277 lines
6.2 KiB
JavaScript
Raw Normal View History

2017-11-14 11:11:22 +01:00
'use strict';
/**
* User.js controller
*
* @description: A set of functions called "actions" for managing `User`.
*/
2017-12-04 15:35:45 +01:00
const _ = require('lodash');
const sanitizeUser = user => _.omit(user, ['password', 'resetPasswordToken']);
const adminError = error => [
{ messages: [{ id: error.message, field: error.field }] },
];
2017-11-14 11:11:22 +01:00
module.exports = {
2017-11-14 11:11:22 +01:00
/**
* Retrieve user records.
* @return {Object|Array}
*/
async find(ctx, next, { populate } = {}) {
let users;
2017-11-14 11:11:22 +01:00
2019-05-21 16:18:18 +02:00
if (_.has(ctx.query, '_q')) {
// use core strapi query to search for users
users = await strapi
.query('user', 'users-permissions')
.search(ctx.query, populate);
} else {
users = await strapi.plugins['users-permissions'].services.user.fetchAll(
ctx.query,
populate
);
2019-05-21 16:18:18 +02:00
}
const data = users.map(sanitizeUser);
2017-11-14 11:11:22 +01:00
ctx.send(data);
},
/**
* Retrieve authenticated user.
* @return {Object|Array}
*/
async me(ctx) {
const user = ctx.state.user;
if (!user) {
return ctx.badRequest(null, [
{ messages: [{ id: 'No authorization header was found' }] },
]);
}
const data = sanitizeUser(user);
ctx.send(data);
},
2017-11-14 11:11:22 +01:00
/**
* Retrieve a user record.
* @return {Object}
*/
async findOne(ctx) {
let data = await strapi.plugins['users-permissions'].services.user.fetch(
ctx.params
);
if (data) {
data = sanitizeUser(data);
}
2017-11-14 11:11:22 +01:00
// Send 200 `ok`
ctx.send(data);
},
/**
* Create a/an user record.
* @return {Object}
*/
async create(ctx) {
const advanced = await strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'advanced',
})
.get();
const { email, username, password, role } = ctx.request.body;
if (!email) return ctx.badRequest('missing.email');
if (!username) return ctx.badRequest('missing.username');
if (!password) return ctx.badRequest('missing.password');
const adminsWithSameUsername = await strapi
.query('user', 'users-permissions')
.findOne({ username });
if (adminsWithSameUsername) {
return ctx.badRequest(
null,
ctx.request.admin
? adminError({
message: 'Auth.form.error.username.taken',
field: ['username'],
})
: 'username.alreadyTaken.'
);
}
if (advanced.unique_email) {
const user = await strapi
.query('user', 'users-permissions')
.findOne({ email });
2018-01-26 09:37:24 +01:00
if (user) {
return ctx.badRequest(
null,
ctx.request.admin
? adminError({
message: 'Auth.form.error.email.taken',
field: ['email'],
})
: 'email.alreadyTaken'
);
2018-01-26 09:37:24 +01:00
}
}
const user = {
email,
username,
password,
role,
provider: 'local',
};
if (!role) {
const defaultRole = await strapi
.query('role', 'users-permissions')
.findOne({ type: advanced.default_role }, []);
user.role = defaultRole.id;
}
2017-12-06 15:11:55 +01:00
try {
const data = await strapi.plugins['users-permissions'].services.user.add(
user
);
2017-12-06 15:11:55 +01:00
ctx.created(data);
} catch (error) {
ctx.badRequest(
null,
ctx.request.admin ? adminError(error) : error.message
);
2017-12-06 15:11:55 +01:00
}
2017-11-14 11:11:22 +01:00
},
/**
* Update a/an user record.
* @return {Object}
*/
async update(ctx) {
2017-12-06 15:11:55 +01:00
try {
const advancedConfigs = await strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'advanced',
})
.get();
if (advancedConfigs.unique_email && ctx.request.body.email) {
const users = await strapi.plugins[
'users-permissions'
].services.user.fetchAll({ email: ctx.request.body.email });
if (
users &&
_.find(
users,
user =>
(user.id || user._id).toString() !==
(ctx.params.id || ctx.params._id)
)
) {
return ctx.badRequest(
null,
ctx.request.admin
? adminError({
message: 'Auth.form.error.email.taken',
field: ['email'],
})
: 'Email is already taken.'
);
2018-01-26 09:37:24 +01:00
}
}
const user = await strapi.plugins[
'users-permissions'
].services.user.fetch(ctx.params);
2017-12-04 15:35:45 +01:00
if (_.get(ctx.request, 'body.password') === user.password) {
2017-12-06 15:11:55 +01:00
delete ctx.request.body.password;
}
2017-12-04 15:35:45 +01:00
if (
_.get(ctx.request, 'body.role', '').toString() === '0' &&
(!_.get(ctx.state, 'user.role') ||
_.get(ctx.state, 'user.role', '').toString() !== '0')
) {
2017-12-15 10:49:01 +01:00
delete ctx.request.body.role;
}
if (ctx.request.body.email && advancedConfigs.unique_email) {
const user = await strapi.query('user', 'users-permissions').findOne({
email: ctx.request.body.email,
});
if (
user !== null &&
(user.id || user._id).toString() !== (ctx.params.id || ctx.params._id)
) {
return ctx.badRequest(
null,
ctx.request.admin
? adminError({
message: 'Auth.form.error.email.taken',
field: ['email'],
})
: 'Email is already taken.'
);
}
}
const data = await strapi.plugins['users-permissions'].services.user.edit(
ctx.params,
ctx.request.body
);
2017-11-14 11:11:22 +01:00
2017-12-06 15:11:55 +01:00
// Send 200 `ok`
ctx.send(data);
} catch (error) {
ctx.badRequest(
null,
ctx.request.admin
? [{ messages: [{ id: error.message, field: error.field }] }]
: error.message
);
2017-12-06 15:11:55 +01:00
}
2017-11-14 11:11:22 +01:00
},
/**
* Destroy a/an user record.
*
* @return {Object}
*/
async destroy(ctx) {
const data = await strapi.plugins['users-permissions'].services.user.remove(
ctx.params
);
// Send 200 `ok`
ctx.send(data);
},
async destroyAll(ctx) {
const data = await strapi.plugins[
'users-permissions'
].services.user.removeAll(ctx.params, ctx.request.query);
2017-11-14 11:11:22 +01:00
// Send 200 `ok`
ctx.send(data);
},
2017-11-14 11:11:22 +01:00
};