Merge remote-tracking branch 'origin/master'

Add features for super admin, fix error of list all staff
12 changed files with 160 additions and 82 deletions
--- a/src/api/controllers/v1/path.controller.js
+++ b/src/api/controllers/v1/path.controller.js
@ -194,16 +194,3 @@ exports.deleteMultiple = (req, res, next) => {
        return ErrorHandel(ex, req, res, next);
    }
 };
 // exports.downloadZipFolder = (req,res,next) => {
 //     try{
 //         const user = req.user;
 //         const namefile = `${user.name}-${Date.now()}.zip`;
 //         const dir = `${storageConfig.uri}/${user.id}/${namefile}`;
 //     }catch(ex ) {
 //         return ErrorHandel(ex,req,res,next);
 //     }
 // };
--- a/src/api/controllers/v1/staff.controller.js
+++ b/src/api/controllers/v1/staff.controller.js
@ -32,19 +32,6 @@ exports.create = async (req, res, next) => {
        });    
    // await User.destroy({
    //     where : {
    //         email: "teststaff@gmail.com"
    //     }
    // }).then( rs => { 
    //     return res.json({
    //         ms: "success"
    //     });
    // }).catch(ex => {
    //     ErrorHandler(ex,req,res,next);
    // })
 };
 /**
@ -57,10 +44,15 @@ exports.create = async (req, res, next) => {
 exports.list = async (req, res, next) => {
    req.query.services = User.Services.STAFF;
    // console.log(req.query)
-    await User.list(
+    await User.findAll(
-       req.query
+       {
        where : {
            is_active: true,
            service : "staff"
        }
       }
    ).then(result => {
-        console.log(result );
+        // console.log(result );
        res.json({
            code: 0,
            count: req.totalRecords,
@ -92,6 +84,12 @@ exports.get = async (req, res, next) => res.json({ data: User.transform(req.loca
 */
 exports.update = async (req, res, next) => {
    const { user } = req.locals;
    if (user.service !== "service") {
        return res.status(404).json({
            code: 404,
            message : messages.NOT_FOUND
        })
    }
    return User.update(
        req.body,
@ -119,6 +117,12 @@ exports.update = async (req, res, next) => {
 */
 exports.delete = async (req, res, next) => {
    const { user } = req.locals;
    if (user.service !== "service") {
        return res.status(404).json({
            code: 404,
            message : messages.NOT_FOUND
        })
    }
    return User.update(
        {
@ -139,6 +143,7 @@ exports.delete = async (req, res, next) => {
    }).catch(ex => {
        ErrorHandler(ex, req, res, next);
    });
 };
 exports.getStaffPermission = async (req, res, next) => {
@ -197,3 +202,44 @@ exports.active = async (req, res, next) => {
        ErrorHandler(ex, req, res, next);
    });
 };
 exports.addService = async (req,res,next) => {
    const {user} = req.locals;
    return User.update({
        service: 'service'
    }, {
        where: {
            id: user.id
        }
    }).then(() => {
        res.json({
            code: 0,
            message: messages.UPDATE_SUCCESS
        });
    }).catch(ex => {
        ErrorHandler(ex, req, res, next);
    })    
 };
 exports.changePassword = async(req,res,next) => {
    const {current_password, new_password } = req.body;
    const {user} = req.locals;
    const rounds = 10;
    const new_pass = await hash(new_password, rounds); 
    return User.update(
        {password: new_pass},
        {
            where: {
                id: user.id
            }
        },
    ).then( async () => {
        res.json({               
            code: 0,
            message: messages.UPDATE_SUCCESS
        });
    }).catch(ex => {
        ErrorHandler(ex, req, res, next);
    });
 };
--- a/src/api/controllers/v1/user.controller.js
+++ b/src/api/controllers/v1/user.controller.js
@ -42,8 +42,11 @@ exports.create = async (req, res, next) => {
 */
 exports.list = async (req, res, next) => {
    req.query.services = User.Services.USER;
-    User.list(
+    // console.log(req.query.services);
-        req.query
+    User.list( {
        service : "user",
        is_active: true
    }
    ).then(result => {
        res.json({
            code: 0,
@ -142,37 +145,6 @@ exports.getStaffPermission = async (req, res, next) => {
        data: story
    });
 };
 // exports.addRole = async(req,res,next) => {
 //     const {user} = req.locals;
 //     const admin = ['administrator'];
 //     // const user.permissions[0] = admin;
 //     return User.update({
 //         permissions: admin,
 //         service: 'administrator'
 //     },
 //     {
 //         where : {id : user.id} 
 //     }
 //     ).then( async () => {
 //         const new_user = await User.get(req.params.id);
 //         console.log(new_user);
 //         res.json( 
 //         {
 //             code: 0,
 //             messages: messages.CREATE_SUCCESS
 //         }
 //         );
 //     }).catch( ex => {
 //         ErrorHandler(ex, req, res, next);
 //     })
 // }
 exports.updatePassword = async(req,res,next) => { 
    const {new_password} = req.body;
    const {user} = req.locals;
--- a/src/api/middlewares/auth.middleware.js
+++ b/src/api/middlewares/auth.middleware.js
@ -238,10 +238,12 @@ const checkPermission = async (req, permissions, additionalCheck) => {
    switch (req.authInfo.accessLevel) {
        case ConsumerGroups.SERVICE:
            // allow all access with service level
            return null;
        case ConsumerGroups.STAFF:
            // remove user permission
            // console.log("1231231232");
            console.log("from staff");
            if (userPermissionIndex !== -1) {
                permissionsToCheck.splice(userPermissionIndex, 1);
            }
@ -252,7 +254,7 @@ const checkPermission = async (req, permissions, additionalCheck) => {
            }
            break;
        case ConsumerGroups.USER:
-            console.log("req.authInfo.accessLevel1");
+            // console.log("from user");
            if (userPermissionIndex === -1) {
                apiError.status = httpStatus.FORBIDDEN;
                apiError.message = 'Forbidden';
--- a/src/api/middlewares/staff.middleware.js
+++ b/src/api/middlewares/staff.middleware.js
@ -3,6 +3,7 @@ import { cloneDeep, pick } from 'lodash';
 import { hash } from 'bcryptjs';
 import { handler as ErrorHandler } from './error';
 import User from '../../common/models/user.model';
 import messages from '../../config/messages';
 /**
 * Converter
 * @param {*} str
@ -71,7 +72,7 @@ exports.checkExistingEmail = async (req, res, next) => {
            where: { email: req.body.email }
        });
        if (user) {
-            return res.status(400).json({ message: 'email have aldready exist', data: user , email: req.body.email});
+            return res.status(400).json({ message: 'email have aldready exist'});
        }
        return next();
    } catch (ex) {
@ -122,3 +123,19 @@ exports.prepareParamsUpdated = async (req, res, next) => {
    next();
 };
 // check current  password
 exports.checkCurrentPassword = async (req,res,next) => {
    const {current_password, new_password} = req.body;
    const {user} = req.locals;
    const isCheck = await User.passwordMatches(user, current_password);
    if (!isCheck) {
        return res.status(404).json({
            code : 0,
            message : "email or password is incorrect!"
        })
    };
    return next();
 }
--- a/src/api/middlewares/user.middleware.js
+++ b/src/api/middlewares/user.middleware.js
@ -3,6 +3,8 @@ import Moment from 'moment-timezone';
 import JWT from 'jsonwebtoken';
 import { handler as ErrorHandler } from './error';
 import User from '../../common/models/user.model';
 import permissions from '../../common/utils/Permissions';
 /**
 * Load item by id add to req locals.
 */
@ -27,12 +29,34 @@ exports.count = async (req, res, next) => {
        req.totalRecords = await User.totalRecords(
            req.query
        );
        return next();
    } catch (ex) {
        return ErrorHandler(ex, req, res, next);
    }
 };
 /**
 * Load count account with user service
 */
 exports.countUser = async(req,res,next) => {
    try{
        req.totalRecords = await User.count({
            where: {
                is_active: true,
                service : permissions.USER
            }
        });
        console.log(req.query);
        return next();
    } catch (ex ) {
        return ErrorHandler(ex,req,res,next);
    };
 };
 /**
 * Load item by id add to req locals.
 */
--- a/src/api/routes/v1/image.route.js
+++ b/src/api/routes/v1/image.route.js
@ -1,7 +1,7 @@
 import express from 'express';
 // import validate from 'express-validation';
-// import { authorize } from '../../middlewares/auth.middleware';
+import { authorize } from '../../middlewares/auth.middleware';
-// import Permissions from '../../../common/utils/Permissions';
+import Permissions from '../../../common/utils/Permissions';
 import { uploader } from '../../../common/services/adapters/upload-adapter';
 import controller from '../../controllers/v1/image.controller';
--- a/src/api/routes/v1/staff.route.js
+++ b/src/api/routes/v1/staff.route.js
@ -16,13 +16,15 @@ const router = express.Router();
 router
    .route('/')
    .get(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.SERVICE]),
        middleware.count,
        // middleware.load,
        controller.list
    )
    .post(
        validate(createValidation),
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.SERVICE]),
        middleware.prepareParams,
        middleware.checkExistingEmail,
        controller.create
@ -31,34 +33,56 @@ router
 router
    .route('/:id')
    .get(
        authorize([permissions.SERVICE]),
        middleware.load,
        controller.get
        // controller.addService
    )
    .put(
        validate(updateValidation),
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.SERVICE]),
        middleware.load,
        middleware.prepareParamsUpdated,
        controller.update
    )
    .delete(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.SERVICE]),
        middleware.load,
        controller.delete
    );
 router
    .route('/:id/block')
    .post(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.STAFF]),
        middleware.load,
        controller.block
    );
 router
    .route('/:id/active')
    .post(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.STAFF]),
        middleware.load,
        controller.active
    );
 // super admin change password for themself
 router
    .route("/resetpassword/:id")
    .post(
        authorize([permissions.SERVICE]),
        middleware.load,
        middleware.checkCurrentPassword,
        controller.changePassword
    );
 //super admin change password for admin
 router
    .route("/change-password/:id")
    .post(
        authorize([permissions.SERVICE]),
        middleware.load,
        controller.changePassword
    );
 export default router;
--- a/src/api/routes/v1/user.route.js
+++ b/src/api/routes/v1/user.route.js
@ -15,11 +15,13 @@ const router = express.Router();
 router
    .route('/')
    .get(
        authorize([permissions.STAFF]),
        validate(listValidation),
-        middleware.count,
+        middleware.countUser,
        controller.list
    )
    .post(
        authorize([permissions.STAFF]),
        validate(createValidation),
        // authorize([permissions.USER_CREATE]),
        middleware.checkEmail,
@ -34,12 +36,12 @@ router
    )
    .put(
        validate(updateValidation),
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.STAFF]),
        middleware.load,
        controller.update
    )
    .delete(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.STAFF]),
        middleware.load,
        controller.delete
    );
@ -55,7 +57,7 @@ router.route("/:id/reset-password").
 router.route("/change-password/:id").
    post(
-        authorize([permissions.LOGGED_IN]),
+        authorize([permissions.STAFF]),
        middleware.load, 
        // middleware.checkCurrentPassword,
        controller.updatePassword
--- a/src/common/models/user.model.js
+++ b/src/common/models/user.model.js
@ -770,7 +770,7 @@ User.get = async (userId) => {
                is_active: true
            }
        });
-        console.log(user);
+        // console.log(user);
        if (isNil(user)) {
            throw new APIError({
                status: httpStatus.NOT_FOUND,
--- a/src/common/utils/Permissions.js
+++ b/src/common/utils/Permissions.js
@ -2,9 +2,12 @@ import { serviceName } from '../../config/vars';
 export default {
    // Service Permission
    // service: user : 'user'
    USER: 'user',
-    // ADMINISTRATOR : 'administrator',
+    // service: staff : 'staff'
-    LOGGED_IN: 'staff',
+    STAFF: 'staff',
    SERVICE: 'service',
    // For Product Route
    PRODUCT_VIEW: `${serviceName}_product_view`,
--- a/src/config/locales/en.json
+++ b/src/config/locales/en.json
@ -27,5 +27,6 @@
 	"column user.services does not exist": "column user.services does not exist",
 	"log is not defined": "log is not defined",
 	"connect ETIMEDOUT 113.177.27.200:5432": "connect ETIMEDOUT 113.177.27.200:5432",
-	"Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed"
+	"Validation error: Validation isEmail on email failed": "Validation error: Validation isEmail on email failed",
 	"WHERE parameter \"id\" has invalid \"undefined\" value": "WHERE parameter \"id\" has invalid \"undefined\" value"
 }
Author	SHA1	Message	Date
tnud0	76b231804e	Merge remote-tracking branch 'origin/master'	2 years ago
tnud0	6d1e51c96a	Add features for super admin, fix error of list all staff	2 years ago