xfarrow
/
blink
mirror of https://github.com/xfarrow/blink
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update addOrganizationAdmin

This commit is contained in:
xfarrow 2024-02-15 16:38:17 +01:00
parent 1891ee2067
commit 4bf1c71165
1 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
backend/apis/nodejs/api_controller.js
View File

@ -365,7 +365,7 @@ async function updateOrganization(req, res){
return res.status(200).json({ success : "true"}); return res.status(200).json({ success : "true"});
} }
else{ else{
return res.status(404).json({error : "Organization either not found or not sufficient permissions"}); return res.status(404).json({error : "Organization either not found or insufficient permissions"});
} }
} }
catch (error) { catch (error) {
@ -521,37 +521,37 @@ async function deleteOrganizationPost(req, res){
} }
} }
// POST /**
* POST Method
*
* Add an Administrator to an Organization. Allowed only if the
* logged user is an Administrator themselves.
*/
async function addOrganizationAdmin(req, res){ async function addOrganizationAdmin(req, res){
// Ensure that the required fields are present before proceeding // Ensure that the required fields are present before proceeding
if (!req.body.organization_id || !req.body.person_id) { if (!req.body.organization_id || !req.body.person_id) {
return res.status(400).json({ error : "Invalid request"}); return res.status(400).json({ error : "Invalid request"});
} }
try { try {
knex.transaction(async (trx) => { const isPersonAdmin = await knex('OrganizationAdministrator')
// Check if the current user is a organization's administrator .where('id_person', req.jwt.person_id)
const result = await trx('OrganizationAdministrator') .where('id_organization', req.body.organization_id)
.where('id_person', req.jwt.person_id) .select('*')
.where('id_organization', req.body.organization_id) .first();
.select('*')
.first();
if(!result){ if(!isPersonAdmin){
return res.status(401).json({error : "Forbidden"}); return res.status(401).json({error : "Forbidden"});
} }
// We suppose that the database has Foreign Key constraints await knex('OrganizationAdministrator')
// otherwise we should've checked whether person_id exists. .insert({
await knex('OrganizationAdministrator') id_person: req.body.person_id,
.insert({ id_organization: req.body.organization_id
id_person: req.body.person_id, });
id_organization: req.body.organization_id return res.status(200).json({success : true});
}); }
return res.status(200).json({success : true});
});
}
catch (error) { catch (error) {
console.error('Error while adding organization admin: ' + error); console.error('Error while adding organization admin: ' + error);
res.status(500).json({error : "Internal server error"}); res.status(500).json({error : "Internal server error"});