adriano.andrade
/
projeto-hit
mirror of https://github.com/AdrianoRobson/projeto-hit.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Definição do usuário master que tem acesso a create e insert alem de todas as ações do admin. Aqui o usuário admin não pode mais excluir ou incluir um novo usuário ou whatssap!

pull/1/head
adriano 2022-01-13 07:05:08 -03:00
parent 70a6e38c18
commit 6c42e8e8c9
4 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/src/controllers/SettingController.ts
View File

@ -7,7 +7,7 @@ import UpdateSettingService from "../services/SettingServices/UpdateSettingServi
import ListSettingsService from "../services/SettingServices/ListSettingsService";
export const index = async (req: Request, res: Response): Promise<Response> => {
if (req.user.profile !== "admin") {
if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403);
}
@ -20,7 +20,7 @@ export const update = async (
req: Request,
res: Response
): Promise<Response> => {
if (req.user.profile !== "admin") {
if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403);
}
const { settingKey: key } = req.params;

12
backend/src/controllers/UserController.ts
View File

@ -23,18 +23,18 @@ export const index = async (req: Request, res: Response): Promise<Response> => {
pageNumber
});
return res.json({ users, count, hasMore });
};
export const store = async (req: Request, res: Response): Promise<Response> => {
const { email, password, name, profile, queueIds } = req.body;
if (
req.url === "/signup" &&
(await CheckSettingsHelper("userCreation")) === "disabled"
) {
if (req.url === "/signup" && (await CheckSettingsHelper("userCreation")) === "disabled") {
throw new AppError("ERR_USER_CREATION_DISABLED", 403);
} else if (req.url !== "/signup" && req.user.profile !== "admin") {
} else if (req.url !== "/signup" && req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403);
}
@ -91,7 +91,7 @@ export const remove = async (
): Promise<Response> => {
const { userId } = req.params;
if (req.user.profile !== "admin") {
if (req.user.profile !== "master") {
throw new AppError("ERR_NO_PERMISSION", 403);
}

2
backend/src/services/UserServices/CreateUserService.ts
View File

@ -24,7 +24,7 @@ const CreateUserService = async ({
password,
name,
queueIds = [],
profile = "admin"
profile = "master"
}: Request): Promise<Response> => {
const schema = Yup.object().shape({
name: Yup.string().required().min(2),

19
frontend/src/rules.js
View File

@ -19,6 +19,25 @@ const rules = {
"settings-view:show",
],
},
master: {
static: [
"drawer-admin-items:view",
"tickets-manager:showall",
"user-modal:editProfile",
"user-modal:editQueues",
"ticket-options:deleteTicket",
"contacts-page:deleteContact",
"connections-view:show",
"dashboard-view:show",
"queues-view:show",
"user-view:show",
"settings-view:show",
//"remove-user-test"
],
},
};
export default rules;