From 9773f1da725d846c65732d7a69ba485285f61c44 Mon Sep 17 00:00:00 2001 From: Tiago Ribeiro Date: Sat, 20 Jan 2024 13:33:22 +0000 Subject: [PATCH] Updated the user deletion to allow corporate to remove users from their groups, instead of deleting them --- src/constants/userPermissions.ts | 2 +- src/pages/api/user.ts | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/constants/userPermissions.ts b/src/constants/userPermissions.ts index b75ea983..e0251e8c 100644 --- a/src/constants/userPermissions.ts +++ b/src/constants/userPermissions.ts @@ -10,7 +10,7 @@ export const PERMISSIONS = { developer: ["developer"], }, deleteUser: { - student: ["teacher", "corporate", "developer", "admin"], + student: ["corporate", "developer", "admin"], teacher: ["corporate", "developer", "admin"], corporate: ["admin", "developer"], admin: ["developer", "admin"], diff --git a/src/pages/api/user.ts b/src/pages/api/user.ts index 1e975ac4..921c0222 100644 --- a/src/pages/api/user.ts +++ b/src/pages/api/user.ts @@ -1,6 +1,6 @@ import {PERMISSIONS} from "@/constants/userPermissions"; import {app, adminApp} from "@/firebase"; -import {User} from "@/interfaces/user"; +import {Group, User} from "@/interfaces/user"; import {sessionOptions} from "@/lib/session"; import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, setDoc, where} from "firebase/firestore"; import {getAuth} from "firebase-admin/auth"; @@ -43,6 +43,19 @@ async function del(req: NextApiRequest, res: NextApiResponse) { const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User; + if (user.type === "corporate" && (targetUser.type === "student" || targetUser.type === "teacher")) { + res.json({ok: true}); + + const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id))); + await Promise.all([ + ...userParticipantGroup.docs + .filter((x) => (x.data() as Group).admin === user.id) + .map(async (x) => await setDoc(x.ref, {participants: x.data().participants.filter((y: string) => y !== id)}, {merge: true})), + ]); + + return; + } + const permission = PERMISSIONS.deleteUser[targetUser.type]; if (!permission.includes(user.type)) { res.status(403).json({ok: false});