Team details settings page
This commit is contained in:
Tom Moor
@@ -1,13 +1,33 @@
|
||||
// @flow
|
||||
import Router from 'koa-router';
|
||||
import { User } from '../models';
|
||||
import { User, Team } from '../models';
|
||||
import { publicS3Endpoint } from '../utils/s3';
|
||||
|
||||
import auth from '../middlewares/authentication';
|
||||
import pagination from './middlewares/pagination';
|
||||
import { presentUser } from '../presenters';
|
||||
import { presentUser, presentTeam } from '../presenters';
|
||||
import policy from '../policies';
|
||||
|
||||
const { authorize } = policy;
|
||||
const router = new Router();
|
||||
|
||||
router.post('team.update', auth(), async ctx => {
|
||||
const { name, avatarUrl } = ctx.body;
|
||||
const endpoint = publicS3Endpoint();
|
||||
|
||||
const user = ctx.state.user;
|
||||
const team = await Team.findById(user.teamId);
|
||||
authorize(user, 'update', team);
|
||||
|
||||
if (name) team.name = name;
|
||||
if (avatarUrl && avatarUrl.startsWith(`${endpoint}/uploads/${user.id}`)) {
|
||||
team.avatarUrl = avatarUrl;
|
||||
}
|
||||
await team.save();
|
||||
|
||||
ctx.body = { data: await presentTeam(ctx, team) };
|
||||
});
|
||||
|
||||
router.post('team.users', auth(), pagination(), async ctx => {
|
||||
const user = ctx.state.user;
|
||||
|
||||
|
||||
@@ -21,11 +21,10 @@ router.post('user.update', auth(), async ctx => {
|
||||
const endpoint = publicS3Endpoint();
|
||||
|
||||
if (name) user.name = name;
|
||||
if (
|
||||
avatarUrl &&
|
||||
avatarUrl.startsWith(`${endpoint}/uploads/${ctx.state.user.id}`)
|
||||
)
|
||||
if (avatarUrl && avatarUrl.startsWith(`${endpoint}/uploads/${user.id}`)) {
|
||||
user.avatarUrl = avatarUrl;
|
||||
}
|
||||
|
||||
await user.save();
|
||||
|
||||
ctx.body = { data: await presentUser(ctx, user) };
|
||||
|
||||
@@ -17,5 +17,6 @@ allow(
|
||||
allow(User, 'delete', Collection, (user, collection) => {
|
||||
if (!collection || user.teamId !== collection.teamId) return false;
|
||||
if (user.id === collection.creatorId) return true;
|
||||
if (!user.isAdmin) throw new AdminRequiredError();
|
||||
if (user.isAdmin) return true;
|
||||
throw new AdminRequiredError();
|
||||
});
|
||||
|
||||
@@ -6,5 +6,6 @@ import './document';
|
||||
import './integration';
|
||||
import './share';
|
||||
import './user';
|
||||
import './team';
|
||||
|
||||
export default policy;
|
||||
|
||||
14
server/policies/team.js
Normal file
14
server/policies/team.js
Normal file
@@ -0,0 +1,14 @@
|
||||
// @flow
|
||||
import policy from './policy';
|
||||
import { Team, User } from '../models';
|
||||
import { AdminRequiredError } from '../errors';
|
||||
|
||||
const { allow } = policy;
|
||||
|
||||
allow(User, 'read', Team, (user, team) => team && user.teamId === team.id);
|
||||
|
||||
allow(User, 'update', Team, (user, team) => {
|
||||
if (!team || user.teamId !== team.id) return false;
|
||||
if (user.isAdmin) return true;
|
||||
throw new AdminRequiredError();
|
||||
});
|
||||
Reference in New Issue
Block a user