ahmed/arduino-parts-inventory
Archived
1
0
Fork 0
Code Activity

Role based access, and lots of style changes, login/signup pages still look funky in dark mode

Browse Source
This commit is contained in:
Ahmed Al-Taiar
2023-10-31 23:25:39 -04:00
parent fcdacd844f
commit f5a6b1c37a
20 changed files with 172 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
api/db/migrations/20231101015820_simplify_roles/migration.sql Normal file
View File

@@ -0,0 +1,33 @@
/*
Warnings:
- You are about to drop the `UserRole` table. If the table is not empty, all the data it contains will be lost.
*/
-- DropIndex
DROP INDEX "UserRole_name_userId_key";
-- DropTable
PRAGMA foreign_keys=off;
DROP TABLE "UserRole";
PRAGMA foreign_keys=on;
-- RedefineTables
PRAGMA foreign_keys=OFF;
CREATE TABLE "new_User" (
"id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
"firstName" TEXT NOT NULL,
"lastName" TEXT NOT NULL,
"email" TEXT NOT NULL,
"hashedPassword" TEXT NOT NULL,
"salt" TEXT NOT NULL,
"resetToken" TEXT,
"resetTokenExpiresAt" DATETIME,
"roles" TEXT NOT NULL DEFAULT 'user'
);
INSERT INTO "new_User" ("email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt") SELECT "email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt" FROM "User";
DROP TABLE "User";
ALTER TABLE "new_User" RENAME TO "User";
CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
PRAGMA foreign_key_check;
PRAGMA foreign_keys=ON;

17
api/db/schema.prisma
View File

@@ -18,24 +18,13 @@ model Part {
}
model User {
id Int @id @default(autoincrement())
id Int @id @default(autoincrement())
firstName String
lastName String
email String @unique
email String @unique
hashedPassword String
salt String
resetToken String?
resetTokenExpiresAt DateTime?
userRoles UserRole[]
}
model UserRole {
id Int @id @default(autoincrement())
createdAt DateTime @default(now())
updatedAt DateTime @default(now())
name String
user User? @relation(fields: [userId], references: [id])
userId Int?
@@unique([name, userId])
roles String @default("user")
}

10
api/src/functions/auth.ts
View File

@@ -113,13 +113,21 @@ export const handler = async (
// If this returns anything else, it will be returned by the
// `signUp()` function in the form of: `{ message: 'String here' }`.
handler: ({ username, hashedPassword, salt, userAttributes }) => {
const adminEmails: string[] = process.env.ADMIN_EMAILS.split(',')
let role = 'user'
const email = username.toLowerCase()
if (adminEmails.includes(email)) role = 'admin'
return db.user.create({
data: {
email: username,
email: email,
hashedPassword: hashedPassword,
salt: salt,
firstName: userAttributes.firstName,
lastName: userAttributes.lastName,
roles: role,
},
})
},

43
api/src/lib/auth.ts
View File

@@ -27,7 +27,7 @@ export const getCurrentUser = async (session: Decoded) => {
return await db.user.findUnique({
where: { id: session.id },
select: { id: true, firstName: true },
select: { id: true, firstName: true, roles: true },
})
}
@@ -59,32 +59,27 @@ export const hasRole = (roles: AllowedRoles): boolean => {
return false
}
const currentUserRoles = context.currentUser?.roles
if (typeof roles === 'string') {
if (typeof currentUserRoles === 'string') {
// roles to check is a string, currentUser.roles is a string
return currentUserRoles === roles
} else if (Array.isArray(currentUserRoles)) {
// roles to check is a string, currentUser.roles is an array
return currentUserRoles?.some((allowedRole) => roles === allowedRole)
// If your User model includes roles, uncomment the role checks on currentUser
if (roles) {
if (Array.isArray(roles)) {
// the line below has changed
if (context.currentUser.roles)
return context.currentUser.roles
.split(',')
.some((role) => roles.includes(role))
}
if (typeof roles === 'string') {
// the line below has changed
if (context.currentUser.roles)
return context.currentUser.roles.split(',').includes(roles)
}
// roles not found
return false
}
if (Array.isArray(roles)) {
if (Array.isArray(currentUserRoles)) {
// roles to check is an array, currentUser.roles is an array
return currentUserRoles?.some((allowedRole) =>
roles.includes(allowedRole)
)
} else if (typeof currentUserRoles === 'string') {
// roles to check is an array, currentUser.roles is a string
return roles.some((allowedRole) => currentUserRoles === allowedRole)
}
}
// roles not found
return false
return true
}
/**

1
api/src/services/parts/parts.scenarios.ts
View File

@@ -1,4 +1,5 @@
import type { Prisma, Part } from '@prisma/client'
import type { ScenarioData } from '@redwoodjs/testing/api'
export const standard = defineScenario<Prisma.PartCreateArgs>({

23
api/src/services/parts/parts.ts
View File

@@ -29,18 +29,21 @@ export const updatePart: MutationResolvers['updatePart'] = ({ id, input }) => {
export const deletePart: MutationResolvers['deletePart'] = async ({ id }) => {
const client = Filestack.init(process.env.REDWOOD_ENV_FILESTACK_API_KEY)
const part = await db.part.findUnique({ where: { id } })
const handle = part.imageUrl.split('/').pop()
const security = Filestack.getSecurity(
{
expiry: new Date().getTime() + 5 * 60 * 1000,
handle,
call: ['remove'],
},
process.env.REDWOOD_ENV_FILESTACK_SECRET
)
if (!part.imageUrl.includes('no_image.png')) {
const handle = part.imageUrl.split('/').pop()
await client.remove(handle, security)
const security = Filestack.getSecurity(
{
expiry: new Date().getTime() + 5 * 60 * 1000,
handle,
call: ['remove'],
},
process.env.REDWOOD_ENV_FILESTACK_SECRET
)
await client.remove(handle, security)
}
return db.part.delete({
where: { id },