introduce admin users with elevated priviledges

packages/backend/scripts/src/modules/rest/attachments/attachment.controller.ts

@@ -27,7 +27,7 @@ export class AttachmentController implements AttachmentREST<string, string, Expr
     async findAttachments(
         @Param('productId') productId: string
     ): Promise<AttachmentRead[]> {
-        await canFindAttachmentOrFail(this.request.user.userId, productId)
+        await canFindAttachmentOrFail(this.request.user, productId)
         return this.service.findAttachments(productId)
     }
 
@@ -51,7 +51,7 @@ export class AttachmentController implements AttachmentREST<string, string, Expr
         @Body('data') data: string,
         @UploadedFile() file: Express.Multer.File
     ): Promise<AttachmentRead> {
-        await canCreateAttachmentOrFail(this.request.user.userId, productId)
+        await canCreateAttachmentOrFail(this.request.user, productId)
         return this.service.addAttachment(productId, JSON.parse(data), file)
     }
 
@@ -63,7 +63,7 @@ export class AttachmentController implements AttachmentREST<string, string, Expr
         @Param('productId') productId: string,
         @Param('attachmentId') attachmentId: string
     ): Promise<AttachmentRead> {
-        await canReadAttachmentOrFail(this.request.user.userId, productId, attachmentId)
+        await canReadAttachmentOrFail(this.request.user, productId, attachmentId)
         return this.service.getAttachment(productId, attachmentId)
     }
 
@@ -101,7 +101,7 @@ export class AttachmentController implements AttachmentREST<string, string, Expr
         @Body('data') data: string,
         @UploadedFile() file: Express.Multer.File
     ): Promise<AttachmentRead> {
-        await canUpdateAttachmentOrFail(this.request.user.userId, productId, attachmentId)
+        await canUpdateAttachmentOrFail(this.request.user, productId, attachmentId)
         return this.service.updateAttachment(productId, attachmentId, JSON.parse(data), file)
     }
 
@@ -113,7 +113,7 @@ export class AttachmentController implements AttachmentREST<string, string, Expr
         @Param('productId') productId: string,
         @Param('attachmentId') attachmentId: string
     ): Promise<AttachmentRead> {
-        await canDeleteAttachmentOrFail(this.request.user.userId, productId, attachmentId)
+        await canDeleteAttachmentOrFail(this.request.user, productId, attachmentId)
         return this.service.deleteAttachment(productId, attachmentId)
     }
 }

packages/backend/scripts/src/modules/rest/comments/comment.controller.ts

@@ -30,7 +30,7 @@ export class CommentController implements CommentREST {
         @Param('productId') productId: string,
         @Param('issueId') issueId: string
     ): Promise<CommentRead[]> {
-        await canFindCommentOrFail(this.request.user && this.request.user.userId, productId, issueId)
+        await canFindCommentOrFail(this.request.user, productId, issueId)
         return this.commentService.findComments(productId, issueId)
     }
 
@@ -44,7 +44,7 @@ export class CommentController implements CommentREST {
         @Param('issueId') issueId: string,
         @Body() data: CommentCreate
     ): Promise<CommentRead> {
-        await canCreateCommentOrFail(this.request.user && this.request.user.userId, productId, issueId)
+        await canCreateCommentOrFail(this.request.user, productId, issueId)
         return this.commentService.addComment(productId, issueId, data)
     }
 
@@ -58,7 +58,7 @@ export class CommentController implements CommentREST {
         @Param('issueId') issueId: string,
         @Param('commentId') commentId: string
     ): Promise<CommentRead> {
-        await canReadCommentOrFail(this.request.user && this.request.user.userId, productId, issueId, commentId)
+        await canReadCommentOrFail(this.request.user, productId, issueId, commentId)
         return this.commentService.getComment(productId, issueId, commentId)
     }
 
@@ -74,7 +74,7 @@ export class CommentController implements CommentREST {
         @Param('commentId') commentId: string,
         @Body() data: CommentUpdate
     ): Promise<CommentRead> {
-        await canUpdateCommentOrFail(this.request.user && this.request.user.userId, productId, issueId, commentId)
+        await canUpdateCommentOrFail(this.request.user, productId, issueId, commentId)
         return this.commentService.updateComment(productId, issueId, commentId, data)
     }
 
@@ -88,7 +88,7 @@ export class CommentController implements CommentREST {
         @Param('issueId') issueId: string,
         @Param('commentId') commentId: string
     ): Promise<CommentRead> {
-        await canDeleteCommentOrFail(this.request.user && this.request.user.userId, productId, issueId, commentId)
+        await canDeleteCommentOrFail(this.request.user, productId, issueId, commentId)
         return this.commentService.deleteComment(productId, issueId, commentId)
     }
 }

packages/backend/scripts/src/modules/rest/files/file.controller.ts

@@ -26,7 +26,7 @@ export class FileController implements FileREST<StreamableFile> {
     async getFile(
         @Param('fileId') fileId: string
     ): Promise<StreamableFile> {
-        await canReadFileOrFail(this.request.user && this.request.user.userId, fileId)
+        await canReadFileOrFail(this.request.user, fileId)
         return await this.fileService.getFile(fileId)
     }
 }

packages/backend/scripts/src/modules/rest/issues/issue.controller.ts

@@ -28,7 +28,7 @@ export class IssueController implements IssueREST {
     async findIssues(
         @Param('productId') productId: string
     ): Promise<IssueRead[]> {
-        await canReadProductOrFail(this.request.user && this.request.user.userId, productId)
+        await canReadProductOrFail(this.request.user, productId)
         return this.issueService.findIssues(productId)
     }
 
@@ -40,7 +40,7 @@ export class IssueController implements IssueREST {
         @Param('productId') productId: string,
         @Body() data: IssueCreate
     ): Promise<IssueRead> {
-        await canCreateIssueOrFail(this.request.user && this.request.user.userId, productId)
+        await canCreateIssueOrFail(this.request.user, productId)
         return this.issueService.addIssue(productId, data)
     }  
 
@@ -52,7 +52,7 @@ export class IssueController implements IssueREST {
         @Param('productId') productId: string,
         @Param('issueId') issueId: string
     ): Promise<IssueRead> {
-        await canReadIssueOrFail(this.request.user && this.request.user.userId, productId, issueId)
+        await canReadIssueOrFail(this.request.user, productId, issueId)
         return this.issueService.getIssue(productId, issueId)
     } 
 
@@ -66,7 +66,7 @@ export class IssueController implements IssueREST {
         @Param('issueId') issueId: string,
         @Body() data: IssueUpdate
     ): Promise<IssueRead> {
-        await canUpdateIssueOrFail(this.request.user && this.request.user.userId, productId, issueId)
+        await canUpdateIssueOrFail(this.request.user, productId, issueId)
         return this.issueService.updateIssue(productId, issueId, data)
     }
 
@@ -77,7 +77,7 @@ export class IssueController implements IssueREST {
         @Param('productId') productId: string,
         @Param('issueId') issueId: string
     ): Promise<IssueRead> {
-        await canDeleteIssueOrFail(this.request.user && this.request.user.userId, productId, issueId)
+        await canDeleteIssueOrFail(this.request.user, productId, issueId)
         return this.issueService.deleteIssue(productId, issueId)
     } 
 }

packages/backend/scripts/src/modules/rest/members/member.controller.ts

@@ -25,7 +25,7 @@ export class MemberController implements MemberREST {
     async findMembers(
         @Param('productId') productId: string
     ): Promise<MemberRead[]> {
-        await canFindMemberOrFail(this.request.user && this.request.user.userId, productId)
+        await canFindMemberOrFail(this.request.user, productId)
         return this.memberService.findMembers(productId)
     }
 
@@ -37,7 +37,7 @@ export class MemberController implements MemberREST {
         @Param('productId') productId: string,
         @Body() data: MemberCreate
     ): Promise<MemberRead> {
-        await canCreateMemberOrFail(this.request.user && this.request.user.userId, productId)
+        await canCreateMemberOrFail(this.request.user, productId)
         return this.memberService.addMember(productId, data)
     }
 
@@ -49,7 +49,7 @@ export class MemberController implements MemberREST {
         @Param('productId') productId: string,
         @Param('memberId') memberId: string
     ): Promise<MemberRead> {
-        await canReadMemberOrFail(this.request.user && this.request.user.userId, productId, memberId)
+        await canReadMemberOrFail(this.request.user, productId, memberId)
         return this.memberService.getMember(productId, memberId)
     }
 
@@ -63,7 +63,7 @@ export class MemberController implements MemberREST {
         @Param('memberId') memberId: string,
         @Body() data: MemberUpdate
     ): Promise<MemberRead> {
-        await canUpdateMemberOrFail(this.request.user && this.request.user.userId, productId, memberId)
+        await canUpdateMemberOrFail(this.request.user, productId, memberId)
         return this.memberService.updateMember(productId, memberId, data)
     }
 
@@ -75,7 +75,7 @@ export class MemberController implements MemberREST {
         @Param('productId') productId: string,
         @Param('memberId') memberId: string
     ): Promise<MemberRead> {
-        await canDeleteMemberOrFail(this.request.user && this.request.user.userId, productId, memberId)
+        await canDeleteMemberOrFail(this.request.user, productId, memberId)
         return this.memberService.deleteMember(productId, memberId)
     }
 }

packages/backend/scripts/src/modules/rest/milestones/milestone.controller.ts

@@ -25,7 +25,7 @@ export class MilestoneController implements MilestoneREST {
     async findMilestones(
         @Param('productId') productId: string
     ): Promise<MilestoneRead[]> {
-        await canFindMilestoneOrFail(this.request.user && this.request.user.userId, productId)
+        await canFindMilestoneOrFail(this.request.user, productId)
         return this.milestoneService.findMilestones(productId)
     }   
 
@@ -37,7 +37,7 @@ export class MilestoneController implements MilestoneREST {
         @Param('productId') productId: string,
         @Body() data: MilestoneCreate
     ): Promise<MilestoneRead> {
-        await canCreateMilestoneOrFail(this.request.user && this.request.user.userId, productId)
+        await canCreateMilestoneOrFail(this.request.user, productId)
         return this.milestoneService.addMilestone(productId, data)
     }
     @Get(':milestoneId')
@@ -48,7 +48,7 @@ export class MilestoneController implements MilestoneREST {
         @Param('productId') productId: string,
         @Param('milestoneId') milestoneId: string
     ): Promise<MilestoneRead> {
-        await canReadMilestoneOrFail(this.request.user && this.request.user.userId, productId, milestoneId)
+        await canReadMilestoneOrFail(this.request.user, productId, milestoneId)
         return this.milestoneService.getMilestone(productId, milestoneId)
     }
     @Put(':milestoneId')
@@ -61,7 +61,7 @@ export class MilestoneController implements MilestoneREST {
         @Param('milestoneId') milestoneId: string,
         @Body() data: MilestoneUpdate
     ): Promise<MilestoneRead> {
-        await canUpdateMilestoneOrFail(this.request.user && this.request.user.userId, productId, milestoneId)
+        await canUpdateMilestoneOrFail(this.request.user, productId, milestoneId)
         return this.milestoneService.updateMilestone(productId, milestoneId, data)
     }
     @Delete(':milestoneId')
@@ -72,7 +72,7 @@ export class MilestoneController implements MilestoneREST {
         @Param('productId') productId: string,
         @Param('milestoneId') milestoneId: string
     ): Promise<MilestoneRead> {
-        await canDeleteMilestoneOrFail(this.request.user && this.request.user.userId, productId, milestoneId)
+        await canDeleteMilestoneOrFail(this.request.user, productId, milestoneId)
         return this.milestoneService.deleteMilestone(productId, milestoneId)
     }
 }

packages/backend/scripts/src/modules/rest/products/product.controller.ts

@@ -34,7 +34,7 @@ export class ProductController implements ProductREST {
     async addProduct(
         @Body() data: ProductCreate
     ): Promise<ProductRead> {
-        await canCreateProductOrFail(this.request.user && this.request.user.userId)
+        await canCreateProductOrFail(this.request.user)
         return this.productService.addProduct(data)
     }
 
@@ -44,7 +44,7 @@ export class ProductController implements ProductREST {
     async getProduct(
         @Param('productId') productId: string
     ): Promise<ProductRead> {
-        await canReadProductOrFail(this.request.user && this.request.user.userId, productId)
+        await canReadProductOrFail(this.request.user, productId)
         return this.productService.getProduct(productId)
     }
 
@@ -56,7 +56,7 @@ export class ProductController implements ProductREST {
         @Param('productId') productId: string,
         @Body() data: ProductUpdate
     ): Promise<ProductRead> {
-        await canUpdateProductOrFail(this.request.user && this.request.user.userId, productId)
+        await canUpdateProductOrFail(this.request.user, productId)
         return this.productService.updateProduct(productId, data)
     }
 
@@ -66,7 +66,7 @@ export class ProductController implements ProductREST {
     async deleteProduct(
         @Param('productId') productId: string
     ): Promise<ProductRead> {
-        await canDeleteProductOrFail(this.request.user && this.request.user.userId, productId)
+        await canDeleteProductOrFail(this.request.user, productId)
         return this.productService.deleteProduct(productId)
     }
 }

packages/backend/scripts/src/modules/rest/products/product.service.ts

@@ -24,12 +24,20 @@ export class ProductService implements ProductREST {
             if (_public == 'true') {
                 where = { public: true, deleted: IsNull() }
             } else if (_public == 'false') {
-                where = { public: false, members: [ { userId, deleted: IsNull() } ], deleted: IsNull() }
+                if (this.request.user.admin) {
+                    where = { public: false, deleted: IsNull() }
+                } else {
+                    where = { public: false, members: [ { userId, deleted: IsNull() } ], deleted: IsNull() }
+                }
             } else {
-                where = [
-                    { public: true, deleted: IsNull() },
-                    { public: false, members: [ { userId, deleted: IsNull() } ], deleted: IsNull() }
-                ]   
+                if (this.request.user.admin) {
+                    where = { deleted: IsNull() }
+                } else {
+                    where = [
+                        { public: true, deleted: IsNull() },
+                        { public: false, members: [ { userId, deleted: IsNull() } ], deleted: IsNull() }
+                    ]
+                }
             }
         } else {
             if (_public == 'true') {

packages/backend/scripts/src/modules/rest/tokens/token.service.ts

@@ -73,7 +73,8 @@ export class TokenService implements TokenREST {
             const updated = token.updated
             const email = token.email
             const emailNotification = true
-            const user = await Database.get().userRepository.save({ userId, created, updated, email, emailNotification })
+            const admin = false
+            const user = await Database.get().userRepository.save({ userId, created, updated, email, emailNotification, admin })
             // Emit changes
             emitUserMessage(userId, { type: 'state', users: [user] })
             // Return JWT

packages/backend/scripts/src/modules/rest/users/user.controller.ts

@@ -31,7 +31,7 @@ export class UserController implements UserREST<string, Express.Multer.File> {
         @Query('productId') productId?: string,
         @Query('query') query?: string
     ): Promise<UserRead[]> {
-        await canFindUserOrFail(this.request.user && this.request.user.userId, productId, query)
+        await canFindUserOrFail(this.request.user, productId, query)
         return this.userService.findUsers(productId, query)
     }
 
@@ -41,7 +41,7 @@ export class UserController implements UserREST<string, Express.Multer.File> {
     async getUser(
         @Param('userId') userId: string
     ): Promise<UserRead> {
-        await canReadUserOrFail(this.request.user && this.request.user.userId, userId)
+        await canReadUserOrFail(this.request.user, userId)
         return this.userService.getUser(userId)
     }
 
@@ -65,7 +65,7 @@ export class UserController implements UserREST<string, Express.Multer.File> {
         @Body('data') data: string,
         @UploadedFile() file?: Express.Multer.File
     ): Promise<UserRead> {
-        await canUpdateUserOrFail(this.request.user && this.request.user.userId, userId)
+        await canUpdateUserOrFail(this.request.user, userId)
         return this.userService.updateUser(userId, JSON.parse(data), file)
     }
 
@@ -75,7 +75,7 @@ export class UserController implements UserREST<string, Express.Multer.File> {
     async deleteUser(
         @Param('userId') userId: string
     ): Promise<UserRead> {
-        await canDeleteUserOrFail(this.request.user && this.request.user.userId, userId)
+        await canDeleteUserOrFail(this.request.user, userId)
         return this.userService.deleteUser(userId)
     }
 }

packages/backend/scripts/src/modules/rest/versions/version.controller.ts

@@ -29,7 +29,7 @@ export class VersionController implements VersionREST<string, string, Express.Mu
     async findVersions(
         @Param('productId') productId: string
     ): Promise<VersionRead[]> {
-        await canFindVersionOrFail(this.request.user && this.request.user.userId, productId)
+        await canFindVersionOrFail(this.request.user, productId)
         return this.versionService.findVersions(productId)
     }
 
@@ -61,7 +61,7 @@ export class VersionController implements VersionREST<string, string, Express.Mu
         @UploadedFiles() files: { model: Express.Multer.File[], image: Express.Multer.File[] }
     ): Promise<VersionRead> {
         const dataParsed = <VersionCreate> JSON.parse(data)
-        await canCreateVersionOrFail(this.request.user && this.request.user.userId, productId)
+        await canCreateVersionOrFail(this.request.user, productId)
         return this.versionService.addVersion(productId, dataParsed, files)
     }
 
@@ -73,7 +73,7 @@ export class VersionController implements VersionREST<string, string, Express.Mu
         @Param('productId') productId: string,
         @Param('versionId') versionId: string
     ): Promise<VersionRead> {
-        await canReadVersionOrFail(this.request.user && this.request.user.userId, productId, versionId)
+        await canReadVersionOrFail(this.request.user, productId, versionId)
         return this.versionService.getVersion(productId, versionId)
     }
 
@@ -106,7 +106,7 @@ export class VersionController implements VersionREST<string, string, Express.Mu
         @Body('data') data: string,
         @UploadedFiles() files?: { model: Express.Multer.File[], image: Express.Multer.File[] }
     ): Promise<VersionRead> {
-        await canUpdateVersionOrFail(this.request.user && this.request.user.userId, productId, versionId)
+        await canUpdateVersionOrFail(this.request.user, productId, versionId)
         return this.versionService.updateVersion(productId, versionId, JSON.parse(data), files)
     }
 
@@ -118,7 +118,7 @@ export class VersionController implements VersionREST<string, string, Express.Mu
         @Param('productId') productId: string,
         @Param('versionId') versionId: string
     ): Promise<VersionRead> {
-        await canDeleteVersionOrFail(this.request.user && this.request.user.userId, productId, versionId)
+        await canDeleteVersionOrFail(this.request.user, productId, versionId)
         return this.versionService.deleteVersion(productId, versionId)
     }
 }