watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-08 05:12:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Updated roles and permissions logic.

Browse source
This commit is contained in:
Mike Cao 2022-12-06 18:36:41 -08:00
parent 4eb3140e43
commit b57ecf33e6
63 changed files with 432 additions and 546 deletions
Download patch file Download diff file Expand all files Collapse all files

15
pages/api/users/index.ts
View file

@ -1,7 +1,7 @@
import { NextApiRequestQueryBody } from 'interface/api/nextApi';
import { canCreateUser, canViewUsers } from 'lib/auth';
import { NextApiRequestQueryBody } from 'lib/types';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { ROLES } from 'lib/constants';
import { NextApiResponse } from 'next';
import { badRequest, hashPassword, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createUser, getUser, getUsers, User } from 'queries';
@ -19,11 +19,11 @@ export default async (
await useAuth(req, res);
const {
user: { id: userId },
user: { isAdmin },
} = req.auth;
if (req.method === 'GET') {
if (canViewUsers(userId)) {
if (isAdmin) {
return unauthorized(res);
}
@ -33,15 +33,15 @@ export default async (
}
if (req.method === 'POST') {
if (canCreateUser(userId)) {
if (isAdmin) {
return unauthorized(res);
}
const { username, password, id } = req.body;
const user = await getUser({ username });
const existingUser = await getUser({ username });
if (user) {
if (existingUser) {
return badRequest(res, 'User already exists');
}
@ -49,6 +49,7 @@ export default async (
id: id || uuid(),
username,
password: hashPassword(password),
role: ROLES.user,
});
return ok(res, created);