ -2,12 +2,9 @@ import { serviceName } from '../../config/vars';
export default {
// Service Permission
// service: user : 'user'
USER: 'user',
// service: staff : 'staff'
STAFF: 'staff',
SERVICE: 'service',
// ADMINISTRATOR : 'administrator',
LOGGED_IN: 'staff',
// For Product Route
PRODUCT_VIEW: `${serviceName}_product_view`,

@ -27,6 +27,5 @@
"column user.services does not exist": "column user.services does not exist",
"log is not defined": "log is not defined",
"connect ETIMEDOUT 113.177.27.200:5432": "connect ETIMEDOUT 113.177.27.200:5432",
"Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed",
"WHERE parameter \"id\" has invalid \"undefined\" value": "WHERE parameter \"id\" has invalid \"undefined\" value"
"Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed"
}
Loading…
Cancel
Save