sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-06 06:10:04 +00:00
Code Issues Projects Releases Wiki Activity

feat: new APIs added for GET|PATCH|DELETE of user by username

Browse Source
This commit is contained in:
Saad Jutt
2022-06-14 22:08:56 +05:00
parent 806ea4cb5c
commit aef411a0ea
6 changed files with 525 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api/src/middlewares/verifyAdminIfNeeded.ts
View File

@@ -1,11 +1,22 @@
import { RequestHandler } from 'express'
// This middleware checks if a non-admin user trying to
// access information of other user
export const verifyAdminIfNeeded: RequestHandler = (req, res, next) => {
const { user } = req
const userId = parseInt(req.params.userId)
if (!user?.isAdmin && user?.userId !== userId) {
return res.status(401).send('Admin account required')
if (!user?.isAdmin) {
let adminAccountRequired: boolean = true
if (req.params.userId) {
adminAccountRequired = user?.userId !== parseInt(req.params.userId)
} else if (req.params.username) {
adminAccountRequired = user?.username !== req.params.username
}
if (adminAccountRequired)
return res.status(401).send('Admin account required')
}
next()
}