Fixed delete user account api
parent
1f84f77089
commit
7e6d6e9b8c
|
@ -133,6 +133,24 @@ $(document).ready(function (){
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
$('.userDelete').on('click', function(){
|
||||||
|
if(confirm('Are you sure you want to delete?')){
|
||||||
|
$.ajax({
|
||||||
|
method: 'POST',
|
||||||
|
url: '/admin/user/delete',
|
||||||
|
data: {
|
||||||
|
userId: $(this).attr('data-id')
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.done(function(msg){
|
||||||
|
showNotification(msg.message, 'success', true);
|
||||||
|
})
|
||||||
|
.fail(function(msg){
|
||||||
|
showNotification(msg.responseJSON.message, 'danger');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
$('#userEditForm').validator().on('submit', function(e){
|
$('#userEditForm').validator().on('submit', function(e){
|
||||||
if(!e.isDefaultPrevented()){
|
if(!e.isDefaultPrevented()){
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
|
|
|
@ -86,81 +86,43 @@ router.get('/admin/user/new', restrict, (req, res) => {
|
||||||
});
|
});
|
||||||
|
|
||||||
// delete user
|
// delete user
|
||||||
router.get('/admin/user/delete/:id', restrict, async (req, res) => {
|
router.post('/admin/user/delete', restrict, async (req, res) => {
|
||||||
const db = req.app.db;
|
const db = req.app.db;
|
||||||
|
|
||||||
// userId
|
// userId
|
||||||
if(req.session.isAdmin !== true){
|
if(req.session.isAdmin !== true){
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(400).json({ message: 'Access denied' });
|
res.status(400).json({ message: 'Access denied' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
req.session.message = 'Access denied.';
|
|
||||||
req.session.messageType = 'danger';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cannot delete your own account
|
// Cannot delete your own account
|
||||||
if(req.session.userId === req.params.id){
|
if(req.session.userId === req.body.userId){
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(400).json({ message: 'Unable to delete own user account' });
|
res.status(400).json({ message: 'Unable to delete own user account' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
req.session.message = 'Unable to delete own user account.';
|
const user = await db.users.findOne({ _id: common.getId(req.body.userId) });
|
||||||
req.session.messageType = 'danger';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
const user = await db.users.findOne({ _id: common.getId(req.params.id) });
|
|
||||||
|
|
||||||
// If user is not found
|
// If user is not found
|
||||||
if(!user){
|
if(!user){
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(400).json({ message: 'User not found.' });
|
res.status(400).json({ message: 'User not found.' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
req.session.message = 'User not found.';
|
|
||||||
req.session.messageType = 'danger';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cannot delete the original user/owner
|
// Cannot delete the original user/owner
|
||||||
if(user.isOwner){
|
if(user.isOwner){
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(400).json({ message: 'Access denied.' });
|
res.status(400).json({ message: 'Access denied.' });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
req.session.message = 'Access denied.';
|
|
||||||
req.session.messageType = 'danger';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
try{
|
try{
|
||||||
await db.users.deleteOne({ _id: common.getId(req.params.id) }, {});
|
await db.users.deleteOne({ _id: common.getId(req.body.userId) }, {});
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(200).json({ message: 'User deleted.' });
|
res.status(200).json({ message: 'User deleted.' });
|
||||||
return;
|
return;
|
||||||
}
|
|
||||||
req.session.message = 'User deleted.';
|
|
||||||
req.session.messageType = 'success';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
}catch(ex){
|
}catch(ex){
|
||||||
console.log('Failed to delete user', ex);
|
console.log('Failed to delete user', ex);
|
||||||
if(req.apiAuthenticated){
|
|
||||||
res.status(200).json({ message: 'Cannot delete user' });
|
res.status(200).json({ message: 'Cannot delete user' });
|
||||||
return;
|
return;
|
||||||
}
|
|
||||||
req.session.message = 'Cannot delete user';
|
|
||||||
req.session.messageType = 'danger';
|
|
||||||
res.redirect('/admin/users');
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -49,16 +49,22 @@ test('[Fail] Incorrect user password', async t => {
|
||||||
|
|
||||||
test('[Fail] Delete own user account', async t => {
|
test('[Fail] Delete own user account', async t => {
|
||||||
const res = await g.request
|
const res = await g.request
|
||||||
.get(`/admin/user/delete/${g.users[0]._id}`)
|
.post('/admin/user/delete')
|
||||||
.expect(302);
|
.send({
|
||||||
t.deepEqual(res.header['location'], '/admin/users');
|
userId: g.users[0]._id
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
t.deepEqual(res.body.message, 'Unable to delete own user account');
|
||||||
});
|
});
|
||||||
|
|
||||||
test('[Fail] Delete invalid user ID', async t => {
|
test('[Fail] Delete invalid user ID', async t => {
|
||||||
const res = await g.request
|
const res = await g.request
|
||||||
.get('/admin/user/delete/invalid_user_id')
|
.post('/admin/user/delete')
|
||||||
.expect(302);
|
.send({
|
||||||
t.deepEqual(res.header['location'], '/admin/users');
|
userId: 'invalid_user_id'
|
||||||
|
})
|
||||||
|
.expect(400);
|
||||||
|
t.deepEqual(res.body.message, 'User not found.');
|
||||||
});
|
});
|
||||||
|
|
||||||
test('[Success] Create new user', async t => {
|
test('[Success] Create new user', async t => {
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
{{/isAnAdmin}}
|
{{/isAnAdmin}}
|
||||||
{{#isAnAdmin ../session.isAdmin}}
|
{{#isAnAdmin ../session.isAdmin}}
|
||||||
<a href="/admin/user/edit/{{../this._id}}"><span class="glyphicon glyphicon-pencil" aria-hidden="true"></a>
|
<a href="/admin/user/edit/{{../this._id}}"><span class="glyphicon glyphicon-pencil" aria-hidden="true"></a>
|
||||||
<a href="/admin/user/delete/{{../this._id}}" onclick="return confirm('Are you sure you want to delete?')"><span class="glyphicon glyphicon-trash" aria-hidden="true"></a>
|
<a href="#" class="userDelete" data-id="{{../this._id}}"><span class="glyphicon glyphicon-trash" aria-hidden="true"></a>
|
||||||
{{/isAnAdmin}}
|
{{/isAnAdmin}}
|
||||||
</span>
|
</span>
|
||||||
</li>
|
</li>
|
||||||
|
|
Loading…
Reference in New Issue