Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix/user update fails #670

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix/user update fails #670

wants to merge 3 commits into from

Conversation

iandebruin98
Copy link
Contributor

Deze PR lost de volgende punten op

  • Gebruiker bewerken zorgt voor API crash
  • Het bewerken van gegevens gaat niet altijd goed, als je alleen de naam wilt wijzigen krijg je soms een error

En wellicht deze:

  • Soms als je de admin-rol toewijst voor een project, dan verandert deze naar de Gebruiker rol, waardoor deze persoon niet in kan loggen als admin.

rudivanhierden
rudivanhierden requested changes Oct 31, 2024
View reviewed changes
apps/api-server/src/models/User.js
Comment on lines -48 to -92
/**
* In case of setting the role
* Admin are allowed to set all roles, but moderators only are allowed
* to set members.
*
* @param actionUserRole
* @param action (c)
* @param user ()
* @param self (user model)
* @param project (project on which model is queried)
*/
authorizeData: function(actionUserRole, action, user, self, project) {
if (!self) return;

const updateAllRoles = ['admin'];
const updateMemberRoles = ['moderator'];
const fallBackRole = 'anonymous';
const memberRole = 'member';

// this is the role for User on which action is performed, not of the user doing the update
actionUserRole = actionUserRole || self.role;

// by default return anonymous role if none of the conditions are met
let roleToReturn;

// only for create and update check if allowed, the other option, view and list
// for now its ok if a the public sees the role
// for fields no DELETE action exists
if (action === 'create' || action === 'update') {
// if user is allowed to update all status
if (userHasRole(user, updateAllRoles)) {
roleToReturn = actionUserRole;
// check if active user is allowed to set user's role to member
} else if (userHasRole(user, updateMemberRoles) && actionUserRole === memberRole) {
roleToReturn = actionUserRole;
} else {
roleToReturn = fallBackRole;
}

} else {
roleToReturn = actionUserRole;
}

return roleToReturn;
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moet dit er niet in blijven? Lijkt me op zich wel een goede functionaliteit?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rudivanhierden rudivanhierden rudivanhierden requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iandebruin98 @rudivanhierden