Definição do usuário master que tem acesso a create e insert alem de todas as ações do admin. Aqui o usuário admin não pode mais excluir ou incluir um novo usuário ou whatssap!

pull/1/head
adriano 2022-01-13 07:05:08 -03:00
parent 70a6e38c18
commit 6c42e8e8c9
4 changed files with 28 additions and 9 deletions

View File

@ -7,7 +7,7 @@ import UpdateSettingService from "../services/SettingServices/UpdateSettingServi
import ListSettingsService from "../services/SettingServices/ListSettingsService"; import ListSettingsService from "../services/SettingServices/ListSettingsService";
export const index = async (req: Request, res: Response): Promise<Response> => { export const index = async (req: Request, res: Response): Promise<Response> => {
if (req.user.profile !== "admin") { if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403); throw new AppError("ERR_NO_PERMISSION", 403);
} }
@ -20,7 +20,7 @@ export const update = async (
req: Request, req: Request,
res: Response res: Response
): Promise<Response> => { ): Promise<Response> => {
if (req.user.profile !== "admin") { if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403); throw new AppError("ERR_NO_PERMISSION", 403);
} }
const { settingKey: key } = req.params; const { settingKey: key } = req.params;

View File

@ -23,18 +23,18 @@ export const index = async (req: Request, res: Response): Promise<Response> => {
pageNumber pageNumber
}); });
return res.json({ users, count, hasMore }); return res.json({ users, count, hasMore });
}; };
export const store = async (req: Request, res: Response): Promise<Response> => { export const store = async (req: Request, res: Response): Promise<Response> => {
const { email, password, name, profile, queueIds } = req.body; const { email, password, name, profile, queueIds } = req.body;
if ( if (req.url === "/signup" && (await CheckSettingsHelper("userCreation")) === "disabled") {
req.url === "/signup" &&
(await CheckSettingsHelper("userCreation")) === "disabled"
) {
throw new AppError("ERR_USER_CREATION_DISABLED", 403); throw new AppError("ERR_USER_CREATION_DISABLED", 403);
} else if (req.url !== "/signup" && req.user.profile !== "admin") { } else if (req.url !== "/signup" && req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403); throw new AppError("ERR_NO_PERMISSION", 403);
} }
@ -91,7 +91,7 @@ export const remove = async (
): Promise<Response> => { ): Promise<Response> => {
const { userId } = req.params; const { userId } = req.params;
if (req.user.profile !== "admin") { if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403); throw new AppError("ERR_NO_PERMISSION", 403);
} }

View File

@ -24,7 +24,7 @@ const CreateUserService = async ({
password, password,
name, name,
queueIds = [], queueIds = [],
profile = "admin" profile = "master"
}: Request): Promise<Response> => { }: Request): Promise<Response> => {
const schema = Yup.object().shape({ const schema = Yup.object().shape({
name: Yup.string().required().min(2), name: Yup.string().required().min(2),

View File

@ -19,6 +19,25 @@ const rules = {
"settings-view:show", "settings-view:show",
], ],
}, },
master: {
static: [
"drawer-admin-items:view",
"tickets-manager:showall",
"user-modal:editProfile",
"user-modal:editQueues",
"ticket-options:deleteTicket",
"contacts-page:deleteContact",
"connections-view:show",
"dashboard-view:show",
"queues-view:show",
"user-view:show",
"settings-view:show",
//"remove-user-test"
],
},
}; };
export default rules; export default rules;