updated roles, only superAdmin can create an admin

2025-04-23 16:29:33 +05:30
parent 804066c97a
commit 38014f7138
5 changed files with 132 additions and 160 deletions
--- a/src/utils/errors.ts
+++ b/src/utils/errors.ts
@@ -1,5 +1,5 @@
-import { FastifyReply, FastifyRequest } from "fastify";
-import mongoose from "mongoose";
+import { FastifyReply, FastifyRequest } from 'fastify';
+import mongoose from 'mongoose';

 export function errorHandler(
  error: any,
@@ -12,7 +12,7 @@ export function errorHandler(

  if (error.validation) {
    const errMsg = {
-      type: "validation_error",
+      type: 'validation_error',
      path: error.validation[0].instancePath,
      context: error.validationContext,
      msg: error.validation[0].message,
@@ -25,9 +25,9 @@ export function errorHandler(
  if (error instanceof mongoose.mongo.MongoServerError) {
    if (error.code === 11000) {
      return res.code(400).send({
-        type: "duplicate_key",
-        context: "body",
-        msg: "value already exists",
+        type: 'duplicate_key',
+        context: 'body',
+        msg: 'value already exists',
        params: error.keyValue,
      });
    }
--- a/src/utils/roles.ts
+++ b/src/utils/roles.ts
@@ -1,141 +1,103 @@
-import { Claim } from "./claims";
+import { Claim } from './claims';

 export const rules: Record<
  string,
  { claims: Claim[]; hiddenFields: Record<string, Array<string>> }
 > = {
-  tester: {
+  superAdmin: {
    claims: [
-      "user:read",
-      "user:write",
-      "org:read",
-      "org:write",
-      "org:delete",
-      "permit:read",
-      "permit:write",
-      "permit:delete",
-      "file:upload",
-      "file:download",
-      "file:delete",
-      "rts:read",
-      "rts:write",
-      "rts:delete",
-      "task:read",
-      "task:write",
-      "task:delete",
-      "notification:read",
-      "notification:write",
-      "notification:delete",
-      "config:read",
-      "config:write",
-      "mail:all",
-      "view:read",
-      "view:write",
-      "view:delete",
-      "token:read",
-      "token:write",
-      "token:delete",
+      'user:read',
+      'user:write',
+      'user:delete',
+      'org:read',
+      'org:write',
+      'org:delete',
+      'permit:read',
+      'permit:write',
+      'permit:delete',
+      'file:upload',
+      'file:download',
+      'file:delete',
+      'rts:read',
+      'rts:write',
+      'rts:delete',
+      'task:read',
+      'task:write',
+      'task:delete',
+      'notification:read',
+      'notification:write',
+      'notification:delete',
+      'config:read',
+      'config:write',
+      'mail:all',
+      'view:read',
+      'view:write',
+      'view:delete',
    ],
    hiddenFields: {
-      orgs: ["__v"],
-      permits: ["__v"],
-      rts: ["__v"],
-      tasks: ["__v"],
-      users: ["__v"],
+      orgs: ['__v'],
+      permits: ['__v'],
+      rts: ['__v'],
+      tasks: ['__v'],
+      users: ['__v'],
    },
  },
  admin: {
    claims: [
-      "user:read",
-      "user:write",
-      "org:read",
-      "org:write",
-      "org:delete",
-      "permit:read",
-      "permit:write",
-      "permit:delete",
-      "file:upload",
-      "file:download",
-      "file:delete",
-      "rts:read",
-      "rts:write",
-      "rts:delete",
-      "task:read",
-      "task:write",
-      "task:delete",
-      "notification:read",
-      "notification:write",
-      "notification:delete",
-      "config:read",
-      "config:write",
-      "mail:all",
-      "view:read",
-      "view:write",
-      "view:delete",
+      'user:read',
+      'user:write',
+      'org:read',
+      'permit:read',
+      'file:upload',
+      'file:download',
+      'file:delete',
+      'rts:read',
+      'rts:write',
+      'rts:delete',
+      'task:read',
+      'task:write',
+      'task:delete',
+      'notification:read',
+      'notification:delete',
+      'config:read',
+      'config:write',
+      'mail:all',
+      'view:read',
+      'view:write',
+      'view:delete',
    ],
    hiddenFields: {
-      orgs: ["__v"],
-      permits: ["__v"],
-      rts: ["__v"],
-      tasks: ["__v"],
-      users: ["__v"],
+      orgs: ['__v', 'isClient', 'name'],
+      permits: ['__v'],
+      rts: ['__v'],
+      tasks: ['__v'],
+      users: ['__v'],
    },
  },
-  builder: {
+  team: {
    claims: [
-      "permit:read",
-      "file:upload",
-      "file:download",
-      "org:read",
-      "config:read",
+      'org:read',
+      'permit:read',
+      'file:upload',
+      'file:download',
+      'rts:read',
+      'rts:write',
+      'task:read',
+      'task:write',
+      'notification:read',
+      'notification:delete',
+      'config:read',
+      'mail:all',
+      'view:read',
+      'view:write',
+      'view:delete',
    ],
    hiddenFields: {
-      orgs: ["__v", "isClient", "name"],
-      permits: ["__v"],
-      rts: ["__v"],
-      tasks: ["__v"],
-      users: ["__v"],
-    },
-  },
-  staff: {
-    claims: [
-      "org:read",
-      "org:write",
-      "org:delete",
-      "permit:read",
-      "permit:write",
-      "permit:delete",
-      "file:upload",
-      "file:download",
-      "file:delete",
-    ],
-    hiddenFields: {
-      orgs: [],
-      permits: [],
-      rts: [],
-      tasks: [],
-      users: [],
-    },
-  },
-  supervisor: {
-    claims: [
-      "user:read",
-      "org:read",
-      "org:write",
-      "org:delete",
-      "permit:read",
-      "permit:write",
-      "permit:delete",
-      "file:upload",
-      "file:download",
-      "file:delete",
-    ],
-    hiddenFields: {
-      orgs: [],
-      permits: [],
-      rts: [],
-      tasks: [],
-      users: [],
+      orgs: ['__v', 'isClient', 'name'],
+      permits: ['__v'],
+      rts: ['__v'],
+      tasks: ['__v'],
+      users: ['__v'],
    },
  },
 };