mirror of
https://github.com/xfarrow/blink
synced 2025-06-27 09:03:02 +02:00
update
This commit is contained in:
xfarrow
@ -26,20 +26,28 @@ async function isPersonAdmin (personId, organizationId) {
|
||||
.where('id_organization', organizationId)
|
||||
.select('*')
|
||||
.first();
|
||||
return isPersonAdmin;
|
||||
return !!isPersonAdmin;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the specified Person as the Organization administrator
|
||||
* @param {*} personId
|
||||
* Add the specified Person as the Organization administrator, if thr requester is already
|
||||
* an administrator
|
||||
* @param {*} personId Id of the person to add as administrator
|
||||
* @param {*} organizationId
|
||||
* @param {*} requester Id of the person requesting the addition
|
||||
*/
|
||||
async function addOrganizationAdministrator (personId, organizationId) {
|
||||
await knex('OrganizationAdministrator')
|
||||
async function addOrganizationAdministrator (personId, organizationId, requester) {
|
||||
|
||||
const isPersonAdmin = await organization_admin_model.isPersonAdmin(requester, organizationId);
|
||||
if(isPersonAdmin){
|
||||
await knex('OrganizationAdministrator')
|
||||
.insert({
|
||||
id_person: personId,
|
||||
id_organization: organizationId
|
||||
});
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -34,7 +34,7 @@ function organization (name, location, description, isHiring) {
|
||||
/**
|
||||
* Gets an Organization by its identifier
|
||||
* @param {*} id
|
||||
* @returns
|
||||
* @returns the Organization
|
||||
*/
|
||||
async function getOrganizationById (id) {
|
||||
const organization = await knex('Organization')
|
||||
@ -66,13 +66,13 @@ async function insertOrganization (organization, organizationAdministratorId) {
|
||||
|
||||
/**
|
||||
* Updates an Organization specified by the OrganizationId, if and
|
||||
* only if the specified personId is one of its Administrator
|
||||
* only if the specified requester is one of its Administrator
|
||||
* @param {*} organization
|
||||
* @param {*} organizationId
|
||||
* @param {*} personId
|
||||
* @param {*} requester
|
||||
* @returns true if the row was updated, false otherwise
|
||||
*/
|
||||
async function updateOrganizationIfAdministrator (organization, organizationId, personId) {
|
||||
async function updateOrganization (organization, organizationId, requester) {
|
||||
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
|
||||
// // .where('id_person', req.jwt.person_id)
|
||||
// // .where('id_organization', req.params.id)
|
||||
@ -107,7 +107,7 @@ async function updateOrganizationIfAdministrator (organization, organizationId,
|
||||
.whereExists(function () {
|
||||
this.select('*')
|
||||
.from('OrganizationAdministrator')
|
||||
.where('id_person', personId)
|
||||
.where('id_person', requester)
|
||||
.where('id_organization', organizationId);
|
||||
})
|
||||
.update(organization);
|
||||
@ -118,16 +118,16 @@ async function updateOrganizationIfAdministrator (organization, organizationId,
|
||||
* Deletes an Organization if the specified PersonId is
|
||||
* one of its administrators
|
||||
* @param {*} organizationId Id of the Organization to delete
|
||||
* @param {*} personId PersonId of the supposedly administrator
|
||||
* @param {*} requester PersonId of the supposedly administrator
|
||||
* @returns true if the Organization was successfully deleted, false otherwise
|
||||
*/
|
||||
async function deleteOrganizationIfAdmin (organizationId, personId) {
|
||||
async function deleteOrganization (organizationId, requester) {
|
||||
const numberOfDeletedRows = await knex('Organization')
|
||||
.where({ id: organizationId })
|
||||
.whereExists(function () {
|
||||
this.select('*')
|
||||
.from('OrganizationAdministrator')
|
||||
.where('id_person', personId)
|
||||
.where('id_person', requester)
|
||||
.where('id_organization', organizationId);
|
||||
})
|
||||
.del();
|
||||
@ -141,7 +141,6 @@ module.exports = {
|
||||
getOrganizationById,
|
||||
organization,
|
||||
insertOrganization,
|
||||
updateOrganizationIfAdministrator,
|
||||
deleteOrganizationIfAdmin,
|
||||
deleteOrganizationIfAdmin
|
||||
updateOrganization,
|
||||
deleteOrganization
|
||||
};
|
||||
|
||||
@ -44,7 +44,7 @@ async function insertOrganizationPost (organization) {
|
||||
// Non-exploitable TOC/TOU weakness
|
||||
// For more information https://softwareengineering.stackexchange.com/questions/451038/when-should-i-be-worried-of-time-of-check-time-of-use-vulnerabilities-during-dat
|
||||
if (!isOrganizationAdmin) {
|
||||
return res.status(403).json({ error: 'Forbidden' });
|
||||
return false;
|
||||
}
|
||||
|
||||
const organizationPost = await knex('OrganizationPost')
|
||||
@ -75,13 +75,18 @@ async function isPersonPostAdministrator (postId, personId) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes the specified OrganizationPost
|
||||
* @param {*} organizationPostId
|
||||
* Deletes the specified OrganizationPost if the requester is one
|
||||
* of the Administrators of the Organization the Post belongs to
|
||||
* @param {*} postId Id of the Post to delete
|
||||
* @param {*} requester Id of the Person requesting the deletion
|
||||
*/
|
||||
async function deleteOrganizationPost (organizationPostId) {
|
||||
await knex('OrganizationPost')
|
||||
.where('id', organizationPostId)
|
||||
.del();
|
||||
async function deleteOrganizationPost (postId, requester) {
|
||||
if(await isPersonPostAdministrator(postId, requester)){
|
||||
return await knex('OrganizationPost')
|
||||
.where('id', postId)
|
||||
.del() == 1;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
|
||||
Reference in New Issue
Block a user