From d316ef5cc9c3449fbdbf7b221b55ae4708037493 Mon Sep 17 00:00:00 2001 From: Ramaruva Date: Fri, 19 Jul 2024 09:54:07 -0500 Subject: [PATCH 1/2] feat(userProfile): add route and controller for updating team code - Added a new route in - Added controller method in - Controller method includes role and permission checks and updates user team codes in bulk --- src/controllers/userProfileController.js | 19 +++++++++++++++++++ src/routes/userProfileRouter.js | 2 ++ 2 files changed, 21 insertions(+) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 5edd67022..ad8447b02 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -932,6 +932,24 @@ const userProfileController = function (UserProfile) { .catch((error) => res.status(500).send(error)); }; + const updateAllMembersTeamCode = async (req, res) => { + const canEditTeamCode = + req.body.requestor.role === 'Owner' || + req.body.requestor.role === 'Administrator' || + req.body.requestor.permissions?.frontPermissions.includes('editTeamCode'); + if (!canEditTeamCode) { + res.status(403).send('You are not authorized to edit team code.'); + return; + } + const { userIds, replaceCode } = req.body; + if (userIds === null || userIds.length <= 0 || replaceCode === undefined) { + return res.status(400).send({ error: 'Missing property or value' }); + } + return UserProfile.updateMany({ _id: { $in: userIds } }, { $set: { teamCode: replaceCode } }) + .then((result) => res.status(200).send({ isUpdated: result.nModified > 0 })) + .catch((error) => res.status(500).send(error)); + }; + const updatepassword = async function (req, res) { const { userId } = req.params; const { requestor } = req.body; @@ -1511,6 +1529,7 @@ const userProfileController = function (UserProfile) { getUserById, getreportees, updateOneProperty, + updateAllMembersTeamCode, updatepassword, getUserName, getTeamMembersofUser, diff --git a/src/routes/userProfileRouter.js b/src/routes/userProfileRouter.js index 42b5474c7..0adf163ee 100644 --- a/src/routes/userProfileRouter.js +++ b/src/routes/userProfileRouter.js @@ -84,6 +84,8 @@ const routes = function (userProfile) { userProfileRouter.route('/userProfile/:userId/property').patch(controller.updateOneProperty); + userProfileRouter.route('/AllTeamCodeChanges').patch(controller.updateAllMembersTeamCode); + userProfileRouter.route('/userProfile/:userId/updatePassword').patch(controller.updatepassword); userProfileRouter.route('/userProfile/:userId/resetPassword').patch(controller.resetPassword); From 29e89f8a174c4f52c9e8d3c6fedf55967af9ad9f Mon Sep 17 00:00:00 2001 From: Ramaruva Date: Mon, 19 Aug 2024 15:48:54 -0500 Subject: [PATCH 2/2] refactor(userProfileController): replace role-based permission check with hasPermission function --- src/controllers/userProfileController.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index ad8447b02..0ae190103 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -933,10 +933,7 @@ const userProfileController = function (UserProfile) { }; const updateAllMembersTeamCode = async (req, res) => { - const canEditTeamCode = - req.body.requestor.role === 'Owner' || - req.body.requestor.role === 'Administrator' || - req.body.requestor.permissions?.frontPermissions.includes('editTeamCode'); + const canEditTeamCode = await hasPermission(req.body.requestor, 'editTeamCode'); if (!canEditTeamCode) { res.status(403).send('You are not authorized to edit team code.'); return;