yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Cleanup api keys and webhooks for suspended users (#3756)

Browse Source
This commit is contained in:
Tom Moor
2022-07-13 09:59:31 +02:00
committed by GitHub
parent d1b01d28e6
commit 47e73cee4e
11 changed files with 264 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/routes/api/users.ts
View File

@@ -1,5 +1,6 @@
import Router from "koa-router";
import { Op, WhereOptions } from "sequelize";
import userDemoter from "@server/commands/userDemoter";
import userDestroyer from "@server/commands/userDestroyer";
import userInviter from "@server/commands/userInviter";
import userSuspender from "@server/commands/userSuspender";
@@ -10,7 +11,7 @@ import { ValidationError } from "@server/errors";
import logger from "@server/logging/Logger";
import auth from "@server/middlewares/authentication";
import { Event, User, Team } from "@server/models";
import { UserFlag } from "@server/models/User";
import { UserFlag, UserRole } from "@server/models/User";
import { can, authorize } from "@server/policies";
import { presentUser, presentPolicies } from "@server/presenters";
import {
@@ -223,23 +224,21 @@ router.post("users.promote", auth(), async (ctx) => {
router.post("users.demote", auth(), async (ctx) => {
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
let { to } = ctx.body;
const actor = ctx.state.user;
const actor = ctx.state.user as User;
assertPresent(userId, "id is required");
to = to === "viewer" ? "viewer" : "member";
const user = await User.findByPk(userId);
to = (to === "viewer" ? "viewer" : "member") as UserRole;
const user = await User.findByPk(userId, {
rejectOnEmpty: true,
});
authorize(actor, "demote", user);
await user.demote(teamId, to);
await Event.create({
name: "users.demote",
await userDemoter({
to,
user,
actorId: actor.id,
userId,
teamId,
data: {
name: user.name,
},
ip: ctx.request.ip,
});
const includeDetails = can(actor, "readDetails", user);
@@ -256,7 +255,9 @@ router.post("users.suspend", auth(), async (ctx) => {
const userId = ctx.body.id;
const actor = ctx.state.user;
assertPresent(userId, "id is required");
const user = await User.findByPk(userId);
const user = await User.findByPk(userId, {
rejectOnEmpty: true,
});
authorize(actor, "suspend", user);
await userSuspender({