admin could add user, fix #14

2019-06-18 14:45:04 +02:00
parent f77e6b1ed6
commit 85694906f1
9 changed files with 83 additions and 46 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -39,13 +39,6 @@ const Auth = {
    if (req.user.is_admin && req.user.is_active) return next()
    return res.status(403).send({ message: 'Admin needed' })
  },
-  async adminOrFirstRun(req, res, next) {
-    if (req.user && req.user.is_admin && req.user.is_active) return next()
-    const settings = await Settings.settings()
-    if (!settings.firstRun) {
-      return next()
-    }
-  }

 }

--- a/server/api/controller/user.js
+++ b/server/api/controller/user.js
@@ -217,6 +217,7 @@ const userController = {
    }
  },

+
  async register(req, res) {
    const n_users = await User.count()
    try {
@@ -243,6 +244,16 @@ const userController = {
    } catch (e) {
      res.status(404).json(e)
    }
+  },
+
+  async create(req, res) {
+    try {
+      req.body.is_active = true
+      const user = await User.create(req.body)
+      res.json(user)
+    } catch (e) {
+      res.status(404).json(e)
+    }
  }
 }

--- a/server/api/index.js
+++ b/server/api/index.js
@@ -24,17 +24,6 @@ const jwt = expressJwt({
  credentialsRequired: false
 })

-function errorHandler(fn) {
-  return async (req, res) => {
-    try {
-      await fn(req, res)
-    } catch (e) {
-      console.error(String(e))
-      return res.status(500).json(e)
-    }
-  }
-}
-
 // AUTH
 api.post('/auth/login', userController.login)
 api.post('/auth/logout', userController.logout)
@@ -44,14 +33,12 @@ api.post('/user/recover', userController.forgotPassword)
 api.post('/user/check_recover_code', userController.checkRecoverCode)
 api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)

-api
-  .route('/user')
-  // register
-  .post(userController.register)
-  // get current user
-  // .get(isAuth, userController.current)
-  // update user (eg. confirm)
-  .put(jwt, isAuth, isAdmin, userController.update)
+// register and add users
+api.post('/user/register', userController.register)
+api.post('/user', jwt, isAuth, isAdmin, userController.create)
+
+// update user (disable/)
+api.put('/user', jwt, isAuth, isAdmin, userController.update)

 // get all users
 api.get('/users', jwt, isAuth, isAdmin, userController.getAll)
@@ -62,12 +49,11 @@ api.put('/tag', jwt, isAuth, isAdmin, eventController.updateTag)
 // update a place (modify address..)
 api.put('/place', jwt, isAuth, isAdmin, eventController.updatePlace)

-api
-  .route('/user/event')
-  // add event
-  .post(jwt, fillUser, upload.single('image'), userController.addEvent)
-  // update event
-  .put(jwt, isAuth, upload.single('image'), userController.updateEvent)
+// add event
+api.post('/user/event', jwt, fillUser, upload.single('image'), userController.addEvent)
+  
+// update event
+api.put('/user/event', jwt, isAuth, upload.single('image'), userController.updateEvent)

 // remove event
 api.delete('/user/event/:id', jwt, isAuth, userController.delEvent)
@@ -96,7 +82,8 @@ api.get('/event/unconfirm/:event_id', jwt, isAuth, isAdmin, eventController.unco
 api.get('/export/:type', exportController.export)

 // get events in this range
-api.get('/event/:month/:year', errorHandler(eventController.getAll))
+api.get('/event/:month/:year', eventController.getAll)
+// api.get('/event/:month/:year', eventController.getAfter)

 // mastodon oauth auth
 api.post('/settings/getauthurl', jwt, isAuth, isAdmin, settingsController.getAuthURL)