surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fix: l'admin non riusciva a cambiare il Circuito...

Browse Source
This commit is contained in:
Surya Paolo
2024-04-04 18:43:17 +02:00
parent 970428a359
commit fef8d0fbc7
4 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/server/models/circuit.js
View File

@@ -250,6 +250,18 @@ CircuitSchema.statics.findAllIdApp = async function (idapp) {
return await Circuit.find(myfind, whatToShow).sort({ status: -1, numMembers: -1, name: 1 });
};
CircuitSchema.statics.isCircuitAdmin = async function (idrec, username) {
const Circuit = this;
const mycirc = await Circuit.findOne({ _id: idrec }).lean();
if (mycirc) {
return mycirc.admins.some(admin => admin.username === username);
}
return false;
};
CircuitSchema.statics.getFieldsForSearch = function () {
return [
{ field: 'name', type: tools.FieldType.string },

4
src/server/models/user.js
View File

@@ -1459,6 +1459,7 @@ UserSchema.statics.createNewReqRegistrationGetLink = async function (idapp, user
// Se è scaduto, ne crea uno nuovo
// Creo il tokenforgot
/*
if (!user.date_tokenreg || (!user.tokenreg) || (user.tokenreg && (user.date_tokenreg < new Date().getTime()))) {
let mycodestr = user._id.toHexString() + new Date().getTime().toString();
@@ -1477,11 +1478,14 @@ UserSchema.statics.createNewReqRegistrationGetLink = async function (idapp, user
}
user.date_tokenreg = tools.AddDate(new Date(), 1);
return await user.save().then(() => {
return user.tokenreg;
});
*/
}
}

15
src/server/router/index_router.js
View File

@@ -339,9 +339,12 @@ router.post('/settable', authenticate, async (req, res) => {
consentito = true;
}
if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm) &&
!User.isEditor(req.user.perm) && !User.isFacilitatore(req.user.perm)) &&
!tools.ModificheConsentite(req, params.table, fieldsvalue)) {
if ((!User.isAdmin(req.user.perm)
&& !User.isManager(req.user.perm)
&& !User.isEditor(req.user.perm)
&& !User.isFacilitatore(req.user.perm))
&&
await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id: '')) {
// If without permissions, exit
return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
@@ -857,7 +860,7 @@ router.patch('/chval', authenticate, async (req, res) => {
&& !User.isManager(req.user.perm)
&& !User.isEditor(req.user.perm)
&& !User.isFacilitatore(req.user.perm))
&& (!tools.ModificheConsentite(req, mydata.table, fieldsvalue, id)))
&& (await !tools.ModificheConsentite(req, mydata.table, fieldsvalue, id)))
&& !((mydata.table === 'accounts')
&& await Account.canEditAccountAdmins(req.user.username, mydata.id))
) {
@@ -1041,7 +1044,7 @@ router.patch('/chval', authenticate, async (req, res) => {
}
}
if (tools.ModificheConsentite(req, mydata.table, fieldsvalue)) {
if (await tools.ModificheConsentite(req, mydata.table, fieldsvalue)) {
let msg = '';
if (mydata.table === 'users') {
if ('aportador_solidario' in fieldsvalue) {
@@ -1240,7 +1243,7 @@ router.delete('/delrec/:table/:id', authenticate, async (req, res) => {
if ((!User.isAdmin(req.user.perm) && !User.isManager(req.user.perm)) &&
(tablename !== 'extralist') &&
!tools.ModificheConsentite(req, tablename, fields, id, req.user)) {
await !tools.ModificheConsentite(req, tablename, fields, id, req.user)) {
// If without permissions, exit
return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });

22
src/server/tools/general.js
View File

@@ -3032,7 +3032,7 @@ module.exports = {
);
if (this.testing()) {
console.log('query', query);
// console.log('query', query);
}
// console.log('query', query);
@@ -3815,7 +3815,9 @@ module.exports = {
return mystr.replace(/\s+/g, '');
},
ModificheConsentite(req, table, fieldsvalue, idrec, user) {
async ModificheConsentite(req, table, fieldsvalue, idrec, user) {
const { Circuit } = require('../models/circuit');
if (table === 'sharewithus') {
return true;
}
@@ -3839,6 +3841,18 @@ module.exports = {
//++Todo: Cancellalo solo se sono io il creatore dell'utente ... o se posso!
return true;
}
} else if (table === 'circuits') {
if (idrec) {
// Permetti di fare modifiche se è un admin del circuito
return await Circuit.isCircuitAdmin(idrec, req.user ? req.user.username : '');
}
} else if (table === 'accounts') {
if (idrec) {
if ('fidoConcesso' in fieldsvalue) {
// Permetti di fare modifiche se è un admin del circuito
return await Circuit.isCircuitAdmin(idrec, req.user ? req.user.username : '');
}
}
}
if (shared_consts.TABLES_PERM_CHANGE_FOR_USERS.includes(table)) {
@@ -4171,7 +4185,7 @@ module.exports = {
if (msg.includes('{appname}'))
msg = msg.replace('{appname}', this.getNomeAppByIdApp(user.idapp));
msg = msg.replace('{username}', user.username);
msg = await this.checkStr(msg, '{time_exp_reg}', user, 1);
// msg = await this.checkStr(msg, '{time_exp_reg}', user, 1);
msg = msg.replace('{name}', user.name ? user.name : user.username);
msg = msg.replace('{surname}', user.surname ? user.surname : '');
@@ -4421,7 +4435,7 @@ module.exports = {
/*if (params.openUrl)
content = content + '\n' + '<a href="' + myhost + params.openUrl + '">' + i18n.__('OPEN PAGE') + '</a>';
*/
}