Skip to content
This repository has been archived by the owner on Feb 4, 2025. It is now read-only.

fix: user-routes-redirect #19

Merged
merged 1 commit into from
Aug 21, 2024
Merged

fix: user-routes-redirect #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 0 additions & 29 deletions src/api/admin/users/[user_id]/route.ts
View file
Open in desktop

This file was deleted.

32 changes: 0 additions & 32 deletions src/api/admin/users/[user_id]/validators.ts
View file
Open in desktop

This file was deleted.

12 changes: 10 additions & 2 deletions src/api/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
import { registerOverriddenValidators } from '@medusajs/medusa';
import { AdminPostProductsReq as MedusaAdminPostProductsReq } from '@medusajs/medusa/dist/api/routes/admin/products/create-product';
import { AdminPostProductsProductReq as MedusaAdminPostProductsProductReq } from '@medusajs/medusa/dist/api/routes/admin/products/update-product';
import { IsString, ArrayMaxSize, IsOptional } from 'class-validator';
import { registerOverriddenValidators } from '@medusajs/medusa';
import { AdminUpdateUserRequest as MedusaAdminUpdateUserRequest } from '@medusajs/medusa/dist/api/routes/admin/users/update-user';
import { ArrayMaxSize, IsEnum, IsOptional, IsString } from 'class-validator';
import { UserStatus } from '../models/user';

class AdminPostProductsReq extends MedusaAdminPostProductsReq {
@IsString({ each: true })
Expand All @@ -17,5 +19,11 @@ class AdminPostProductsProductReq extends MedusaAdminPostProductsProductReq {
shipping_options?: string[];
}

export class AdminUpdateUserRequest extends MedusaAdminUpdateUserRequest {
@IsEnum(UserStatus)
@IsOptional()
status?: UserStatus;
}

registerOverriddenValidators(AdminPostProductsReq);
registerOverriddenValidators(AdminPostProductsProductReq);
10 changes: 7 additions & 3 deletions src/api/middlewares.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
import { MiddlewaresConfig, authenticate } from '@medusajs/medusa';
import cors from 'cors';
import { adminCors } from '../util/cors';
import { registerLoggedInUser } from '../middlewares/register-logged-in-user';
import { adminCors } from '../util/cors';
import { restrictedAdminMiddlewares } from '../util/restricted-admin-middlewares';

export const config: MiddlewaresConfig = {
routes: [
{
// Authenticate all /admin routes except /auth and /admin/invites/accept
matcher: /^\/admin\/(?!auth|invites\/accept).*$/,
// Authenticate all /admin routes except /auth and /admin/invites/accept and /admin/users/password-token and /admin/users/reset-password
matcher: /^\/admin\/(?!auth|invites\/accept|users\/password-token|users\/reset-password).*$/,
middlewares: [cors(adminCors), authenticate(), registerLoggedInUser],
},
{
matcher: /^\/admin\/users\/(password-token|reset-password)$/,
middlewares: [adminCors],
},
{
matcher: '/vendor/*',
middlewares: [cors(adminCors)],
Expand Down
34 changes: 29 additions & 5 deletions src/services/user.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,25 @@
import { Lifetime } from 'awilix';
import { FindConfig, UserService as MedusaUserService, buildQuery } from '@medusajs/medusa';
import { User, UserStatus } from '../models/user';
import { FilterableUserProps, CreateUserInput as MedusaCreateUserInput } from '@medusajs/medusa/dist/types/user';
import StoreService from './store';
import { MedusaError } from '@medusajs/utils';
import {
FilterableUserProps,
CreateUserInput as MedusaCreateUserInput,
UpdateUserInput as MedusaUpdateUserInput,
} from '@medusajs/medusa/dist/types/user';
import { Selector } from '@medusajs/types';
import { MedusaError } from '@medusajs/utils';
import { Lifetime } from 'awilix';
import { User, UserPermission, UserStatus } from '../models/user';
import StoreService from './store';

type CreateUserInput = {
store_id?: string;
status?: UserStatus;
is_admin?: boolean;
} & MedusaCreateUserInput;

type UpdateUserInput = {
status?: UserStatus;
} & MedusaUpdateUserInput;

class UserService extends MedusaUserService {
static LIFE_TIME = Lifetime.TRANSIENT;

Expand Down Expand Up @@ -102,6 +110,22 @@ class UserService extends MedusaUserService {

return await super.listAndCount(selector, config);
}

async update(userId: string, update: UpdateUserInput): Promise<User> {
const permission = this.loggedInUser_.is_admin ? UserPermission.ADMIN : UserPermission.VENDOR;

if (permission !== UserPermission.ADMIN) {
if (update.role) {
throw new MedusaError(MedusaError.Types.INVALID_DATA, 'You are not allowed to change user role');
}

if (update.status) {
throw new MedusaError(MedusaError.Types.INVALID_DATA, 'You are not allowed to change user status');
}
}

return await super.update(userId, update);
}
}

export default UserService;