fix(admin): add restriction about admin modify their status

2023-02-23 11:44:05 +08:00 · 2023-02-23 11:44:05 +08:00 · 4ca2429d19
parent 15390adbfc
commit 4ca2429d19
5 changed files with 12 additions and 4 deletions
--- a/i18n/en_US.yaml
+++ b/i18n/en_US.yaml
@ -37,6 +37,8 @@ backend:
    admin:
      cannot_update_their_password:
        other: You cannot modify your password.
+      cannot_modify_self_status:
+        other: You cannot modify your status.
      email_or_password_wrong:
        other: Email and password do not match.
    answer:
--- a/internal/base/reason/reason.go
+++ b/internal/base/reason/reason.go
@ -65,4 +65,5 @@ const (
 	NotAllowedRegistration           = "error.user.not_allowed_registration"
 	SMTPConfigFromNameCannotBeEmail  = "error.smtp.config_from_name_cannot_be_email"
 	AdminCannotUpdateTheirPassword   = "error.admin.cannot_update_their_password"
+	AdminCannotModifySelfStatus      = "error.admin.cannot_modify_self_status"
 )
--- a/internal/controller_admin/user_backyard_controller.go
+++ b/internal/controller_admin/user_backyard_controller.go
@ -34,6 +34,8 @@ func (uc *UserAdminController) UpdateUserStatus(ctx *gin.Context) {
 		return
 	}

+	req.LoginUserID = middleware.GetLoginUserIDFromContext(ctx)
+
 	err := uc.userService.UpdateUserStatus(ctx, req)
 	handler.HandleResponse(ctx, err, nil)
 }
--- a/internal/schema/backyard_user_schema.go
+++ b/internal/schema/backyard_user_schema.go
@ -2,10 +2,9 @@ package schema

 // UpdateUserStatusReq update user request
 type UpdateUserStatusReq struct {
-	// user id
-	UserID string `validate:"required" json:"user_id"`
-	// user status
-	Status string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	UserID      string `validate:"required" json:"user_id"`
+	Status      string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	LoginUserID string `json:"-"`
 }

 const (
--- a/internal/service/user_admin/user_backyard.go
+++ b/internal/service/user_admin/user_backyard.go
@ -61,6 +61,10 @@ func NewUserAdminService(

 // UpdateUserStatus update user
 func (us *UserAdminService) UpdateUserStatus(ctx context.Context, req *schema.UpdateUserStatusReq) (err error) {
+	// Admin cannot modify their status
+	if req.UserID == req.LoginUserID {
+		return errors.BadRequest(reason.AdminCannotModifySelfStatus)
+	}
 	userInfo, exist, err := us.userRepo.GetUserInfo(ctx, req.UserID)
 	if err != nil {
 		return