yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Unable to delete user via API (#3619)

Browse Source 
Remove requirement to pass 'confirmation' to users.delete
closes #3604
This commit is contained in:
Tom Moor
2022-06-02 12:56:27 -07:00
committed by GitHub
parent 68dd76cfa3
commit 2d7dd558a1
5 changed files with 13 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/menus/UserMenu.tsx
View File

@@ -108,9 +108,7 @@ function UserMenu({ user }: Props) {
const handleRevoke = React.useCallback( const handleRevoke = React.useCallback(
(ev: React.SyntheticEvent) => { (ev: React.SyntheticEvent) => {
ev.preventDefault(); ev.preventDefault();
users.delete(user, { users.delete(user);
confirmation: true,
});
}, },
[users, user] [users, user]
); );

4
app/stores/AuthStore.ts
View File

@@ -200,9 +200,7 @@ export default class AuthStore {
@action @action
deleteUser = async () => { deleteUser = async () => {
await client.post(`/users.delete`, { await client.post(`/users.delete`);
confirmation: true,
});
runInAction("AuthStore#updateUser", () => { runInAction("AuthStore#updateUser", () => {
this.user = null; this.user = null;
this.team = null; this.team = null;

4
server/policies/user.ts
View File

@@ -28,7 +28,7 @@ allow(User, "update", User, (actor, user) => {
return true; return true;
} }
throw AdminRequiredError(); return false;
}); });
allow(User, "delete", User, (actor, user) => { allow(User, "delete", User, (actor, user) => {
@@ -38,7 +38,7 @@ allow(User, "delete", User, (actor, user) => {
if (user.id === actor.id) { if (user.id === actor.id) {
return true; return true;
} }
if (actor.isAdmin && !user.lastActiveAt) { if (actor.isAdmin) {
return true; return true;
} }

30
server/routes/api/users.test.ts
View File

@@ -299,16 +299,6 @@ describe("#users.invite", () => {
}); });
describe("#users.delete", () => { describe("#users.delete", () => {
it("should not allow deleting without confirmation", async () => {
const user = await buildUser();
const res = await server.post("/api/users.delete", {
body: {
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
});
it("should not allow deleting last admin if many users", async () => { it("should not allow deleting last admin if many users", async () => {
const user = await buildAdmin(); const user = await buildAdmin();
await buildUser({ await buildUser({
@@ -318,13 +308,12 @@ describe("#users.delete", () => {
const res = await server.post("/api/users.delete", { const res = await server.post("/api/users.delete", {
body: { body: {
token: user.getJwtToken(), token: user.getJwtToken(),
confirmation: true,
}, },
}); });
expect(res.status).toEqual(400); expect(res.status).toEqual(400);
}); });
it("should allow deleting user account with confirmation", async () => { it("should allow deleting user account", async () => {
const user = await buildUser(); const user = await buildUser();
await buildUser({ await buildUser({
teamId: user.teamId, teamId: user.teamId,
@@ -332,30 +321,28 @@ describe("#users.delete", () => {
const res = await server.post("/api/users.delete", { const res = await server.post("/api/users.delete", {
body: { body: {
token: user.getJwtToken(), token: user.getJwtToken(),
confirmation: true,
}, },
}); });
expect(res.status).toEqual(200); expect(res.status).toEqual(200);
}); });
it("should allow deleting pending user account with admin", async () => { it("should allow deleting user account with admin", async () => {
const user = await buildAdmin(); const admin = await buildAdmin();
const pending = await buildUser({ const user = await buildUser({
teamId: user.teamId, teamId: admin.teamId,
lastActiveAt: null, lastActiveAt: null,
}); });
const res = await server.post("/api/users.delete", { const res = await server.post("/api/users.delete", {
body: { body: {
token: user.getJwtToken(), token: admin.getJwtToken(),
id: pending.id, id: user.id,
confirmation: true,
}, },
}); });
expect(res.status).toEqual(200); expect(res.status).toEqual(200);
}); });
it("should not allow deleting another user account", async () => { it("should not allow deleting another user account", async () => {
const user = await buildAdmin(); const user = await buildUser();
const user2 = await buildUser({ const user2 = await buildUser({
teamId: user.teamId, teamId: user.teamId,
}); });
@@ -363,7 +350,6 @@ describe("#users.delete", () => {
body: { body: {
token: user.getJwtToken(), token: user.getJwtToken(),
id: user2.id, id: user2.id,
confirmation: true,
}, },
}); });
expect(res.status).toEqual(403); expect(res.status).toEqual(403);

3
server/routes/api/users.ts
View File

@@ -355,8 +355,7 @@ router.post("users.resendInvite", auth(), async (ctx) => {
}); });
router.post("users.delete", auth(), async (ctx) => { router.post("users.delete", auth(), async (ctx) => {
const { confirmation, id } = ctx.body; const { id } = ctx.body;
assertPresent(confirmation, "confirmation is required");
const actor = ctx.state.user; const actor = ctx.state.user;
let user = actor; let user = actor;