|
|
|
@ -100,10 +100,14 @@ class UserAdminController extends SiteController { |
|
|
|
user: userService, |
|
|
|
} = this.dtp.services; |
|
|
|
try { |
|
|
|
|
|
|
|
const user = await userService.getLocalUserAccount(req.body.userId); |
|
|
|
if (!user) { |
|
|
|
throw new SiteError(404, 'User not found'); |
|
|
|
} |
|
|
|
if (req.user && req.user._id.equals(user._id)) { |
|
|
|
throw new SiteError(400, "You can't archive yourself"); |
|
|
|
} |
|
|
|
res.locals.job = await userService.archiveLocalUser(user); |
|
|
|
loganService.sendRequestEvent(module.exports, req, { |
|
|
|
level: 'info', |
|
|
|
@ -138,6 +142,11 @@ class UserAdminController extends SiteController { |
|
|
|
this.log.debug('local user update', { action: req.body.action }); |
|
|
|
switch (req.body.action) { |
|
|
|
case 'update': |
|
|
|
if (req.user._id.equals(res.locals.userAccount._id)) { |
|
|
|
if (req.user.flags.isAdmin && !(userDefinition.isAdmin === 'on')) { |
|
|
|
throw new SiteError(400, "You can't remove your own admin privileges"); |
|
|
|
} |
|
|
|
} |
|
|
|
await userService.updateLocalForAdmin(res.locals.userAccount, req.body); |
|
|
|
loganService.sendRequestEvent(module.exports, req, { |
|
|
|
level: 'info', |
|
|
|
@ -153,6 +162,9 @@ class UserAdminController extends SiteController { |
|
|
|
break; |
|
|
|
|
|
|
|
case 'ban': |
|
|
|
if (req.user._id.equals(res.locals.userAccount._id)) { |
|
|
|
throw new SiteError(400, "You can't ban yourself"); |
|
|
|
} |
|
|
|
await userService.ban(res.locals.userAccount); |
|
|
|
loganService.sendRequestEvent(module.exports, req, { |
|
|
|
level: 'info', |
|
|
|
|
