IGNITE-6461 Web Console: Sanitize user on save.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/1b6873c7 Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/1b6873c7 Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/1b6873c7 Branch: refs/heads/ignite-3478 Commit: 1b6873c797b3ecd91706158d732deccca1144262 Parents: 0f8a2bf Author: Alexey Kuznetsov <akuznet...@apache.org> Authored: Thu Sep 21 14:36:08 2017 +0700 Committer: Alexey Kuznetsov <akuznet...@apache.org> Committed: Thu Sep 21 14:36:08 2017 +0700 ---------------------------------------------------------------------- modules/web-console/backend/routes/admin.js | 5 +++-- modules/web-console/backend/services/users.js | 5 +++++ .../list-of-registered-users.controller.js | 1 - .../web-console/frontend/app/core/admin/Admin.data.js | 12 ++++++++---- 4 files changed, 16 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/1b6873c7/modules/web-console/backend/routes/admin.js ---------------------------------------------------------------------- diff --git a/modules/web-console/backend/routes/admin.js b/modules/web-console/backend/routes/admin.js index c00b17a..5ee41c8 100644 --- a/modules/web-console/backend/routes/admin.js +++ b/modules/web-console/backend/routes/admin.js @@ -33,6 +33,7 @@ module.exports = { * @param {MailsService} mailsService * @param {SessionsService} sessionsService * @param {UsersService} usersService + * @param {NotificationsService} notificationsService * @returns {Promise} */ module.exports.factory = function(_, express, settings, mongo, spacesService, mailsService, sessionsService, usersService, notificationsService) { @@ -55,8 +56,8 @@ module.exports.factory = function(_, express, settings, mongo, spacesService, ma .catch(res.api.error); }); - // Save user. - router.post('/save', (req, res) => { + // Grant or revoke admin access to user. + router.post('/toggle', (req, res) => { const params = req.body; mongo.Account.findByIdAndUpdate(params.userId, {admin: params.adminFlag}).exec() http://git-wip-us.apache.org/repos/asf/ignite/blob/1b6873c7/modules/web-console/backend/services/users.js ---------------------------------------------------------------------- diff --git a/modules/web-console/backend/services/users.js b/modules/web-console/backend/services/users.js index 0710713..991928a 100644 --- a/modules/web-console/backend/services/users.js +++ b/modules/web-console/backend/services/users.js @@ -51,6 +51,7 @@ module.exports.factory = (_, errors, settings, mongo, spacesService, mailsServic class UsersService { /** * Save profile information. + * * @param {String} host - The host * @param {Object} user - The user * @returns {Promise.<mongo.ObjectId>} that resolves account id of merge operation. @@ -93,10 +94,13 @@ module.exports.factory = (_, errors, settings, mongo, spacesService, mailsServic /** * Save user. + * * @param {Object} changed - The user * @returns {Promise.<mongo.ObjectId>} that resolves account id of merge operation. */ static save(changed) { + delete changed.admin; + return mongo.Account.findById(changed._id).exec() .then((user) => { if (!changed.password) @@ -207,6 +211,7 @@ module.exports.factory = (_, errors, settings, mongo, spacesService, mailsServic /** * Remove account. + * * @param {String} host. * @param {mongo.ObjectId|String} userId - The account id for remove. * @returns {Promise.<{rowsAffected}>} - The number of affected rows. http://git-wip-us.apache.org/repos/asf/ignite/blob/1b6873c7/modules/web-console/frontend/app/components/list-of-registered-users/list-of-registered-users.controller.js ---------------------------------------------------------------------- diff --git a/modules/web-console/frontend/app/components/list-of-registered-users/list-of-registered-users.controller.js b/modules/web-console/frontend/app/components/list-of-registered-users/list-of-registered-users.controller.js index 2e36c5c..f82ccbe 100644 --- a/modules/web-console/frontend/app/components/list-of-registered-users/list-of-registered-users.controller.js +++ b/modules/web-console/frontend/app/components/list-of-registered-users/list-of-registered-users.controller.js @@ -91,7 +91,6 @@ export default class IgniteListOfRegisteredUsersCtrl { user.adminChanging = true; AdminData.toggleAdmin(user) - .then(() => user.admin = !user.admin) .finally(() => user.adminChanging = false); }; http://git-wip-us.apache.org/repos/asf/ignite/blob/1b6873c7/modules/web-console/frontend/app/core/admin/Admin.data.js ---------------------------------------------------------------------- diff --git a/modules/web-console/frontend/app/core/admin/Admin.data.js b/modules/web-console/frontend/app/core/admin/Admin.data.js index 5ea8f00..5c4fe10 100644 --- a/modules/web-console/frontend/app/core/admin/Admin.data.js +++ b/modules/web-console/frontend/app/core/admin/Admin.data.js @@ -47,15 +47,19 @@ export default class IgniteAdminData { } toggleAdmin(user) { - return this.$http.post('/api/v1/admin/save', { + const adminFlag = !user.admin; + + return this.$http.post('/api/v1/admin/toggle', { userId: user._id, - adminFlag: !user.admin + adminFlag }) .then(() => { - this.Messages.showInfo(`Admin right was successfully toggled for user: "${user.userName}"`); + user.admin = adminFlag; + + this.Messages.showInfo(`Admin rights was successfully ${adminFlag ? 'granted' : 'revoked'} for user: "${user.userName}"`); }) .catch((res) => { - this.Messages.showError('Failed to toggle admin right for user: ', res); + this.Messages.showError(`Failed to ${adminFlag ? 'grant' : 'revok'} admin rights for user: "${user.userName}"`, res); }); }