fix(admin): add restriction about admin modify their status

apache · Feb 23, 2023 · 4ca2429 · 4ca2429
1 parent 15390ad
commit 4ca2429
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 4 deletions.
diff --git a/i18n/en_US.yaml b/i18n/en_US.yaml
@@ -37,6 +37,8 @@ backend:
     admin:
       cannot_update_their_password:
         other: You cannot modify your password.
+      cannot_modify_self_status:
+        other: You cannot modify your status.
       email_or_password_wrong:
         other: Email and password do not match.
     answer:

diff --git a/internal/base/reason/reason.go b/internal/base/reason/reason.go
@@ -65,4 +65,5 @@ const (
 	NotAllowedRegistration           = "error.user.not_allowed_registration"
 	SMTPConfigFromNameCannotBeEmail  = "error.smtp.config_from_name_cannot_be_email"
 	AdminCannotUpdateTheirPassword   = "error.admin.cannot_update_their_password"
+	AdminCannotModifySelfStatus      = "error.admin.cannot_modify_self_status"
 )
diff --git a/internal/controller_admin/user_backyard_controller.go b/internal/controller_admin/user_backyard_controller.go
@@ -34,6 +34,8 @@ func (uc *UserAdminController) UpdateUserStatus(ctx *gin.Context) {
 		return
 	}
 
+	req.LoginUserID = middleware.GetLoginUserIDFromContext(ctx)
+
 	err := uc.userService.UpdateUserStatus(ctx, req)
 	handler.HandleResponse(ctx, err, nil)
 }

diff --git a/internal/schema/backyard_user_schema.go b/internal/schema/backyard_user_schema.go
@@ -2,10 +2,9 @@ package schema
 
 // UpdateUserStatusReq update user request
 type UpdateUserStatusReq struct {
-	// user id
-	UserID string `validate:"required" json:"user_id"`
-	// user status
-	Status string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	UserID      string `validate:"required" json:"user_id"`
+	Status      string `validate:"required,oneof=normal suspended deleted inactive" json:"status" enums:"normal,suspended,deleted,inactive"`
+	LoginUserID string `json:"-"`
 }
 
 const (

diff --git a/internal/service/user_admin/user_backyard.go b/internal/service/user_admin/user_backyard.go
@@ -61,6 +61,10 @@ func NewUserAdminService(
 
 // UpdateUserStatus update user
 func (us *UserAdminService) UpdateUserStatus(ctx context.Context, req *schema.UpdateUserStatusReq) (err error) {
+	// Admin cannot modify their status
+	if req.UserID == req.LoginUserID {
+		return errors.BadRequest(reason.AdminCannotModifySelfStatus)
+	}
 	userInfo, exist, err := us.userRepo.GetUserInfo(ctx, req.UserID)
 	if err != nil {
 		return