From d41c6c9134721181e11b37cdd8bf76cc93f512d3 Mon Sep 17 00:00:00 2001
From: oduba samuel <samueloduba123@gmail.com>
Date: Mon, 22 Jul 2024 10:32:07 +0100
Subject: [PATCH] feat: created a change user role endpoint and functionality
 for access permission

---
 src/controllers/OrgController.ts  |  2 +-
 src/controllers/index.ts          |  1 +
 src/controllers/roleController.ts | 43 +++++++++++++++++++++++++++++++
 src/middleware/auth.ts            |  2 +-
 src/middleware/checkUserRole.ts   | 14 ++++++++++
 src/middleware/index.ts           |  1 +
 src/routes/auth.ts                | 12 +++++++--
 7 files changed, 71 insertions(+), 4 deletions(-)
 create mode 100644 src/controllers/roleController.ts
 create mode 100644 src/middleware/checkUserRole.ts

diff --git a/src/controllers/OrgController.ts b/src/controllers/OrgController.ts
index ef1d8761..b2396679 100644
--- a/src/controllers/OrgController.ts
+++ b/src/controllers/OrgController.ts
@@ -1,4 +1,4 @@
-import { Request, Response } from "express";
+ import { Request, Response } from "express";
 import { OrgService } from "../services/OrgService";
 
 export class OrgController {
diff --git a/src/controllers/index.ts b/src/controllers/index.ts
index d850f3d9..63ede203 100644
--- a/src/controllers/index.ts
+++ b/src/controllers/index.ts
@@ -3,3 +3,4 @@ export * from "./AuthController";
 export * from "./UserController";
 export * from "./HelpController";
 export * from "./NotificationController";
+export * from "./roleController"
diff --git a/src/controllers/roleController.ts b/src/controllers/roleController.ts
new file mode 100644
index 00000000..feaf429a
--- /dev/null
+++ b/src/controllers/roleController.ts
@@ -0,0 +1,43 @@
+import { Request, Response, NextFunction } from "express";
+import { User } from "../models";
+import { UserRole } from "../enums/userRoles";
+import { ResourceNotFound, HttpError } from "../middleware/error";
+
+export const changeUserRole = async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const { user_id, organization_id } = req.params;
+    const { new_role } = req.body;
+
+    // Validate the provided role
+    if (!Object.values(UserRole).includes(new_role)) {
+      throw new HttpError(400, "Invalid role specified");
+    }
+
+    // Retrieve the user whose role needs to be updated
+    const user = await User.findOne({ where: { id: user_id }, relations: ["organizations"] });
+
+    if (!user) {
+      throw new ResourceNotFound("User not found");
+    }
+
+      // Check if the user belongs to the specified organization
+      const userOrganization = user.organizations.find(org => org.id === organization_id);
+
+      if (!userOrganization) {
+        throw new HttpError(400, "User does not belong to the specified team");
+      }
+
+    // Update the user's role
+    user.role = new_role;
+    await user.save();
+
+    res.status(200).json({
+        message: "Team member role updated successfully",
+        organization_id,
+        user_id,
+        new_role
+      });
+  } catch (error) {
+    next(error);
+  }
+};
diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
index 58db3e26..aa31a89e 100644
--- a/src/middleware/auth.ts
+++ b/src/middleware/auth.ts
@@ -12,7 +12,7 @@ import jwt from "jsonwebtoken";
 import config from "../config";
 
 export const authMiddleware = async (
-  req: Request,
+  req: Request & { user?: User },
   res: Response,
   next: NextFunction
 ) => {
diff --git a/src/middleware/checkUserRole.ts b/src/middleware/checkUserRole.ts
new file mode 100644
index 00000000..e9038f27
--- /dev/null
+++ b/src/middleware/checkUserRole.ts
@@ -0,0 +1,14 @@
+import { Request, Response, NextFunction } from "express";
+import { UserRole } from "../enums/userRoles";
+import { Unauthorized } from "./error";
+
+
+export const checkPermissions = (roles: UserRole[]) => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    const user = req.user;
+    if (!user || !roles.includes(user.role)) {
+      throw new Unauthorized("You do not have permission to perform this action");
+    }
+    next();
+  };
+};
diff --git a/src/middleware/index.ts b/src/middleware/index.ts
index d0d8e7b7..48dbf780 100644
--- a/src/middleware/index.ts
+++ b/src/middleware/index.ts
@@ -1,2 +1,3 @@
 export * from "./error";
 export * from "./auth";
+export * from "./checkUserRole";
diff --git a/src/routes/auth.ts b/src/routes/auth.ts
index fed70575..4d704fb7 100644
--- a/src/routes/auth.ts
+++ b/src/routes/auth.ts
@@ -1,10 +1,18 @@
-import { signUp, verifyOtp, login } from "../controllers";
+import { signUp, verifyOtp, login, changeUserRole } from "../controllers";
 import { Router } from "express";
+import { authMiddleware, checkPermissions } from "../middleware";
+import { UserRole } from "../enums/userRoles";
 
 const authRoute = Router();
 
 authRoute.post("/signup", signUp);
 authRoute.post("/verify-otp", verifyOtp);
 authRoute.post("/login", login);
-
+authRoute.post("/login", login);
+authRoute.put(
+    "/api/v1/organizations/:organization_id/users/:user_id/role",
+    authMiddleware,
+    checkPermissions([UserRole.SUPER_ADMIN, UserRole.ADMIN]),
+    changeUserRole
+  );
 export { authRoute };