Skip to content

Commit

Permalink
add checks (#540)
Browse files Browse the repository at this point in the history 
* add checks

* add check and update changelog

* Update routes/web.js

---------

Co-authored-by: mboudet <[email protected]>
  • Loading branch information
@rsiminel @mboudet
rsiminel and mboudet authored Dec 9, 2024
1 parent f3335a9 commit 7590477
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 3 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,14 @@
## 1.4.32 (Unreleased)

* Clearer error message when adding a website
* Add User, Project and Group static classes to front end (refactor)
* Add checks for website owner update
* Fix error in 'projects' tab from user page
* increase size of input field in users page
* add a readonly input field under email for showing the email domain*
* Add "custom_users" key to config file, to be used with various scripts


## 1.4.31 (2024-09-27)

* Fix 'Admin' button in 'My projects' page for administrators
Expand Down
30 changes: 27 additions & 3 deletions routes/web.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ router.put('/web/:id/owner/:old/:new', async function(req, res) {
} catch(e) {
logger.error(e);
res.status(404).send({message: 'User session not found'});
res.end();
return;
}

Expand All @@ -40,15 +39,40 @@ router.put('/web/:id/owner/:old/:new', async function(req, res) {
return;
}
session_user.is_admin = isadmin;

if(!session_user.is_admin) {
res.status(401).send({message: 'Not authorized'});
return;
}

if (req.params.old == req.params.new) {
res.status(400).send({message: 'Old owner and new owner are the same person'});
return;
}
try {
await dbsrv.mongo_web().findOne({name: req.params.id});
} catch(e) {
logger.error(e);
res.status(404).send({message: 'Website not found'});
return;
}
try {
await dbsrv.mongo_users().findOne({uid: req.params.old});
} catch(e) {
logger.error(e);
res.status(404).send({message: 'Old website owner not found'});
return;
}
try {
await dbsrv.mongo_users().findOne({uid: req.params.new});
} catch(e) {
logger.error(e);
res.status(404).send({message: 'New website owner not found'});
return;
}

await dbsrv.mongo_web().updateOne({name: req.params.id},{'$set': {owner: req.params.new}});
await dbsrv.mongo_events().insertOne({'owner': session_user.uid, 'date': new Date().getTime(), 'action': 'change website ' + req.params.id + ' owner to ' + req.params.new , 'logs': []});
res.send({message: 'Owner changed from ' + req.params.old + ' to ' + req.params.new});
res.end();
});

router.get('/web', async function(req, res) {
Expand Down

0 comments on commit 7590477

Please sign in to comment.