forked from kaverti/website
Team admin role check when using Team Admin APIs
(with terrible implementation because of my original terrible implementation of roles, you won't believe how many lines it is just to check whether a user has a role with admin, 56 lines!)
This commit is contained in:
parent
f37cd40068
commit
2fd6a371fc
|
@ -1,6 +1,6 @@
|
|||
<template>
|
||||
<main>
|
||||
<modal-window v-if="team.Role.name" v-model='showRoleInfo' :loading='loading' style='z-index: 99; '>
|
||||
<modal-window v-if="team.Role" v-model='showRoleInfo' :loading='loading' style='z-index: 99; '>
|
||||
<div slot="header">
|
||||
Viewing {{team.Role.name}} <b-tooltip class="is-info" label="You are viewing the permissions that this Auto Role provides">
|
||||
<b-tag class="is-info" rounded><i class="fas fa-info-circle"></i></b-tag>
|
||||
|
@ -43,7 +43,7 @@
|
|||
{{ team.Team.name }}
|
||||
</h1>
|
||||
<h2>by {{team.User.username}}</h2>
|
||||
<h2 v-if="team.Role.name">and you will be assigned the {{team.Role.name}} role automatically. <b-button @click="showRoleInfo = true">View role info</b-button></h2>
|
||||
<h2 v-if="team.Role">and you will be assigned the {{team.Role.name}} role automatically. <b-button @click="showRoleInfo = true">View role info</b-button></h2>
|
||||
<b-button @click="joinTeam">Join {{team.Team.name}}</b-button>
|
||||
</div>
|
||||
<div class="container" v-if="expired && !loading">
|
||||
|
@ -74,9 +74,6 @@ export default {
|
|||
Team: {
|
||||
name: '',
|
||||
username: ''
|
||||
},
|
||||
Role: {
|
||||
name: ''
|
||||
}
|
||||
},
|
||||
showRoleInfo: false,
|
||||
|
@ -144,13 +141,9 @@ export default {
|
|||
},
|
||||
joinTeam () {
|
||||
this.axios
|
||||
.put(process.env.VUE_APP_APIENDPOINT + process.env.VUE_APP_APIVERSION + '/' + 'teams/join/' + this.user.username)
|
||||
.post(process.env.VUE_APP_APIENDPOINT + process.env.VUE_APP_APIVERSION + '/' + 'teams/invite/' + this.$route.params.code)
|
||||
.then(() => {
|
||||
this.axios
|
||||
.get(process.env.VUE_APP_APIENDPOINT + process.env.VUE_APP_APIVERSION + '/' + 'teams/check/' + this.$route.params.username)
|
||||
.then(res => {
|
||||
this.joined = res.data.success
|
||||
})
|
||||
this.$router.push('/t/' + this.team.Team.username)
|
||||
})
|
||||
.catch(e => {
|
||||
AjaxErrorHandler(this.$store)(e)
|
||||
|
|
|
@ -71,6 +71,10 @@ let Errors = {
|
|||
'This Team is invite only',
|
||||
401
|
||||
],
|
||||
unableToUpdateRole: [
|
||||
'You cannot update this role',
|
||||
400
|
||||
],
|
||||
invalidInvite: [
|
||||
'This Team invite is invalid.',
|
||||
401
|
||||
|
|
|
@ -540,15 +540,16 @@ router.post('/invite/:code', auth, async(req, res, next) => {
|
|||
if (teamJoinTest) {
|
||||
throw Errors.joinedTeam
|
||||
}
|
||||
if(code.maxUses >= code.uses) {
|
||||
throw Errors.inviteInvalid
|
||||
if(code.maxUses > 0 && code.maxUses === code.uses) {
|
||||
console.log('failed at maxUses over code.uses')
|
||||
throw Errors.invalidInvite
|
||||
} else if(code.maxUses === 0) {
|
||||
let role = await TeamRoles.findOne({
|
||||
where: {teamId: team.id, name: "Members"}
|
||||
})
|
||||
if(code.RoleId >= 0) {
|
||||
let roleLookup = await TeamInvite.findOne({
|
||||
where: {code: req.body.RoleId, TeamId: team.id}
|
||||
if(code.RoleId > 0) {
|
||||
let roleLookup = await TeamRoles.findOne({
|
||||
where: {id: code.RoleId, TeamId: team.id}
|
||||
})
|
||||
if(roleLookup) {
|
||||
let join = {
|
||||
|
@ -556,13 +557,15 @@ router.post('/invite/:code', auth, async(req, res, next) => {
|
|||
teamId: team.id,
|
||||
roles: {"deprecated": "deprecated"}
|
||||
}
|
||||
console.log(role)
|
||||
let roleUser = {
|
||||
UserId: req.userData.UserId,
|
||||
TeamId: team.id,
|
||||
RoleId: role.id,
|
||||
Role2Id: roleLookup.id
|
||||
}
|
||||
await TeamInvite.update({ uses: + 1}, {
|
||||
where: {id: code.id, TeamId: team.id}
|
||||
})
|
||||
await TeamMembers.create(join)
|
||||
await TeamMemberRole.create(roleUser)
|
||||
res.status(200)
|
||||
|
@ -579,6 +582,9 @@ router.post('/invite/:code', auth, async(req, res, next) => {
|
|||
TeamId: team.id,
|
||||
RoleId: role.id
|
||||
}
|
||||
await TeamInvite.update({ uses: + 1}, {
|
||||
where: {id: code.id, TeamId: team.id}
|
||||
})
|
||||
await TeamMembers.create(join)
|
||||
await TeamMemberRole.create(roleUser)
|
||||
res.status(200)
|
||||
|
@ -590,12 +596,14 @@ router.post('/invite/:code', auth, async(req, res, next) => {
|
|||
teamId: team.id,
|
||||
roles: {"deprecated": "deprecated"}
|
||||
}
|
||||
console.log(role)
|
||||
let roleUser = {
|
||||
UserId: req.userData.UserId,
|
||||
TeamId: team.id,
|
||||
RoleId: role.id
|
||||
}
|
||||
await TeamInvite.update({ uses: + 1}, {
|
||||
where: {id: code.id, TeamId: team.id}
|
||||
})
|
||||
await TeamMembers.create(join)
|
||||
await TeamMemberRole.create(roleUser)
|
||||
res.status(200)
|
||||
|
@ -610,21 +618,25 @@ router.post('/invite/:code', auth, async(req, res, next) => {
|
|||
teamId: team.id,
|
||||
roles: {"deprecated": "deprecated"}
|
||||
}
|
||||
console.log(role)
|
||||
let roleUser = {
|
||||
UserId: req.userData.UserId,
|
||||
TeamId: team.id,
|
||||
RoleId: role.id,
|
||||
}
|
||||
await TeamInvite.update({ uses: + 1}, {
|
||||
where: {id: code.id, TeamId: team.id}
|
||||
})
|
||||
await TeamMembers.create(join)
|
||||
await TeamMemberRole.create(roleUser)
|
||||
res.status(200)
|
||||
res.json({success: true})
|
||||
} else {
|
||||
throw Errors.inviteInvalid
|
||||
console.log('failed at second last else')
|
||||
throw Errors.invalidInvite
|
||||
}
|
||||
} else {
|
||||
throw Errors.inviteInvalid
|
||||
console.log('failed at last else')
|
||||
throw Errors.invalidInvite
|
||||
}
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
|
|
|
@ -41,7 +41,7 @@ var reCAPTCHASecret = "6LdlbrwZAAAAAKvtcVQhVl_QaNOqmQ4PgyW3SKHy";
|
|||
const Errors = require('../lib/errors.js')
|
||||
var format = require('date-format');
|
||||
let {
|
||||
User, Post, teamPicture, TeamInvite, userWall, StaffApplications, AdminToken, PassKey, Thread, Category, Sequelize, Ip, Ban, sequelize, Team, TeamMembers, TeamRoles
|
||||
User, Post, teamPicture, TeamMemberRole, TeamInvite, userWall, StaffApplications, AdminToken, PassKey, Thread, Category, Sequelize, Ip, Ban, sequelize, Team, TeamMembers, TeamRoles
|
||||
} = require('../models')
|
||||
let pagination = require('../lib/pagination.js')
|
||||
const sgMail = require('@sendgrid/mail');
|
||||
|
@ -65,13 +65,71 @@ const emailLimiter = rateLimit({
|
|||
|
||||
router.post('/:username/picture', auth, upload.single('picture'), async (req, res, next) => {
|
||||
try {
|
||||
let user = await Team.findOne({
|
||||
where: {
|
||||
username: req.params.username
|
||||
}
|
||||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let picture = await teamPicture.findOne({
|
||||
where: { TeamId: user.id }
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(otherThanNull) {
|
||||
let user = await Team.findOne({
|
||||
where: {
|
||||
username: req.params.username
|
||||
}
|
||||
})
|
||||
let picture = await teamPicture.findOne({
|
||||
where: {TeamId: user.id}
|
||||
})
|
||||
|
||||
let pictureObj = {
|
||||
|
@ -81,7 +139,7 @@ router.post('/:username/picture', auth, upload.single('picture'), async (req, re
|
|||
}
|
||||
|
||||
//No picture set yet
|
||||
if(!picture) {
|
||||
if (!picture) {
|
||||
await teamPicture.create(pictureObj)
|
||||
} else {
|
||||
await picture.update(pictureObj)
|
||||
|
@ -93,11 +151,69 @@ router.post('/:username/picture', auth, upload.single('picture'), async (req, re
|
|||
})
|
||||
|
||||
res.json(user.toJSON())
|
||||
}
|
||||
} catch (e) { next(e) }
|
||||
})
|
||||
|
||||
router.put('/modify/:username', auth, async(req, res, next) => {
|
||||
try {
|
||||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(!req.userData.username) {
|
||||
throw Errors.requestNotAuthorized
|
||||
}
|
||||
|
@ -109,7 +225,7 @@ router.put('/modify/:username', auth, async(req, res, next) => {
|
|||
username: req.userData.username
|
||||
}})
|
||||
console.log(user1.OwnerId, user2.id)
|
||||
if(user1 && user2.id === user1.OwnerId) {
|
||||
if(otherThanNull) {
|
||||
if(req.autosan.body.description !== undefined, req.autosan.body.name !== undefined) {
|
||||
|
||||
let user = await Team.update({description: req.autosan.body.description, name: req.autosan.body.name}, {
|
||||
|
@ -133,7 +249,61 @@ router.post('/roles/create/:username', auth, async(req, res, next) => {
|
|||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
if(team) {
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(team && otherThanNull) {
|
||||
let queryObj3 = {
|
||||
where: {userId: req.userData.UserId, teamId: team.id},
|
||||
}
|
||||
|
@ -173,7 +343,61 @@ router.put('/roles/modify/:username/:id', auth, async(req, res, next) => {
|
|||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
if(team) {
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(team && otherThanNull) {
|
||||
let queryObj3 = {
|
||||
where: {userId: req.userData.UserId, teamId: team.id},
|
||||
}
|
||||
|
@ -190,8 +414,47 @@ router.put('/roles/modify/:username/:id', auth, async(req, res, next) => {
|
|||
teamId: team.id
|
||||
}
|
||||
})
|
||||
if(find) {
|
||||
let update = await TeamRoles.update({
|
||||
if(find.name === 'Members') {
|
||||
await TeamRoles.update({
|
||||
priority: req.body.priority,
|
||||
administrator: req.body.administrator,
|
||||
inviteUsers: req.body.inviteUsers,
|
||||
changeTeamMeta: req.body.changeTeamMeta,
|
||||
forumAdministrator: req.body.forumAdministrator,
|
||||
moderateForumThreads: req.body.moderateForumThreads,
|
||||
changeTeamPrivacy: req.body.changeTeamPrivacy,
|
||||
submitTeamItems: req.body.submitTeamItems,
|
||||
}, {
|
||||
where: {
|
||||
id: req.params.id,
|
||||
teamId: team.id
|
||||
}
|
||||
})
|
||||
res.status(200)
|
||||
res.json({success: true})
|
||||
}
|
||||
if(find.name === 'Administrators') {
|
||||
await TeamRoles.update({
|
||||
priority: req.body.priority,
|
||||
administrator: req.body.administrator,
|
||||
inviteUsers: req.body.inviteUsers,
|
||||
changeTeamMeta: req.body.changeTeamMeta,
|
||||
forumAdministrator: req.body.forumAdministrator,
|
||||
moderateForumThreads: req.body.moderateForumThreads,
|
||||
changeTeamPrivacy: req.body.changeTeamPrivacy,
|
||||
submitTeamItems: req.body.submitTeamItems,
|
||||
}, {
|
||||
where: {
|
||||
id: req.params.id,
|
||||
teamId: team.id
|
||||
}
|
||||
})
|
||||
res.status(200)
|
||||
res.json({success: true})
|
||||
}
|
||||
|
||||
if(find && find.name !== 'Administrators' && find.name !== 'Members') {
|
||||
await TeamRoles.update({
|
||||
priority: req.body.priority,
|
||||
name: req.body.name,
|
||||
administrator: req.body.administrator,
|
||||
|
@ -228,7 +491,7 @@ router.put('/roles/modify/:username/:id', auth, async(req, res, next) => {
|
|||
}
|
||||
})
|
||||
res.status(200)
|
||||
res.json({success:true})
|
||||
res.json({success: true})
|
||||
} else {
|
||||
res.status(400)
|
||||
res.json({success: false})
|
||||
|
@ -252,7 +515,61 @@ try {
|
|||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
if(team) {
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, inviteUsers: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, inviteUsers: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, inviteUsers: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(team && otherThanNull) {
|
||||
let create = await TeamInvite.create({
|
||||
maxUses: req.body.maxUses,
|
||||
RoleId: req.body.RoleId,
|
||||
|
@ -274,7 +591,61 @@ router.get('/:username/invites/list', auth, async(req, res, next) => {
|
|||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
if(team) {
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(team && otherThanNull) {
|
||||
let roles = await TeamInvite.findAll({
|
||||
where: {
|
||||
TeamId: team.id
|
||||
|
@ -294,7 +665,61 @@ router.delete('/:username/invites/delete/:code', auth, async(req, res, next) =>
|
|||
let team = await Team.findOne({
|
||||
where: {username: req.params.username}
|
||||
});
|
||||
if(team) {
|
||||
let isAuthMem = await TeamMembers.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
});
|
||||
if(!isAuthMem) {
|
||||
throw Errors.notInTeam
|
||||
}
|
||||
let isAuthRole = await TeamMemberRole.findOne({
|
||||
where: {UserId: req.userData.UserId, TeamId: team.id}
|
||||
})
|
||||
let isAuth1 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.RoleId, administrator: true}
|
||||
})
|
||||
let isAuth2 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role2Id, administrator: true}
|
||||
})
|
||||
let isAuth3 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role3Id, administrator: true}
|
||||
})
|
||||
let isAuth4 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role4Id, administrator: true}
|
||||
})
|
||||
let isAuth5 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role5Id, administrator: true}
|
||||
})
|
||||
let isAuth6 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role6Id, administrator: true}
|
||||
})
|
||||
let isAuth7 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role7Id, administrator: true}
|
||||
})
|
||||
let isAuth8 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role8Id, administrator: true}
|
||||
})
|
||||
let isAuth9 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role9Id, administrator: true}
|
||||
})
|
||||
let isAuth10 = await TeamRoles.findOne({
|
||||
where: {id: isAuthRole.Role10Id, administrator: true}
|
||||
})
|
||||
const allowArray = [
|
||||
isAuth1,
|
||||
isAuth2,
|
||||
isAuth3,
|
||||
isAuth4,
|
||||
isAuth5,
|
||||
isAuth6,
|
||||
isAuth7,
|
||||
isAuth8,
|
||||
isAuth9,
|
||||
isAuth10
|
||||
]
|
||||
let otherThanNull = allowArray.some(function (el) {
|
||||
return el !== null;
|
||||
});
|
||||
if(team && otherThanNull) {
|
||||
let code = await TeamInvite.findOne({
|
||||
where: {code: req.params.code, TeamId: team.id}
|
||||
});
|
||||
|
@ -311,4 +736,4 @@ router.delete('/:username/invites/delete/:code', auth, async(req, res, next) =>
|
|||
} catch (e) { next(e) }
|
||||
})
|
||||
|
||||
module.exports = router;
|
||||
module.exports = router;
|
Loading…
Reference in New Issue