Fix update user.

This commit is contained in:
Brian Cao 2023-04-13 12:08:53 -07:00
parent 5fc96cf5e1
commit ef324fdf73
5 changed files with 17 additions and 6 deletions

View File

@ -16,7 +16,9 @@ import useMessages from 'hooks/useMessages';
export default function UserEditForm({ userId, data, onSave }) { export default function UserEditForm({ userId, data, onSave }) {
const { formatMessage, labels, messages } = useMessages(); const { formatMessage, labels, messages } = useMessages();
const { post, useMutation } = useApi(); const { post, useMutation } = useApi();
const { mutate, error } = useMutation(({ username }) => post(`/users/${userId}`, { username })); const { mutate, error } = useMutation(({ username, password, role }) =>
post(`/users/${userId}`, { username, password, role }),
);
const handleSubmit = async data => { const handleSubmit = async data => {
mutate(data, { mutate(data, {

View File

@ -43,6 +43,7 @@ export interface User {
id: string; id: string;
username: string; username: string;
password?: string; password?: string;
role: string;
createdAt?: Date; createdAt?: Date;
} }

View File

@ -45,7 +45,10 @@ export default async (
const token = createSecureToken({ userId: user.id }, secret()); const token = createSecureToken({ userId: user.id }, secret());
return ok(res, { token, user }); return ok(res, {
token,
user: { id: user.id, username: user.username, createdAt: user.createdAt },
});
} }
return unauthorized(res, 'message.incorrect-username-password'); return unauthorized(res, 'message.incorrect-username-password');

View File

@ -1,4 +1,4 @@
import { NextApiRequestQueryBody, User } from 'lib/types'; import { NextApiRequestQueryBody, Roles, User } from 'lib/types';
import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth'; import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth';
import { useAuth } from 'lib/middleware'; import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next'; import { NextApiResponse } from 'next';
@ -12,6 +12,7 @@ export interface UserRequestQuery {
export interface UserRequestBody { export interface UserRequestBody {
username: string; username: string;
password: string; password: string;
role: Roles;
} }
export default async ( export default async (
@ -40,17 +41,20 @@ export default async (
return unauthorized(res); return unauthorized(res);
} }
const { username, password } = req.body; const { username, password, role } = req.body;
const user = await getUser({ id }); const user = await getUser({ id });
const data: any = {}; const data: any = {};
// Only admin can change these fields if (password) {
if (password && isAdmin) {
data.password = hashPassword(password); data.password = hashPassword(password);
} }
if (role && isAdmin) {
data.role = role;
}
// Only admin can change these fields // Only admin can change these fields
if (username && isAdmin) { if (username && isAdmin) {
data.username = username; data.username = username;

View File

@ -17,6 +17,7 @@ export async function getUser(
username: true, username: true,
password: includePassword, password: includePassword,
role: true, role: true,
createdAt: true,
}, },
}); });
} }