Make admin simply a boolean instead of group

This simplifies a lot of logic. Keeping an admin group has no benefit
This commit is contained in:
Girish Ramakrishnan
2018-07-26 17:17:52 -07:00
parent 39848a25a8
commit 78a2176d1d
18 changed files with 280 additions and 359 deletions

View File

@@ -13,7 +13,6 @@ exports = module.exports = {
};
var assert = require('assert'),
constants = require('../constants.js'),
HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess,
users = require('../users.js'),
@@ -68,6 +67,12 @@ function update(req, res, next) {
if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));
if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be a string'));
if ('admin' in req.body) {
if (typeof req.body.admin !== 'boolean') return next(new HttpError(400, 'admin must be a boolean'));
// this route is only allowed for admins, so req.user has to be an admin
if (req.user.id === req.params.userId) return next(new HttpError(409, 'Cannot change admin flag on self'));
}
users.update(req.params.userId, req.body, auditSource(req), function (error) {
if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
@@ -149,9 +154,6 @@ function setGroups(req, res, next) {
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
// this route is only allowed for admins, so req.user has to be an admin
if (req.user.id === req.params.userId && req.body.groupIds.indexOf(constants.ADMIN_GROUP_ID) === -1) return next(new HttpError(409, 'Admin removing itself from admins is not allowed'));
users.setMembership(req.params.userId, req.body.groupIds, function (error) {
if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
if (error) return next(new HttpError(500, error));