From a428e5cff259db26359814927e700cbde4a1d3b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Y=C3=BBki=20Vachot?= Date: Mon, 10 Jan 2022 12:07:45 +0100 Subject: [PATCH] Update: Admin can create Admin or Advertiser --- controllers/user.controller.js | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/controllers/user.controller.js b/controllers/user.controller.js index 9af3856..2575ea1 100644 --- a/controllers/user.controller.js +++ b/controllers/user.controller.js @@ -73,10 +73,28 @@ exports.create = (req, res) => { if(typeof req.body.role !== 'undefined'){ switch(req.body.role){ case 'admin': - var_role = roles.Admin; + const token = checkLogin(req, res); + const role = roles.Admin; + if(token && typeof token.role !== 'undefined' && + ((Array.isArray(role) && role.includes(token.role)) || + ( typeof role === 'object' && typeof token.role.permission !== 'undefined' && token.role.permission >= role.permission && token.role.isAccepted === true))){ + var_role = roles.Admin; + var_role.isAccepted = true; + } else { + var_role = roles.Admin; + } break; case 'advertiser': - var_role = roles.Advertiser; + const token = checkLogin(req, res); + const role = roles.Admin; + if(token && typeof token.role !== 'undefined' && + ((Array.isArray(role) && role.includes(token.role)) || + ( typeof role === 'object' && typeof token.role.permission !== 'undefined' && token.role.permission >= role.permission && token.role.isAccepted === true))){ + var_role = roles.Advertiser; + var_role.isAccepted = true; + } else { + var_role = roles.Advertiser; + } break; default: var_role = roles.User;