Fix update user.

2024-06-28 00:37:51 +02:00 · 2023-04-13 12:08:53 -07:00 · 2023-04-13 12:08:53 -07:00 · ef324fdf73
commit ef324fdf73
parent 5fc96cf5e1
5 changed files with 17 additions and 6 deletions
--- a/components/pages/settings/users/UserEditForm.js
+++ b/components/pages/settings/users/UserEditForm.js
@ -16,7 +16,9 @@ import useMessages from 'hooks/useMessages';
 export default function UserEditForm({ userId, data, onSave }) {
  const { formatMessage, labels, messages } = useMessages();
  const { post, useMutation } = useApi();
-  const { mutate, error } = useMutation(({ username }) => post(`/users/${userId}`, { username }));
+  const { mutate, error } = useMutation(({ username, password, role }) =>
+    post(`/users/${userId}`, { username, password, role }),
+  );

  const handleSubmit = async data => {
    mutate(data, {
--- a/lib/types.ts
+++ b/lib/types.ts
@ -43,6 +43,7 @@ export interface User {
  id: string;
  username: string;
  password?: string;
+  role: string;
  createdAt?: Date;
 }

--- a/pages/api/auth/login.ts
+++ b/pages/api/auth/login.ts
@ -45,7 +45,10 @@ export default async (

      const token = createSecureToken({ userId: user.id }, secret());

-      return ok(res, { token, user });
+      return ok(res, {
+        token,
+        user: { id: user.id, username: user.username, createdAt: user.createdAt },
+      });
    }

    return unauthorized(res, 'message.incorrect-username-password');
--- a/pages/api/users/[id]/index.ts
+++ b/pages/api/users/[id]/index.ts
@ -1,4 +1,4 @@
-import { NextApiRequestQueryBody, User } from 'lib/types';
+import { NextApiRequestQueryBody, Roles, User } from 'lib/types';
 import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@ -12,6 +12,7 @@ export interface UserRequestQuery {
 export interface UserRequestBody {
  username: string;
  password: string;
+  role: Roles;
 }

 export default async (
@ -40,17 +41,20 @@ export default async (
      return unauthorized(res);
    }

-    const { username, password } = req.body;
+    const { username, password, role } = req.body;

    const user = await getUser({ id });

    const data: any = {};

-    // Only admin can change these fields
-    if (password && isAdmin) {
+    if (password) {
      data.password = hashPassword(password);
    }

+    if (role && isAdmin) {
+      data.role = role;
+    }
+
    // Only admin can change these fields
    if (username && isAdmin) {
      data.username = username;
--- a/queries/admin/user.ts
+++ b/queries/admin/user.ts
@ -17,6 +17,7 @@ export async function getUser(
      username: true,
      password: includePassword,
      role: true,
+      createdAt: true,
    },
  });
 }