Add updateRole endpoint (#6771)
This commit is contained in:
Tom Moor
GitHub
@@ -1,33 +0,0 @@
|
||||
import { CollectionPermission, UserRole } from "@shared/types";
|
||||
import { UserMembership } from "@server/models";
|
||||
import { buildUser, buildAdmin, buildCollection } from "@server/test/factories";
|
||||
import userDemoter from "./userDemoter";
|
||||
|
||||
describe("userDemoter", () => {
|
||||
const ip = "127.0.0.1";
|
||||
|
||||
it("should change role and associated collection permissions", async () => {
|
||||
const admin = await buildAdmin();
|
||||
const user = await buildUser({ teamId: admin.teamId });
|
||||
const collection = await buildCollection({ teamId: admin.teamId });
|
||||
|
||||
const membership = await UserMembership.create({
|
||||
createdById: admin.id,
|
||||
userId: user.id,
|
||||
collectionId: collection.id,
|
||||
permission: CollectionPermission.ReadWrite,
|
||||
});
|
||||
|
||||
await userDemoter({
|
||||
user,
|
||||
actorId: admin.id,
|
||||
to: UserRole.Viewer,
|
||||
ip,
|
||||
});
|
||||
|
||||
expect(user.isViewer).toEqual(true);
|
||||
|
||||
await membership.reload();
|
||||
expect(membership.permission).toEqual(CollectionPermission.Read);
|
||||
});
|
||||
});
|
||||
@@ -1,41 +0,0 @@
|
||||
import { Transaction } from "sequelize";
|
||||
import { UserRole } from "@shared/types";
|
||||
import { ValidationError } from "@server/errors";
|
||||
import { Event, User } from "@server/models";
|
||||
import CleanupDemotedUserTask from "@server/queues/tasks/CleanupDemotedUserTask";
|
||||
|
||||
type Props = {
|
||||
user: User;
|
||||
actorId: string;
|
||||
to: UserRole;
|
||||
transaction?: Transaction;
|
||||
ip: string;
|
||||
};
|
||||
|
||||
export default async function userDemoter({
|
||||
user,
|
||||
actorId,
|
||||
to,
|
||||
transaction,
|
||||
ip,
|
||||
}: Props) {
|
||||
if (user.id === actorId) {
|
||||
throw ValidationError("Unable to demote the current user");
|
||||
}
|
||||
|
||||
await user.demote(to, { transaction });
|
||||
await Event.create(
|
||||
{
|
||||
name: "users.demote",
|
||||
actorId,
|
||||
userId: user.id,
|
||||
teamId: user.teamId,
|
||||
data: {
|
||||
name: user.name,
|
||||
},
|
||||
ip,
|
||||
},
|
||||
{ transaction }
|
||||
);
|
||||
await CleanupDemotedUserTask.schedule({ userId: user.id });
|
||||
}
|
||||
Reference in New Issue
Block a user