updated roles, only superAdmin can create an admin

2025-04-23 16:29:33 +05:30
parent 804066c97a
commit 38014f7138
5 changed files with 132 additions and 160 deletions
--- a/src/user/user.service.ts
+++ b/src/user/user.service.ts
@@ -1,37 +1,43 @@
-import mongoose from "mongoose";
-import { generateId, generateToken } from "../utils/id";
-import { CreateUserInput, UpdateUserInput, userModel } from "./user.schema";
-import { sendMail } from "../utils/mail";
-import { AuthenticatedUser } from "../auth";
+import mongoose from 'mongoose';
+import { generateId, generateToken } from '../utils/id';
+import { CreateUserInput, UpdateUserInput, userModel } from './user.schema';
+import { sendMail } from '../utils/mail';
+import { AuthenticatedUser } from '../auth';
+
+export const ErrOpNotValid = new Error('operation is not valid');

 export async function createUser(
  input: CreateUserInput,
  user: AuthenticatedUser
 ) {
+  if (input.role == 'admin' && user.role != 'superAdmin') {
+    throw ErrOpNotValid;
+  }
+
  const token = await generateToken();

  const newUser = await userModel.create({
    tenantId: user.tenantId,
    pid: generateId(),
-    name: input.firstName + " " + input.lastName,
+    name: input.firstName + ' ' + input.lastName,
    createdAt: new Date(),
    createdBy: user.userId,
    token: {
      value: token,
      expiry: new Date(Date.now() + 3600 * 48 * 1000),
    },
-    status: "invited",
+    status: 'invited',
    ...input,
  });

  const sent = await sendMail(
    input.email,
-    "You have been invited to Quicker Permtis.",
+    'You have been invited to Quicker Permtis.',
    `Click <a href="${
      process.env.SERVER_DOMAIN +
-      "/auth/webauthn/register?token=" +
+      '/auth/webauthn/register?token=' +
      token +
-      "&email=" +
+      '&email=' +
      newUser.email
    }">here</a> to register.`
  );
@@ -50,7 +56,7 @@ export async function getUser(userId: string) {
 }

 export async function getUserByToken(token: string) {
-  return await userModel.findOne({ "token.value": token });
+  return await userModel.findOne({ 'token.value': token });
 }

 export async function getUserByEmail(email: string) {
@@ -59,9 +65,9 @@ export async function getUserByEmail(email: string) {

 export async function listUsers(tenantId: string) {
  return await userModel
-    .find({ $and: [{ tenantId: tenantId }, { role: { $ne: "tester" } }] })
+    .find({ $and: [{ tenantId: tenantId }, { dev: false }] })
    .select(
-      "_id pid orgId firstName lastName name email role avatar status createdAt createdBy lastLogin"
+      '_id pid orgId firstName lastName name email role avatar status createdAt createdBy lastLogin'
    );
 }

@@ -71,7 +77,7 @@ export async function updateUser(userId: string, input: UpdateUserInput) {
      new: true,
    })
    .select(
-      "_id pid orgId firstName lastName name email role avatar status createdAt createdBy lastLogin"
+      '_id pid orgId firstName lastName name email role avatar status createdAt createdBy lastLogin'
    );
 }