-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#160555688 Super admin can update user roles #54
Conversation
DROP TYPE "enum_Users_role"; | ||
ALTER TYPE "enum_Users_role_new" RENAME TO "enum_Users_role"; | ||
` | ||
), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unexpected newline before ')' function-paren-newline
), | ||
|
||
down: queryInterface => queryInterface.sequelize | ||
.query( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unexpected newline after '(' function-paren-newline
` | ||
ALTER TYPE "enum_Users_role" ADD VALUE IF NOT EXISTS 'superAdmin'; | ||
` | ||
), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unexpected newline before ')' function-paren-newline
*/ | ||
module.exports = { | ||
up: queryInterface => queryInterface.sequelize | ||
.query( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unexpected newline after '(' function-paren-newline
35ba878
to
8c30823
Compare
Pull Request Test Coverage Report for Build 495
💛 - Coveralls |
8c30823
to
7ca39cf
Compare
7ca39cf
to
a8d587e
Compare
server/routes/api/admin.js
Outdated
|
||
// get authenticateUser method | ||
const { authenticateUser, authorizeAdmin } = auth; | ||
const { authenticateUser, authorizeAdmin, authorizeSuperAdmin } = auth; | ||
const adminRoutes = require('express').Router(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work declaring the adminRoutes on one line but you can make it more es6.
import { Router } from 'express'
const adminRoutes = Router();
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I'll fix that ASAP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implement fix on line 46 of adminHandleRoles.js in controller folder.
I also think some of your comments are not really necessary like you have on line 2 of server/migrations/20180916093338-user-add-super-admin-role.js
.
Here is an article on the best practices for commenting your code to guide you: https://improvingsoftware.com/2011/06/27/5-best-practices-for-commenting-your-code/
} | ||
|
||
/** | ||
* assign a user an admin role |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Misleading comment.
From what I see, the method is revoking admin role, not assigning admin role.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the resource. That was an oversight. I'll fix that ASAP.
e78d7f4
to
2659dea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's advised you describe you add a description of a function parameter in jsdoc for better readability of your code.
Example is:
@params {obj} res response object
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's advised you describe you add a description of a function parameter in jsdoc for better readability of your code. You did not do that in lines 99-101 in middleware/auth.js
An example is:
@params {obj} res response object
server/middleware/auth.js
Outdated
const { userRole } = req; | ||
|
||
if (!isSuperAdmin(userRole)) { | ||
const error = new Error('you are not a Super Admin'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only a Super Admin can take this action
A super admin will be able to update user roles on the platform. Thus a new role and authorization is necessary. - add new role to users model - add method to authorize super admin - include relevant tests
Only a super admin has access to this endpoint in the application. The super admin can make users into "admins" and can revoke such access. - include relevant tests - add methods to handle user role update - update swagger doc [delivers 160555688]
2659dea
to
70d275e
Compare
Enable admins to update users' profile as well as assign roles from within the same method. Also added checks to limit assigning admin role to just the super admin. Refactored failing tests: used bulkcreate to create mock users. - update relevant tests
70d275e
to
e09e004
Compare
What does this PR do?
implement the ability for a super admin to assign and revoke admin roles
Description of Task to be completed?
Only a super admin has access to this endpoint in the application. The super admin can make users into "admins" and can revoke such access.
How should this be manually tested?
copy the contents of
.env.sample
to.env
and provide the required values.Run
npm run start:dev
log in with a super-admin account
send a
POST
request to/api/admin/:userId/roles
using the super-admin token in theAuthorization
header to make a user an admin.send a
DELETE
request to/api/admin/:userId/roles
using the super-admin token in theAuthorization
header to revoke the admin accessWhat are the relevant pivotal tracker stories?
#160555688