add an api to remove privilaged roles to all users (#1355)

RitikJaiswal75 · web-flow · commit 37b6152d8690 · 2023-08-01T01:21:21.000+05:30
* add an api to remove privilaged roles to all users

* add middleware to allow body
diff --git a/controllers/staging.js b/controllers/staging.js
@@ -1,4 +1,4 @@
-const { addOrUpdate } = require("../models/users");
+const { addOrUpdate, getUsersByRole } = require("../models/users");
 
 const updateRoles = async (req, res) => {
   try {
@@ -29,6 +29,58 @@ const updateRoles = async (req, res) => {
   }
 };
 
+const removePrivileges = async (req, res) => {
+  if (process.env.NODE_ENV === "production") {
+    return res.status(403).json({
+      message: "FORBIDDEN | To be used only in staging and development",
+    });
+  }
+  try {
+    const updateUserPromises = [];
+    const members = await getUsersByRole("member");
+    const superUsers = await getUsersByRole("super_user");
+
+    members.forEach((member) => {
+      updateUserPromises.push(
+        addOrUpdate(
+          {
+            roles: {
+              ...member.roles,
+              member: false,
+            },
+          },
+          member.id
+        )
+      );
+    });
+    superUsers.forEach((superUser) => {
+      updateUserPromises.push(
+        addOrUpdate(
+          {
+            roles: {
+              ...superUser.roles,
+              super_user: false,
+            },
+          },
+          superUser.id
+        )
+      );
+    });
+
+    await Promise.all(updateUserPromises);
+
+    return res.status(200).json({
+      message: "Roles Updated successfully",
+    });
+  } catch (err) {
+    logger.error(`Oops an error occurred: ${err}`);
+    return res.status(500).json({
+      message: "Oops an internal error occurred",
+    });
+  }
+};
+
 module.exports = {
   updateRoles,
+  removePrivileges,
 };
diff --git a/middlewares/validators/staging.js b/middlewares/validators/staging.js
@@ -17,6 +17,23 @@ const validateUserRoles = async (req, res, next) => {
   }
 };
 
+const validateRevokePrivileges = async (req, res, next) => {
+  const schema = joi
+    .object()
+    .strict()
+    .keys({
+      action: joi.string().equal("revoke"),
+    });
+  try {
+    await schema.validateAsync(req.body);
+    next();
+  } catch (err) {
+    logger.error(`Error validating validateUserRoles payload : ${err}`);
+    res.boom.badRequest(JSON.stringify({ allowedParameters: { action: "revoke" } }));
+  }
+};
+
 module.exports = {
   validateUserRoles,
+  validateRevokePrivileges,
 };
diff --git a/routes/staging.js b/routes/staging.js
@@ -1,9 +1,10 @@
 const express = require("express");
 const authenticate = require("../middlewares/authenticate");
-const { validateUserRoles } = require("../middlewares/validators/staging");
-const { updateRoles } = require("../controllers/staging");
+const { validateUserRoles, validateRevokePrivileges } = require("../middlewares/validators/staging");
+const { updateRoles, removePrivileges } = require("../controllers/staging");
 const router = express.Router();
 
 router.patch("/user", validateUserRoles, authenticate, updateRoles);
+router.post("/users/privileges", validateRevokePrivileges, removePrivileges);
 
 module.exports = router;
