2017-11-16 06:56:40 +00:00
|
|
|
// @flow
|
2020-06-20 20:59:15 +00:00
|
|
|
import Router from "koa-router";
|
|
|
|
|
import userInviter from "../commands/userInviter";
|
2020-11-22 19:21:47 +00:00
|
|
|
import userSuspender from "../commands/userSuspender";
|
2020-08-09 05:53:59 +00:00
|
|
|
import auth from "../middlewares/authentication";
|
|
|
|
|
import { Event, User, Team } from "../models";
|
2020-06-20 20:59:15 +00:00
|
|
|
import policy from "../policies";
|
2020-08-09 05:53:59 +00:00
|
|
|
import { presentUser } from "../presenters";
|
|
|
|
|
import { Op } from "../sequelize";
|
|
|
|
|
import pagination from "./middlewares/pagination";
|
2016-04-29 05:25:37 +00:00
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
const { authorize } = policy;
|
2016-04-29 05:25:37 +00:00
|
|
|
const router = new Router();
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.list", auth(), pagination(), async (ctx) => {
|
2020-06-20 20:59:15 +00:00
|
|
|
const { sort = "createdAt", query, includeSuspended = false } = ctx.body;
|
2020-06-17 03:56:17 +00:00
|
|
|
let direction = ctx.body.direction;
|
2020-06-20 20:59:15 +00:00
|
|
|
if (direction !== "ASC") direction = "DESC";
|
2018-12-05 06:24:30 +00:00
|
|
|
const user = ctx.state.user;
|
|
|
|
|
|
2019-10-06 01:42:03 +00:00
|
|
|
let where = {
|
|
|
|
|
teamId: user.teamId,
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-11 15:48:47 +00:00
|
|
|
if (!includeSuspended) {
|
|
|
|
|
where = {
|
|
|
|
|
...where,
|
|
|
|
|
suspendedAt: {
|
|
|
|
|
[Op.eq]: null,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-06 01:42:03 +00:00
|
|
|
if (query) {
|
|
|
|
|
where = {
|
|
|
|
|
...where,
|
|
|
|
|
name: {
|
|
|
|
|
[Op.iLike]: `%${query}%`,
|
|
|
|
|
},
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
const users = await User.findAll({
|
2019-10-06 01:42:03 +00:00
|
|
|
where,
|
2020-06-17 03:56:17 +00:00
|
|
|
order: [[sort, direction]],
|
2018-12-05 06:24:30 +00:00
|
|
|
offset: ctx.state.pagination.offset,
|
|
|
|
|
limit: ctx.state.pagination.limit,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
pagination: ctx.state.pagination,
|
2020-08-09 01:53:11 +00:00
|
|
|
data: users.map((listUser) =>
|
2019-04-18 02:11:23 +00:00
|
|
|
presentUser(listUser, { includeDetails: user.isAdmin })
|
2018-12-05 06:24:30 +00:00
|
|
|
),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.info", auth(), async (ctx) => {
|
2019-04-19 01:51:16 +00:00
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(ctx.state.user),
|
|
|
|
|
};
|
2016-05-20 06:51:22 +00:00
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.update", auth(), async (ctx) => {
|
2017-12-03 08:00:23 +00:00
|
|
|
const { user } = ctx.state;
|
2020-11-30 04:04:58 +00:00
|
|
|
const { name, avatarUrl, language } = ctx.body;
|
2017-12-03 08:00:23 +00:00
|
|
|
|
|
|
|
|
if (name) user.name = name;
|
2020-02-13 03:40:44 +00:00
|
|
|
if (avatarUrl) user.avatarUrl = avatarUrl;
|
2020-11-30 04:04:58 +00:00
|
|
|
if (language) user.language = language;
|
2018-05-31 19:44:32 +00:00
|
|
|
|
2017-12-03 08:00:23 +00:00
|
|
|
await user.save();
|
|
|
|
|
|
2020-11-15 04:44:18 +00:00
|
|
|
await Event.create({
|
|
|
|
|
name: "users.update",
|
|
|
|
|
actorId: user.id,
|
|
|
|
|
userId: user.id,
|
|
|
|
|
teamId: user.teamId,
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2019-04-19 01:51:16 +00:00
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(user, { includeDetails: true }),
|
|
|
|
|
};
|
2017-12-03 08:00:23 +00:00
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
// Admin specific
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.promote", auth(), async (ctx) => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(userId, "id is required");
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(ctx.state.user, "promote", user);
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const team = await Team.findByPk(teamId);
|
2018-03-04 23:38:51 +00:00
|
|
|
await team.addAdmin(user);
|
|
|
|
|
|
2019-08-06 03:38:31 +00:00
|
|
|
await Event.create({
|
2020-06-20 20:59:15 +00:00
|
|
|
name: "users.promote",
|
2019-08-06 03:38:31 +00:00
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
|
userId,
|
|
|
|
|
teamId,
|
|
|
|
|
data: { name: user.name },
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: presentUser(user, { includeDetails: true }),
|
2018-03-04 23:38:51 +00:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.demote", auth(), async (ctx) => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(userId, "id is required");
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(ctx.state.user, "demote", user);
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const team = await Team.findByPk(teamId);
|
2020-03-15 03:48:32 +00:00
|
|
|
await team.removeAdmin(user);
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-08-06 03:38:31 +00:00
|
|
|
await Event.create({
|
2020-06-20 20:59:15 +00:00
|
|
|
name: "users.demote",
|
2019-08-06 03:38:31 +00:00
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
|
userId,
|
|
|
|
|
teamId,
|
|
|
|
|
data: { name: user.name },
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: presentUser(user, { includeDetails: true }),
|
2018-03-04 23:38:51 +00:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.suspend", auth(), async (ctx) => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const userId = ctx.body.id;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(userId, "id is required");
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(ctx.state.user, "suspend", user);
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2020-11-22 19:21:47 +00:00
|
|
|
await userSuspender({
|
|
|
|
|
user,
|
2019-08-06 03:38:31 +00:00
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: presentUser(user, { includeDetails: true }),
|
2018-03-04 23:38:51 +00:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.activate", auth(), async (ctx) => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const admin = ctx.state.user;
|
|
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(userId, "id is required");
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const user = await User.findByPk(userId);
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(ctx.state.user, "activate", user);
|
2018-03-04 23:38:51 +00:00
|
|
|
|
2019-06-23 22:49:45 +00:00
|
|
|
const team = await Team.findByPk(teamId);
|
2018-03-04 23:38:51 +00:00
|
|
|
await team.activateUser(user, admin);
|
|
|
|
|
|
2019-08-06 03:38:31 +00:00
|
|
|
await Event.create({
|
2020-06-20 20:59:15 +00:00
|
|
|
name: "users.activate",
|
2019-08-06 03:38:31 +00:00
|
|
|
actorId: ctx.state.user.id,
|
|
|
|
|
userId,
|
|
|
|
|
teamId,
|
|
|
|
|
data: { name: user.name },
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
ctx.body = {
|
2019-04-18 02:11:23 +00:00
|
|
|
data: presentUser(user, { includeDetails: true }),
|
2018-03-04 23:38:51 +00:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.invite", auth(), async (ctx) => {
|
2019-06-25 05:14:59 +00:00
|
|
|
const { invites } = ctx.body;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(invites, "invites is required");
|
2019-06-25 05:14:59 +00:00
|
|
|
|
|
|
|
|
const user = ctx.state.user;
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(user, "invite", User);
|
2019-06-25 05:14:59 +00:00
|
|
|
|
2019-12-22 22:54:12 +00:00
|
|
|
const response = await userInviter({ user, invites, ip: ctx.request.ip });
|
2019-06-25 05:14:59 +00:00
|
|
|
|
|
|
|
|
ctx.body = {
|
2019-12-22 22:54:12 +00:00
|
|
|
data: {
|
|
|
|
|
sent: response.sent,
|
2020-08-09 01:53:11 +00:00
|
|
|
users: response.users.map((user) => presentUser(user)),
|
2019-12-22 22:54:12 +00:00
|
|
|
},
|
2019-06-25 05:14:59 +00:00
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2020-08-09 01:53:11 +00:00
|
|
|
router.post("users.delete", auth(), async (ctx) => {
|
2019-12-16 02:46:08 +00:00
|
|
|
const { confirmation, id } = ctx.body;
|
2020-06-20 20:59:15 +00:00
|
|
|
ctx.assertPresent(confirmation, "confirmation is required");
|
2018-07-07 22:38:22 +00:00
|
|
|
|
2019-12-16 02:46:08 +00:00
|
|
|
let user = ctx.state.user;
|
|
|
|
|
if (id) user = await User.findByPk(id);
|
2020-06-20 20:59:15 +00:00
|
|
|
authorize(ctx.state.user, "delete", user);
|
2018-07-07 22:38:22 +00:00
|
|
|
|
2020-03-15 03:48:32 +00:00
|
|
|
await user.destroy();
|
2019-08-06 03:38:31 +00:00
|
|
|
await Event.create({
|
2020-06-20 20:59:15 +00:00
|
|
|
name: "users.delete",
|
2019-08-06 03:38:31 +00:00
|
|
|
actorId: user.id,
|
|
|
|
|
userId: user.id,
|
|
|
|
|
teamId: user.teamId,
|
|
|
|
|
data: { name: user.name },
|
|
|
|
|
ip: ctx.request.ip,
|
|
|
|
|
});
|
|
|
|
|
|
2018-07-07 22:38:22 +00:00
|
|
|
ctx.body = {
|
|
|
|
|
success: true,
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2016-07-22 07:11:54 +00:00
|
|
|
export default router;
|
