Revert "feat: change users role and permissions (#475)" (#476)

This reverts commit e32957e.

Author: BEdev24

backend/migrations/1733147745970-update-role-and-permissions.ts

@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "2b1baa78-48e2-4671-aff8-da723a452325",
+		"_postman_id": "76b45677-bce1-4b13-8de8-db1a76d8e827",
 		"name": "CC Portal develop",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
 		"_exporter_id": "20133713"
@@ -278,41 +278,6 @@
 						}
 					},
 					"response": []
-				},
-				{
-					"name": "Change user role and permissions",
-					"request": {
-						"method": "PATCH",
-						"header": [
-							{
-								"key": "Authorization",
-								"value": "{{accessToken}}",
-								"type": "text"
-							}
-						],
-						"body": {
-							"mode": "raw",
-							"raw": "{\n    \"user_id\": \"1c3b9794-95c1-4c78-9948-b057996763f6\",\n    \"new_role\": \"admin\",\n    \"new_permissions\": [\"manage_cc_members\"]\n}",
-							"options": {
-								"raw": {
-									"language": "json"
-								}
-							}
-						},
-						"url": {
-							"raw": "{{base-url}}/api/users/{{userId}}/role-permissions",
-							"host": [
-								"{{base-url}}"
-							],
-							"path": [
-								"api",
-								"users",
-								"{{userId}}",
-								"role-permissions"
-							]
-						}
-					},
-					"response": []
 				}
 			]
 		},

backend/migrations/1733148028374-add-manage-permissions.ts

@@ -43,7 +43,6 @@ import { ToggleStatusRequest } from './request/toggle-status.request';
 import { ApiConditionalExcludeEndpoint } from 'src/common/decorators/api-conditional-exclude-endpoint.decorator';
 import { Permissions } from 'src/auth/guard/permission.decorator';
 import { RemoveUserRequest } from './request/remove-user.request';
-import { UpdateRoleAndPermissionsRequest } from './request/update-role-and-permissions.request';
 
 @ApiTags('Users')
 @Controller('users')
@@ -308,38 +307,4 @@ export class UsersController {
       message: 'User deleted successfully',
     };
   }
-
-  @ApiConditionalExcludeEndpoint()
-  @ApiBearerAuth('JWT-auth')
-  @ApiOperation({
-    summary: 'Update user role and permissions by superadmin',
-  })
-  @ApiParam({
-    name: 'id',
-    required: true,
-    description: 'Identification number of the user',
-    type: String,
-  })
-  @ApiBody({ type: UpdateRoleAndPermissionsRequest })
-  @ApiResponse({
-    status: 200,
-    description: 'User updated successfully.',
-    type: UserResponse,
-  })
-  @ApiResponse({ status: 400, description: 'Bad request' })
-  @ApiResponse({ status: 403, description: 'Forbidden resource' })
-  @ApiResponse({ status: 404, description: 'Not Found' })
-  @ApiResponse({ status: 500, description: 'Internal server error' })
-  @HttpCode(200)
-  @Patch(':id/role-permissions')
-  @Permissions(PermissionEnum.MANAGE_ROLES_AND_PERMISSIONS)
-  @UseGuards(JwtAuthGuard, UserPathGuard, PermissionGuard)
-  async updateUserRoleAndPermissions(
-    @Param('id', ParseUUIDPipe) id: string,
-    @Body() updateRoleAndPermissionsRequest: UpdateRoleAndPermissionsRequest,
-  ): Promise<UserResponse> {
-    return await this.usersFacade.updateUserRoleAndPermissions(
-      updateRoleAndPermissionsRequest,
-    );
-  }
 }

backend/postman/CC Portal develop.postman_collection.json

@@ -80,14 +80,12 @@ export class User extends CommonEntity {
   @Index('users_role_id_idx')
   @ManyToOne(() => Role, (role) => role.users, {
     eager: true,
-    onUpdate: 'CASCADE',
   })
   @JoinColumn({ name: 'role_id' })
   role: Role;
 
   @ManyToMany(() => Permission, (permission) => permission.users, {
     eager: true,
-    onUpdate: 'CASCADE',
   })
   @JoinTable({
     name: 'user_permissions',

backend/src/users/api/request/update-role-and-permissions.request.ts

@@ -2,5 +2,4 @@ export enum PermissionEnum {
   MANAGE_CC_MEMBERS = 'manage_cc_members',
   ADD_CONSTITUTION = 'add_constitution_version',
   MANAGE_ADMINS = 'manage_admins',
-  MANAGE_ROLES_AND_PERMISSIONS = 'manage_roles_and_permissions',
 }

backend/src/users/api/users.controller.ts

@@ -20,7 +20,6 @@ import { PaginationDtoMapper } from 'src/util/pagination/mapper/pagination.mappe
 import { PermissionEnum } from '../enums/permission.enum';
 import { ToggleStatusRequest } from '../api/request/toggle-status.request';
 import { UserStatusEnum } from '../enums/user-status.enum';
-import { UpdateRoleAndPermissionsRequest } from '../api/request/update-role-and-permissions.request';
 @Injectable()
 export class UsersFacade {
   private logger = new Logger(UsersService.name);
@@ -132,13 +131,4 @@ export class UsersFacade {
       );
     }
   }
-
-  async updateUserRoleAndPermissions(
-    updateRoleAndPermissionsRequest: UpdateRoleAndPermissionsRequest,
-  ): Promise<UserResponse> {
-    const user = await this.usersService.updateUserRoleAndPermissions(
-      updateRoleAndPermissionsRequest,
-    );
-    return UserMapper.mapUserDtoToResponse(user);
-  }
 }

backend/src/users/entities/user.entity.ts

@@ -28,7 +28,6 @@ import { PaginationEntityMapper } from 'src/util/pagination/mapper/pagination.ma
 import { Paginator } from 'src/util/pagination/paginator';
 import { RoleFactory } from '../role/role.factory';
 import { PermissionEnum } from '../enums/permission.enum';
-import { UpdateRoleAndPermissionsRequest } from '../api/request/update-role-and-permissions.request';
 
 @Injectable()
 export class UsersService {
@@ -293,48 +292,4 @@ export class UsersService {
     const user = await this.findEntityById(userId);
     await this.userRepository.remove(user);
   }
-
-  async updateUserRoleAndPermissions(
-    updateRoleAndPermissionsRequest: UpdateRoleAndPermissionsRequest,
-  ): Promise<UserDto> {
-    const user = await this.findEntityById(
-      updateRoleAndPermissionsRequest.userId,
-    );
-    if (user.role.code === RoleEnum.SUPER_ADMIN) {
-      throw new ForbiddenException(`You have no permission for this action`);
-    }
-    const role = await this.findRoleByCode(
-      updateRoleAndPermissionsRequest.newRole,
-    );
-    this.validatePermissionsForRole(
-      role,
-      updateRoleAndPermissionsRequest.newPermissions,
-    );
-
-    user.role = role;
-    if (updateRoleAndPermissionsRequest.newPermissions) {
-      const newPermissions = await this.getUserPermissions(
-        updateRoleAndPermissionsRequest.newPermissions,
-      );
-      user.permissions = newPermissions;
-    }
-    await this.userRepository.save(user);
-
-    return UserMapper.userToDto(user);
-  }
-
-  private validatePermissionsForRole(role: Role, permissions: string[]): void {
-    if (role.code === 'admin' && permissions.length === 0) {
-      throw new BadRequestException(`At least one permission is required`);
-    }
-    const allowedPermissions = role.permissions?.map(
-      (permission) => permission.code,
-    );
-    const isAllowed = permissions.every((perm) =>
-      allowedPermissions.includes(perm),
-    );
-    if (!isAllowed) {
-      throw new BadRequestException(`Permissions aren't allowed for this role`);
-    }
-  }
 }