Remove organization admin

2025-04-13 16:41:59 +02:00 · 2023-10-23 12:05:55 +02:00 · 2023-10-23 12:05:55 +02:00 · 9a3e38d1b7
commit 9a3e38d1b7
parent 533b223c8b
2 changed files with 58 additions and 13 deletions
--- a/backend/apis/nodejs/api.js
+++ b/backend/apis/nodejs/api.js
@ -19,18 +19,19 @@ require('dotenv').config();
 const app = express();
 app.use(express.json()); // Middleware which parses JSON for POST requests
 app.use(cors()); // Enable CORS for all routes
-app.post('/blinkapi/register', api_controller.registerPerson); // Register a Person
-app.post('/blinkapi/login', api_controller.login); // Login
-app.get('/blinkapi/person/:id', api_controller.verifyToken, api_controller.getPerson); // Obtain Person's details
-app.put('/blinkapi/person/:id', api_controller.verifyToken, api_controller.updatePerson); // Update Person's details
-app.delete('/blinkapi/person/delete', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person
-app.post('/blinkapi/organization', api_controller.verifyToken, api_controller.createOrganization); // Create organization
-app.get('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.getOrganization); // Get Organization data
-app.put('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.updateOrganization); // Update organization
-app.delete('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.deleteOrganization); // Delete organization
-app.post('/blinkapi/organization/post', api_controller.verifyToken, api_controller.createOrganizationPost); // Create a organization's post
-app.delete('/blinkapi/organization/post/:id', api_controller.verifyToken, api_controller.deleteOrganizationPost); // Delete a organization's post
-app.post('/blinkapi/organization/admin', api_controller.verifyToken, api_controller.addOrganizationAdmin); // Add Organization Administrator
+app.post('/api/register', api_controller.registerPerson); // Register a Person
+app.post('/api/login', api_controller.login); // Login
+app.get('/api/person/:id', api_controller.verifyToken, api_controller.getPerson); // Obtain Person's details
+app.put('/api/person/:id', api_controller.verifyToken, api_controller.updatePerson); // Update Person's details
+app.delete('/api/person/delete', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person
+app.post('/api/organization/admin', api_controller.verifyToken, api_controller.addOrganizationAdmin); // Add Organization Administrator
+app.delete('/api/organization/removeadmin', api_controller.verifyToken, api_controller.removeOrganizationAdmin); // Remove Organization Administrator
+app.post('/api/organization', api_controller.verifyToken, api_controller.createOrganization); // Create organization
+app.get('/api/organization/:id', api_controller.verifyToken, api_controller.getOrganization); // Get Organization data
+app.put('/api/organization/:id', api_controller.verifyToken, api_controller.updateOrganization); // Update organization
+app.delete('/api/organization/:id', api_controller.verifyToken, api_controller.deleteOrganization); // Delete organization
+app.post('/api/organization/post', api_controller.verifyToken, api_controller.createOrganizationPost); // Create a organization's post
+app.delete('/api/organization/post/:id', api_controller.verifyToken, api_controller.deleteOrganizationPost); // Delete a organization's post

 // Start the server
 app.listen(process.env.API_SERVER_PORT, () => {
--- a/backend/apis/nodejs/api_controller.js
+++ b/backend/apis/nodejs/api_controller.js
@ -399,6 +399,49 @@ async function addOrganizationAdmin(req, res){
  }
 }

+// DELETE
+async function removeOrganizationAdmin(req, res){
+  
+    // Ensure that the required fields are present before proceeding
+    if (!req.body.organization_id || !req.body.person_id) {
+      return res.status(400).json({ error : "Invalid request"});
+    }
+
+    // I can remove only myself from the list of administrators
+    if(req.body.person_id != req.jwt.person_id){
+      return res.status(403).json({ error : "Forbidden"});
+    }
+
+    try{
+      knex.transaction(async (trx) => {
+        await trx('OrganizationAdministrator')
+          .where('id_person', req.jwt.person_id)
+          .where('id_organization', req.body.organization_id)
+          .del();
+  
+          // Delete Organization if there are no admins left
+          // Note: If the user instead deletes the entire profile,
+          // the Organization will not be deleted. Fix.
+          // Note: Check what level of transaction we are using
+          // to avoid inconsistencies
+          const count = await trx('OrganizationAdministrator')
+            .count('id as count')
+            .where('id', req.body.organization_id);
+
+          if(count[0].count == 1){
+            await trx('Organization')
+            .where('id', req.body.organization_id)
+            .del();
+          }
+          return res.status(200).json({success : true});
+      });
+    }
+    catch (error){
+      console.error(error);
+      return res.status(500).json({ error: "Internal server error"});
+    }
+}
+
 // ======== END API ENDPOINTS ========

 async function checkUserCredentials(email, password){
@ -474,5 +517,6 @@ module.exports = {
    deleteOrganization,
    createOrganizationPost,
    deleteOrganizationPost,
-    addOrganizationAdmin
+    addOrganizationAdmin,
+    removeOrganizationAdmin
 };