feat: user edit functionality (managing permissions)

sct · Nov 17, 2020 · 185ac26 · 185ac26
1 parent ff8b9d8
commit 185ac26
Show file tree

Hide file tree

Showing 17 changed files with 415 additions and 120 deletions.
diff --git a/overseerr-api.yml b/overseerr-api.yml
@@ -35,6 +35,7 @@ components:
           readOnly: true
         requests:
           type: array
+          readOnly: true
           items:
             $ref: '#/components/schemas/MediaRequest'
       required:

diff --git a/server/routes/user.ts b/server/routes/user.ts
@@ -1,6 +1,7 @@
 import { Router } from 'express';
 import { getRepository } from 'typeorm';
 import { User } from '../entity/User';
+import { hasPermission, Permission } from '../lib/permissions';
 
 const router = Router();
 
@@ -50,6 +51,36 @@ router.put<{ id: string }>('/:id', async (req, res, next) => {
       where: { id: Number(req.params.id) },
     });
 
+    // Only let the owner user modify themselves
+    if (user.id === 1 && req.user?.id !== 1) {
+      return next({
+        status: 403,
+        message: 'You do not have permission to modify this user',
+      });
+    }
+
+    // Only let the owner grant admin privileges
+    if (
+      hasPermission(Permission.ADMIN, req.body.permissions) &&
+      req.user?.id !== 1
+    ) {
+      return next({
+        status: 403,
+        message: 'You do not have permission to grant this level of access',
+      });
+    }
+
+    // Only let users with the manage settings permission, grant the same permission
+    if (
+      hasPermission(Permission.MANAGE_SETTINGS, req.body.permissions) &&
+      !hasPermission(Permission.MANAGE_SETTINGS, req.user?.permissions ?? 0)
+    ) {
+      return next({
+        status: 403,
+        message: 'You do not have permission to grant this level of access',
+      });
+    }
+
     Object.assign(user, req.body);
     await userRepository.save(user);
 

diff --git a/src/components/Layout/SearchInput/index.tsx b/src/components/Layout/SearchInput/index.tsx
@@ -11,7 +11,7 @@ const SearchInput: React.FC = () => {
   const { searchValue, setSearchValue, setIsOpen } = useSearchInput();
   return (
     <div className="flex-1 flex">
-      <form className="w-full flex md:ml-0" action="#" method="GET">
+      <div className="w-full flex md:ml-0">
         <label htmlFor="search_field" className="sr-only">
           Search
         </label>
@@ -36,7 +36,7 @@ const SearchInput: React.FC = () => {
             onBlur={() => setIsOpen(false)}
           />
         </div>
-      </form>
+      </div>
     </div>
   );
 };

diff --git a/src/components/Layout/Sidebar/index.tsx b/src/components/Layout/Sidebar/index.tsx
@@ -6,7 +6,7 @@ import { defineMessages, FormattedMessage } from 'react-intl';
 import { useUser, Permission } from '../../../hooks/useUser';
 
 const messages = defineMessages({
-  dashboard: 'Dashboard',
+  dashboard: 'Discover',
   requests: 'Requests',
   users: 'Users',
   settings: 'Settings',