Fovway/time-tracking-eltex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
time-tracking-eltex/backend/routes/users.js
Fovway 261cbd75a4 modified: README.md 
modified:   backend/routes/users.js
	modified:   frontend/README.md
2025-10-13 23:58:50 +07:00

132 lines
3.5 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const express = require("express");
const { User } = require("../models");
const { logActivity } = require("./activityLogs");
const {
authenticate,
authorizeAdmin,
authorizeManager,
} = require("../middleware/auth");
const router = express.Router();
// Get all users (admin and manager)
router.get("/", authenticate, authorizeManager, async (req, res) => {
try {
const users = await User.findAll({
attributes: ["id", "username", "role"],
});
res.json(users);
} catch (error) {
res.status(500).json({ message: "Server error" });
}
});
// Create user (admin and manager)
router.post("/", authenticate, authorizeManager, async (req, res) => {
try {
const { username, password, role } = req.body;
let userRole = role || "user";
// Managers cannot create admins
if (userRole === "admin" && req.user.role !== "admin") {
return res
.status(403)
.json({ message: "Managers cannot create admin users" });
}
// Managers can only create users or managers
if (
req.user.role === "manager" &&
!["user", "manager"].includes(userRole)
) {
return res
.status(403)
.json({ message: "Managers can only create users or managers" });
}
// Check if user already exists
const existingUser = await User.findOne({ where: { username } });
if (existingUser) {
console.log(
`Попытка создания сотрудника с существующим именем: ${username}`
);
return res
.status(400)
.json({ message: "Такой сотрудник уже существует" });
}
const user = await User.create({
username,
password,
role: userRole,
});
// Log the creation action
await logActivity(
req.user.id,
"Создание сотрудника",
`Создан новый сотрудник: ${username} с ролью ${userRole}`
);
res
.status(201)
.json({ id: user.id, username: user.username, role: user.role });
} catch (error) {
console.error(`Ошибка при создании сотрудника: ${error.message}`);
res.status(500).json({ message: "Server error" });
}
});
// Update user password (admin and manager)
router.put(
"/:id/password",
authenticate,
authorizeManager,
async (req, res) => {
try {
const { password } = req.body;
const user = await User.findByPk(req.params.id);
if (!user) {
return res.status(404).json({ message: "User not found" });
}
user.password = password;
await user.save();
// Log the password reset action
await logActivity(
req.user.id,
"Сброс пароля",
`Сброшен пароль для сотрудника: ${user.username}`
);
res.json({ message: "Password updated" });
} catch (error) {
res.status(500).json({ message: "Server error" });
}
}
);
// Delete user (admin and manager)
router.delete("/:id", authenticate, authorizeManager, async (req, res) => {
try {
const user = await User.findByPk(req.params.id);
if (!user) {
return res.status(404).json({ message: "User not found" });
}
await user.destroy();
// Log the deletion action
await logActivity(
req.user.id,
"Удаление сотрудника",
`Удален сотрудник: ${user.username}`
);
res.json({ message: "User deleted" });
} catch (error) {
res.status(500).json({ message: "Server error" });
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink