fix error handling and displaying on membership PUT and DELETE; don't allow to change your own role; require at least one admin
This commit is contained in:
parent
c05afaba8a
commit
16ffecdb16
@ -91,7 +91,7 @@ module.exports = {
|
||||
user_id: Sequelize.STRING,
|
||||
role: Sequelize.STRING,
|
||||
code: Sequelize.STRING,
|
||||
state: {type: Sequelize.STRING, defaultValue: "pending"},
|
||||
state: {type: Sequelize.STRING, defaultValue: "pending"}, // valid: "pending", "active"
|
||||
email_invited: Sequelize.STRING,
|
||||
created_at: {type: Sequelize.DATE, defaultValue: Sequelize.NOW},
|
||||
updated_at: {type: Sequelize.DATE, defaultValue: Sequelize.NOW}
|
||||
|
@ -776,9 +776,12 @@ var SpacedeckSpaces = {
|
||||
this.invite_message = "";
|
||||
}
|
||||
}.bind(this), function(xhr){
|
||||
|
||||
text = JSON.stringify(xhr.responseText);
|
||||
smoke.alert("Error: "+text);
|
||||
try {
|
||||
var res = JSON.parse(xhr.response);
|
||||
alert("Error: "+res.error);
|
||||
} catch (e) {
|
||||
console.error(e, xhr);
|
||||
}
|
||||
}.bind(this));
|
||||
}.bind(this));
|
||||
},
|
||||
@ -786,9 +789,13 @@ var SpacedeckSpaces = {
|
||||
update_member: function(space, m, role) {
|
||||
m.role = role;
|
||||
save_membership(space, m, function() {
|
||||
console.log("saved")
|
||||
}.bind(this), function(xhr) {
|
||||
console.error(xhr);
|
||||
try {
|
||||
var res = JSON.parse(xhr.response);
|
||||
alert("Error: "+res.error);
|
||||
} catch (e) {
|
||||
console.error(e, xhr);
|
||||
}
|
||||
}.bind(this));
|
||||
},
|
||||
|
||||
@ -797,7 +804,12 @@ var SpacedeckSpaces = {
|
||||
delete_membership(space, m, function() {
|
||||
this.access_settings_memberships.splice(this.access_settings_memberships.indexOf(m), 1);
|
||||
}.bind(this), function(xhr) {
|
||||
console.error(xhr);
|
||||
try {
|
||||
var res = JSON.parse(xhr.response);
|
||||
alert("Error: "+res.error);
|
||||
} catch (e) {
|
||||
console.error(e, xhr);
|
||||
}
|
||||
}.bind(this));
|
||||
},
|
||||
|
||||
|
@ -45,10 +45,12 @@ router.post('/', function(req, res, next) {
|
||||
"email": membership.email_invited
|
||||
}}).then(function(user) {
|
||||
|
||||
// existing user? then immediately activate membership
|
||||
if (user) {
|
||||
membership.user_id = user._id;
|
||||
membership.state = "active";
|
||||
} else {
|
||||
// if not, invite via email and invite code
|
||||
membership.code = crypto.randomBytes(64).toString('hex').substring(0, 12);
|
||||
}
|
||||
|
||||
@ -102,11 +104,18 @@ router.put('/:membership_id', function(req, res, next) {
|
||||
_id: req.params.membership_id
|
||||
}}).then(function(mem) {
|
||||
if (mem) {
|
||||
var attrs = req.body;
|
||||
mem.role = attrs.role;
|
||||
mem.save(function() {
|
||||
res.status(201).json(mem);
|
||||
});
|
||||
// is the user trying to change their own role?
|
||||
if (mem.user_id == req.user._id) {
|
||||
res.status(400).json({
|
||||
"error": "Cannot change your own role."
|
||||
});
|
||||
} else {
|
||||
var attrs = req.body;
|
||||
mem.role = attrs.role;
|
||||
mem.save(function() {
|
||||
res.status(201).json(mem);
|
||||
});
|
||||
}
|
||||
}
|
||||
});
|
||||
} else {
|
||||
@ -118,13 +127,25 @@ router.put('/:membership_id', function(req, res, next) {
|
||||
});
|
||||
|
||||
router.delete('/:membership_id', function(req, res, next) {
|
||||
if (req.user) {
|
||||
db.Membership.findOne({ where: {
|
||||
_id: req.params.membership_id
|
||||
}}).then(function(mem) {
|
||||
mem.destroy().then(function() {
|
||||
res.sendStatus(204);
|
||||
});
|
||||
if (req.user && req.spaceRole == 'admin') {
|
||||
db.Membership.count({ where: {
|
||||
space_id: req.space._id,
|
||||
role: "admin"
|
||||
}}).then(function(adminCount) {
|
||||
db.Membership.findOne({ where: {
|
||||
_id: req.params.membership_id
|
||||
}}).then(function(mem) {
|
||||
// deleting an admin? need at least 1
|
||||
if (mem.role != "admin" || adminCount > 1) {
|
||||
mem.destroy().then(function() {
|
||||
res.sendStatus(204);
|
||||
});
|
||||
} else {
|
||||
res.status(400).json({
|
||||
"error": "Space needs at least one administrator."
|
||||
});
|
||||
}
|
||||
})
|
||||
});
|
||||
} else {
|
||||
res.sendStatus(403);
|
||||
|
@ -168,12 +168,15 @@ router.post('/', function(req, res, next) {
|
||||
attrs.edit_slug = slug(attrs.name);
|
||||
|
||||
db.Space.create(attrs).then(createdSpace => {
|
||||
//if (err) res.sendStatus(400);
|
||||
res.status(201).json(createdSpace);
|
||||
|
||||
// create initial admin membership
|
||||
var membership = {
|
||||
_id: uuidv4(),
|
||||
user_id: req.user._id,
|
||||
space_id: attrs._id,
|
||||
role: "admin"
|
||||
role: "admin",
|
||||
state: "active"
|
||||
};
|
||||
|
||||
db.Membership.create(membership).then(() => {
|
||||
|
Loading…
Reference in New Issue
Block a user