From 9a3e38d1b70cb1b2fb4c6b45d9264a25f5974b58 Mon Sep 17 00:00:00 2001 From: xfarrow Date: Mon, 23 Oct 2023 12:05:55 +0200 Subject: [PATCH] Remove organization admin --- backend/apis/nodejs/api.js | 25 ++++++++------- backend/apis/nodejs/api_controller.js | 46 ++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 13 deletions(-) diff --git a/backend/apis/nodejs/api.js b/backend/apis/nodejs/api.js index 22fbf29..cf3b8fb 100644 --- a/backend/apis/nodejs/api.js +++ b/backend/apis/nodejs/api.js @@ -19,18 +19,19 @@ require('dotenv').config(); const app = express(); app.use(express.json()); // Middleware which parses JSON for POST requests app.use(cors()); // Enable CORS for all routes -app.post('/blinkapi/register', api_controller.registerPerson); // Register a Person -app.post('/blinkapi/login', api_controller.login); // Login -app.get('/blinkapi/person/:id', api_controller.verifyToken, api_controller.getPerson); // Obtain Person's details -app.put('/blinkapi/person/:id', api_controller.verifyToken, api_controller.updatePerson); // Update Person's details -app.delete('/blinkapi/person/delete', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person -app.post('/blinkapi/organization', api_controller.verifyToken, api_controller.createOrganization); // Create organization -app.get('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.getOrganization); // Get Organization data -app.put('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.updateOrganization); // Update organization -app.delete('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.deleteOrganization); // Delete organization -app.post('/blinkapi/organization/post', api_controller.verifyToken, api_controller.createOrganizationPost); // Create a organization's post -app.delete('/blinkapi/organization/post/:id', api_controller.verifyToken, api_controller.deleteOrganizationPost); // Delete a organization's post -app.post('/blinkapi/organization/admin', api_controller.verifyToken, api_controller.addOrganizationAdmin); // Add Organization Administrator +app.post('/api/register', api_controller.registerPerson); // Register a Person +app.post('/api/login', api_controller.login); // Login +app.get('/api/person/:id', api_controller.verifyToken, api_controller.getPerson); // Obtain Person's details +app.put('/api/person/:id', api_controller.verifyToken, api_controller.updatePerson); // Update Person's details +app.delete('/api/person/delete', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person +app.post('/api/organization/admin', api_controller.verifyToken, api_controller.addOrganizationAdmin); // Add Organization Administrator +app.delete('/api/organization/removeadmin', api_controller.verifyToken, api_controller.removeOrganizationAdmin); // Remove Organization Administrator +app.post('/api/organization', api_controller.verifyToken, api_controller.createOrganization); // Create organization +app.get('/api/organization/:id', api_controller.verifyToken, api_controller.getOrganization); // Get Organization data +app.put('/api/organization/:id', api_controller.verifyToken, api_controller.updateOrganization); // Update organization +app.delete('/api/organization/:id', api_controller.verifyToken, api_controller.deleteOrganization); // Delete organization +app.post('/api/organization/post', api_controller.verifyToken, api_controller.createOrganizationPost); // Create a organization's post +app.delete('/api/organization/post/:id', api_controller.verifyToken, api_controller.deleteOrganizationPost); // Delete a organization's post // Start the server app.listen(process.env.API_SERVER_PORT, () => { diff --git a/backend/apis/nodejs/api_controller.js b/backend/apis/nodejs/api_controller.js index 895084e..3febd0b 100644 --- a/backend/apis/nodejs/api_controller.js +++ b/backend/apis/nodejs/api_controller.js @@ -399,6 +399,49 @@ async function addOrganizationAdmin(req, res){ } } +// DELETE +async function removeOrganizationAdmin(req, res){ + + // Ensure that the required fields are present before proceeding + if (!req.body.organization_id || !req.body.person_id) { + return res.status(400).json({ error : "Invalid request"}); + } + + // I can remove only myself from the list of administrators + if(req.body.person_id != req.jwt.person_id){ + return res.status(403).json({ error : "Forbidden"}); + } + + try{ + knex.transaction(async (trx) => { + await trx('OrganizationAdministrator') + .where('id_person', req.jwt.person_id) + .where('id_organization', req.body.organization_id) + .del(); + + // Delete Organization if there are no admins left + // Note: If the user instead deletes the entire profile, + // the Organization will not be deleted. Fix. + // Note: Check what level of transaction we are using + // to avoid inconsistencies + const count = await trx('OrganizationAdministrator') + .count('id as count') + .where('id', req.body.organization_id); + + if(count[0].count == 1){ + await trx('Organization') + .where('id', req.body.organization_id) + .del(); + } + return res.status(200).json({success : true}); + }); + } + catch (error){ + console.error(error); + return res.status(500).json({ error: "Internal server error"}); + } +} + // ======== END API ENDPOINTS ======== async function checkUserCredentials(email, password){ @@ -474,5 +517,6 @@ module.exports = { deleteOrganization, createOrganizationPost, deleteOrganizationPost, - addOrganizationAdmin + addOrganizationAdmin, + removeOrganizationAdmin }; \ No newline at end of file