- added is_admin column to users
- added ability for admins to delete posts that are not their own
pull/5/head
Trivernis 5 years ago
parent 21641cbc20
commit f7dae45ab9

@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- worker initialization error handling
- bearer token authentification for testing purposes
- Added `deletable' field on post
- Admin field that for admin users
- ability for admins to delete posts
### Removed

@ -245,7 +245,8 @@ export function resolver(req: any, res: any): any {
as: "rAuthor",
model: models.User,
}]});
if (post.rAuthor.id === req.session.userId) {
const isAdmin = (await models.User.findOne({where: {id: req.session.userId}})).isAdmin;
if (post.rAuthor.id === req.session.userId || isAdmin) {
return await dataaccess.deletePost(post.id);
} else {
res.status(status.FORBIDDEN);

@ -256,6 +256,9 @@ type Profile implements UserData {
"the custom settings for the frontend"
settings: String!
"if the user is an admin"
isAdmin: Boolean
}
"represents a single user post"

@ -102,6 +102,11 @@ export class Post extends Model<Post> {
* @param userId
*/
public async deletable({userId}: {userId: number}): Promise<boolean> {
return Number(userId) === Number(this.authorId);
const isAuthor = Number(userId) === Number(this.authorId);
if (!isAuthor) {
return (await User.findOne({where: {id: userId}})).isAdmin;
}
return isAuthor;
}
}

@ -61,6 +61,10 @@ export class User extends Model<User> {
@Column({defaultValue: () => Date.now() + 7200000})
public authExpire: Date;
@NotNull
@Column({defaultValue: false, allowNull: false})
public isAdmin: boolean;
@BelongsToMany(() => User, () => Friendship, "userId")
public rFriends: User[];

Loading…
Cancel
Save