surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

l'admin non riesce a cambiare il fido degli utenti...

Browse Source
This commit is contained in:
Surya Paolo
2023-06-20 01:07:57 +02:00
parent baf56b59d0
commit ba81a33c88
6 changed files with 83 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/server/router/index_router.js
View File

@@ -416,11 +416,11 @@ router.post('/settable', authenticate, async (req, res) => {
// Controlla se esiste già questo record:
if (shared_consts.TABLES_FIELDS_DESCR_AND_CITY_AND_USER.includes(params.table)) {
if (mytablerec.isNew) {
const trovatoDuplicato = await mytable.findOne({idapp: mytablerec.idapp, descr: mytablerec.descr, idCity: mytablerec.idCity, userId: mytablerec.userId }).lean();
const trovatoDuplicato = await mytable.findOne({ idapp: mytablerec.idapp, descr: mytablerec.descr, idCity: mytablerec.idCity, userId: mytablerec.userId }).lean();
if (trovatoDuplicato) {
// trovatoDuplicato
return res.status(200).send({ code: server_constants.RIS_CODE_REC_DUPLICATED_DESCR_CITY_USER, msg: '' });
}
}
@@ -491,8 +491,8 @@ router.post('/settable', authenticate, async (req, res) => {
}
if (setnotif) {
const myreq = {...req};
const myres = {...res};
const myreq = { ...req };
const myres = { ...res };
SendNotif.createNewNotification(myreq, myres, { groupnameDest, circuitnameDest }, params.table, myrec, typedir, typeid);
}
@@ -798,13 +798,17 @@ router.patch('/chval', authenticate, async (req, res) => {
const fieldsvalue = mydata.fieldsvalue;
const unset = mydata.unset;
const { Account } = require('../models/account');
// tools.mylogshow('PATCH CHVAL: ', id, fieldsvalue);
// If I change my record...
if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
if (((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
!User.isEditor(req.user.perm) && !User.isFacilitatore(req.user.perm)) &&
(req.user._id.toString() !== id) &&
!tools.ModificheConsentite(mydata.table, fieldsvalue)) {
(!tools.ModificheConsentite(mydata.table, fieldsvalue)))
&& !((mydata.table === 'accounts') && await Account.canEditAccountAdmins(req.user.username, mydata.id))
) {
// If without permissions, exit
return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });