From f7dae45ab91f7bc9d9c308b8f45330e07d999db7 Mon Sep 17 00:00:00 2001 From: Trivernis Date: Wed, 8 Jan 2020 14:06:47 +0100 Subject: [PATCH] Admins - added is_admin column to users - added ability for admins to delete posts that are not their own --- CHANGELOG.md | 2 ++ src/graphql/resolvers.ts | 3 ++- src/graphql/schema.graphql | 3 +++ src/lib/models/Post.ts | 7 ++++++- src/lib/models/User.ts | 4 ++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eeffabb..3db8cf7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - worker initialization error handling - bearer token authentification for testing purposes - Added `deletable' field on post +- Admin field that for admin users +- ability for admins to delete posts ### Removed diff --git a/src/graphql/resolvers.ts b/src/graphql/resolvers.ts index 66a3ad2..5b53d85 100644 --- a/src/graphql/resolvers.ts +++ b/src/graphql/resolvers.ts @@ -245,7 +245,8 @@ export function resolver(req: any, res: any): any { as: "rAuthor", model: models.User, }]}); - if (post.rAuthor.id === req.session.userId) { + const isAdmin = (await models.User.findOne({where: {id: req.session.userId}})).isAdmin; + if (post.rAuthor.id === req.session.userId || isAdmin) { return await dataaccess.deletePost(post.id); } else { res.status(status.FORBIDDEN); diff --git a/src/graphql/schema.graphql b/src/graphql/schema.graphql index 4068f71..657d049 100644 --- a/src/graphql/schema.graphql +++ b/src/graphql/schema.graphql @@ -256,6 +256,9 @@ type Profile implements UserData { "the custom settings for the frontend" settings: String! + + "if the user is an admin" + isAdmin: Boolean } "represents a single user post" diff --git a/src/lib/models/Post.ts b/src/lib/models/Post.ts index 1b39243..e9fef2b 100644 --- a/src/lib/models/Post.ts +++ b/src/lib/models/Post.ts @@ -102,6 +102,11 @@ export class Post extends Model { * @param userId */ public async deletable({userId}: {userId: number}): Promise { - return Number(userId) === Number(this.authorId); + + const isAuthor = Number(userId) === Number(this.authorId); + if (!isAuthor) { + return (await User.findOne({where: {id: userId}})).isAdmin; + } + return isAuthor; } } diff --git a/src/lib/models/User.ts b/src/lib/models/User.ts index 0ebb547..5901054 100644 --- a/src/lib/models/User.ts +++ b/src/lib/models/User.ts @@ -61,6 +61,10 @@ export class User extends Model { @Column({defaultValue: () => Date.now() + 7200000}) public authExpire: Date; + @NotNull + @Column({defaultValue: false, allowNull: false}) + public isAdmin: boolean; + @BelongsToMany(() => User, () => Friendship, "userId") public rFriends: User[];