Fovway/time-tracking-eltex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
time-tracking-eltex/backend/routes/users.js
Fovway 765039c953 modified: backend/routes/users.js 
modified:   backend/server.js
	modified:   frontend/src/components/AdminPanel.jsx
	modified:   frontend/src/components/ManagerPanel.jsx
2025-10-13 23:50:26 +07:00

132 lines
3.6 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const express = require("express");
const { User } = require("../models");
const { logActivity } = require("./activityLogs");
const {
authenticate,
authorizeAdmin,
authorizeManager,
} = require("../middleware/auth");
const router = express.Router();
// Get all users (admin and manager)
router.get("/", authenticate, authorizeManager, async (req, res) => {
try {
const users = await User.findAll({
attributes: ["id", "username", "role"],
});
res.json(users);
} catch (error) {
res.status(500).json({ message: "Server error" });
}
});
// Create user (admin and manager)
router.post("/", authenticate, authorizeManager, async (req, res) => {
try {
const { username, password, role } = req.body;
let userRole = role || "user";
// Managers cannot create admins
if (userRole === "admin" && req.user.role !== "admin") {
return res
.status(403)
.json({ message: "Managers cannot create admin users" });
}
// Managers can only create users or managers
if (
req.user.role === "manager" &&
!["user", "manager"].includes(userRole)
) {
return res
.status(403)
.json({ message: "Managers can only create users or managers" });
}
// Check if user already exists
const existingUser = await User.findOne({ where: { username } });
if (existingUser) {
console.log(
`Попытка создания пользователя с существующим именем: ${username}`
);
return res
.status(400)
.json({ message: "Такой пользователь уже существует" });
}
const user = await User.create({
username,
password,
role: userRole,
});
// Log the creation action
await logActivity(
req.user.id,
"Создание пользователя",
`Создан новый пользователь: ${username} с ролью ${userRole}`
);
res
.status(201)
.json({ id: user.id, username: user.username, role: user.role });
} catch (error) {
console.error(`Ошибка при создании пользователя: ${error.message}`);
res.status(500).json({ message: "Server error" });
}
});
// Update user password (admin and manager)
router.put(
"/:id/password",
authenticate,
authorizeManager,
async (req, res) => {
try {
const { password } = req.body;
const user = await User.findByPk(req.params.id);
if (!user) {
return res.status(404).json({ message: "User not found" });
}
user.password = password;
await user.save();
// Log the password reset action
await logActivity(
req.user.id,
"Сброс пароля",
`Сброшен пароль для пользователя: ${user.username}`
);
res.json({ message: "Password updated" });
} catch (error) {
res.status(500).json({ message: "Server error" });
}
}
);
// Delete user (admin and manager)
router.delete("/:id", authenticate, authorizeManager, async (req, res) => {
try {
const user = await User.findByPk(req.params.id);
if (!user) {
return res.status(404).json({ message: "User not found" });
}
await user.destroy();
// Log the deletion action
await logActivity(
req.user.id,
"Удаление пользователя",
`Удален пользователь: ${user.username}`
);
res.json({ message: "User deleted" });
} catch (error) {
res.status(500).json({ message: "Server error" });
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink