mirror of
https://github.com/plankanban/planka.git
synced 2025-07-20 13:49:43 +02:00
Maksim Eltyshev
parent
ad7fb51cfa
commit
2ee1166747
1557 changed files with 76832 additions and 47042 deletions
|
|
@ -1,15 +1,22 @@
|
|||
/*!
|
||||
* Copyright (c) 2024 PLANKA Software GmbH
|
||||
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
|
||||
*/
|
||||
|
||||
const bcrypt = require('bcrypt');
|
||||
|
||||
const { idInput } = require('../../../utils/inputs');
|
||||
|
||||
const Errors = {
|
||||
NOT_ENOUGH_RIGHTS: {
|
||||
notEnoughRights: 'Not enough rights',
|
||||
},
|
||||
USER_NOT_FOUND: {
|
||||
userNotFound: 'User not found',
|
||||
},
|
||||
INVALID_CURRENT_PASSWORD: {
|
||||
invalidCurrentPassword: 'Invalid current password',
|
||||
},
|
||||
USER_NOT_FOUND: {
|
||||
userNotFound: 'User not found',
|
||||
},
|
||||
EMAIL_ALREADY_IN_USE: {
|
||||
emailAlreadyInUse: 'Email already in use',
|
||||
},
|
||||
|
|
@ -18,18 +25,19 @@ const Errors = {
|
|||
module.exports = {
|
||||
inputs: {
|
||||
id: {
|
||||
type: 'string',
|
||||
regex: /^[0-9]+$/,
|
||||
...idInput,
|
||||
required: true,
|
||||
},
|
||||
email: {
|
||||
type: 'string',
|
||||
maxLength: 256,
|
||||
isEmail: true,
|
||||
required: true,
|
||||
},
|
||||
currentPassword: {
|
||||
type: 'string',
|
||||
isNotEmptyString: true,
|
||||
maxLength: 256,
|
||||
},
|
||||
},
|
||||
|
||||
|
|
@ -37,12 +45,12 @@ module.exports = {
|
|||
notEnoughRights: {
|
||||
responseType: 'forbidden',
|
||||
},
|
||||
userNotFound: {
|
||||
responseType: 'notFound',
|
||||
},
|
||||
invalidCurrentPassword: {
|
||||
responseType: 'forbidden',
|
||||
},
|
||||
userNotFound: {
|
||||
responseType: 'notFound',
|
||||
},
|
||||
emailAlreadyInUse: {
|
||||
responseType: 'conflict',
|
||||
},
|
||||
|
|
@ -55,25 +63,26 @@ module.exports = {
|
|||
if (!inputs.currentPassword) {
|
||||
throw Errors.INVALID_CURRENT_PASSWORD;
|
||||
}
|
||||
} else if (!currentUser.isAdmin) {
|
||||
} else if (currentUser.role !== User.Roles.ADMIN) {
|
||||
throw Errors.USER_NOT_FOUND; // Forbidden
|
||||
}
|
||||
|
||||
let user = await sails.helpers.users.getOne(inputs.id);
|
||||
let user = await User.qm.getOneById(inputs.id);
|
||||
|
||||
if (!user) {
|
||||
throw Errors.USER_NOT_FOUND;
|
||||
}
|
||||
|
||||
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
|
||||
if (user.email === sails.config.custom.defaultAdminEmail || user.isSsoUser) {
|
||||
throw Errors.NOT_ENOUGH_RIGHTS;
|
||||
}
|
||||
|
||||
if (
|
||||
inputs.id === currentUser.id &&
|
||||
!bcrypt.compareSync(inputs.currentPassword, user.password)
|
||||
) {
|
||||
throw Errors.INVALID_CURRENT_PASSWORD;
|
||||
if (inputs.id === currentUser.id) {
|
||||
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
|
||||
|
||||
if (!isCurrentPasswordValid) {
|
||||
throw Errors.INVALID_CURRENT_PASSWORD;
|
||||
}
|
||||
}
|
||||
|
||||
const values = _.pick(inputs, ['email']);
|
||||
|
|
@ -92,7 +101,7 @@ module.exports = {
|
|||
}
|
||||
|
||||
return {
|
||||
item: user,
|
||||
item: sails.helpers.users.presentOne(user, currentUser),
|
||||
};
|
||||
},
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue