Implemented the /me controller that allows a user to get and update themselves
ref #100
This commit is contained in:
54
src/controllers/MeController.ts
Normal file
54
src/controllers/MeController.ts
Normal file
@@ -0,0 +1,54 @@
|
||||
import { Body, CurrentUser, Get, JsonController, OnUndefined, Put } from 'routing-controllers';
|
||||
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
|
||||
import { getConnectionManager, Repository } from 'typeorm';
|
||||
import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors';
|
||||
import { UpdateUser } from '../models/actions/update/UpdateUser';
|
||||
import { User } from '../models/entities/User';
|
||||
import { ResponseUser } from '../models/responses/ResponseUser';
|
||||
|
||||
|
||||
@JsonController('/me')
|
||||
@OpenAPI({ security: [{ "AuthToken": [] }, { "RefreshTokenCookie": [] }] })
|
||||
export class MeController {
|
||||
private userRepository: Repository<User>;
|
||||
|
||||
/**
|
||||
* Gets the repository of this controller's model/entity.
|
||||
*/
|
||||
constructor() {
|
||||
this.userRepository = getConnectionManager().get().getRepository(User);
|
||||
}
|
||||
|
||||
@Get('/')
|
||||
@ResponseSchema(ResponseUser)
|
||||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@OnUndefined(UserNotFoundError)
|
||||
@OpenAPI({ description: 'Lists all permissions granted to the user sorted into directly granted and inherited as permission response objects.' })
|
||||
async get(@CurrentUser() currentUser: User) {
|
||||
let user = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions', 'permissions.principal', 'groups.permissions.principal'] })
|
||||
if (!user) { throw new UserNotFoundError(); }
|
||||
return new ResponseUser(user);
|
||||
}
|
||||
|
||||
@Put('/')
|
||||
@ResponseSchema(ResponseUser)
|
||||
@ResponseSchema(UserNotFoundError, { statusCode: 404 })
|
||||
@ResponseSchema(UserIdsNotMatchingError, { statusCode: 406 })
|
||||
@ResponseSchema(UsernameContainsIllegalCharacterError, { statusCode: 406 })
|
||||
@OpenAPI({ description: "Update the yourself. <br> You can't edit your own permissions or group memberships here - Please use the /api/users/:id enpoint instead. <br> Please remember that ids can't be changed." })
|
||||
async put(@CurrentUser() currentUser: User, @Body({ validate: true }) updateUser: UpdateUser) {
|
||||
let oldUser = await this.userRepository.findOne({ id: currentUser.id }, { relations: ['groups'] });
|
||||
updateUser.groups = oldUser.groups.map(g => g.id);
|
||||
|
||||
if (!oldUser) {
|
||||
throw new UserNotFoundError();
|
||||
}
|
||||
|
||||
if (oldUser.id != updateUser.id) {
|
||||
throw new UserIdsNotMatchingError();
|
||||
}
|
||||
await this.userRepository.save(await updateUser.update(oldUser));
|
||||
|
||||
return new ResponseUser(await this.userRepository.findOne({ id: currentUser.id }, { relations: ['permissions', 'groups', 'groups.permissions'] }));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user