solve conflicts

TogetherCrew · Apr 15, 2024 · cc2adb4 · cc2adb4
2 parents ae3baff + 9d8fa6d
commit cc2adb4
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 7 deletions.
diff --git a/__tests__/integration/community.test.ts b/__tests__/integration/community.test.ts
@@ -619,6 +619,40 @@
 //         .expect(httpStatus.FORBIDDEN);
 //     });
 
+//     test('should return 400 when admin users trys to revoke admin role from themselves', async () => {
+//       await insertCommunities([communityOne, communityTwo, communityThree]);
+//       await insertUsers([userOne, userTwo]);
+//       await insertPlatforms([platformOne, platformTwo, platformThree]);
+//       await insertGuildMembers(
+//         [discordGuildMember1, discordGuildMember2, discordGuildMember3, discordGuildMember4],
+//         connection,
+//       );
+//       await insertRoles([discordRole1, discordRole2, discordRole3, discordRole4], connection);
+
+//       const res1 = await request(app)
+//         .patch(`/api/v1/communities/${communityOne._id}`)
+//         .set('Authorization', `Bearer ${userTwoAccessToken}`)
+//         .send({ roles: [] })
+//         .expect(httpStatus.BAD_REQUEST);
+
+//       const res2 = await request(app)
+//         .patch(`/api/v1/communities/${communityOne._id}`)
+//         .set('Authorization', `Bearer ${userTwoAccessToken}`)
+//         .send({
+//           roles: [{
+//             roleType: 'admin',
+//             source: {
+//               platform: 'discord',
+//               identifierType: 'member',
+//               identifierValues: [userOne.discordId],
+//               platformId: platformOne._id,
+//             },
+//           },]
+//         })
+//         .expect(httpStatus.BAD_REQUEST);
+
+//     });
+
 //     test('should return 400 error if communityId is not a valid mongo id', async () => {
 //       await insertUsers([userOne]);
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/src/controllers/community.controller.ts b/src/controllers/community.controller.ts
@@ -43,6 +43,9 @@ const getCommunity = catchAsync(async function (req: IAuthRequest, res: Response
   res.send(community);
 });
 const updateCommunity = catchAsync(async function (req: IAuthRequest, res: Response) {
+  if (req.body.roles && req.community) {
+    await communityService.validateRoleChanges(req.user, req.community, req.body.roles);
+  }
   const community = await communityService.updateCommunityByFilter({ _id: req.params.communityId }, req.body);
   res.send(community);
 });

diff --git a/src/services/community.service.ts b/src/services/community.service.ts
@@ -1,7 +1,15 @@
 import { HydratedDocument, Types } from 'mongoose';
 import httpStatus from 'http-status';
-import { Community, ICommunity, DatabaseManager, GuildMember, IRole } from '@togethercrew.dev/db';
-import ApiError from '../utils/ApiError';
+import {
+  Community,
+  ICommunity,
+  DatabaseManager,
+  GuildMember,
+  IRole,
+  IUser,
+  ICommunityRoles,
+} from '@togethercrew.dev/db';
+import { ApiError, roleUtil } from '../utils';
 import guildMemberService from './discord/guildMember.service';
 import roleService from './discord/role.service';
 import platformService from './platform.service';
@@ -147,6 +155,27 @@ const populateRoles = async (community: HydratedDocument<ICommunity>): Promise<H
   return community;
 };
 
+/**
+ * Validates role changes to ensure an admin cannot revoke their own admin role
+ * @param {HydratedDocument<IUser>} user - The user object representing the current user
+ * @param {HydratedDocument<ICommunity>} community - The community document
+ * @param {string[]} newRoles - The new roles to be assigned to the community
+ * @throws {ApiError} If an admin tries to revoke their own admin role
+ */
+const validateRoleChanges = async (
+  user: HydratedDocument<IUser>,
+  community: HydratedDocument<ICommunity>,
+  newRoles: ICommunityRoles[],
+): Promise<void> => {
+  const initialUserRoles: string[] = await roleUtil.getUserRolesForCommunity(user, community);
+  const originalRoles = community.roles;
+  community.roles = newRoles;
+  const updatedUserRoles: string[] = await roleUtil.getUserRolesForCommunity(user, community);
+  community.roles = originalRoles;
+  if (initialUserRoles.includes('admin') && !updatedUserRoles.includes('admin')) {
+    throw new ApiError(httpStatus.BAD_REQUEST, 'Admin role cannot be revoked by the user themselves.');
+  }
+};
 export default {
   createCommunity,
   queryCommunities,
@@ -157,4 +186,5 @@ export default {
   deleteCommunityByFilter,
   addPlatformToCommunityById,
   populateRoles,
+  validateRoleChanges,
 };
diff --git a/src/services/platform.service.ts b/src/services/platform.service.ts
@@ -106,7 +106,7 @@ const updatePlatform = async (
       created: false,
       discordId: userDiscordId,
       message:
-        'Your data import into TogetherCrew is complete! See your insights on your dashboard https://app.togethercrew.com/',
+        'Your data import into TogetherCrew is complete! See your insights on your dashboard https://app.togethercrew.com/. If you have questions send a DM to katerinabc (Discord) or k_bc0 (Telegram).',
       useFallback: true,
     });
   }