@@ -333,9 +333,12 @@ router.post('/project/:id/request/user', async function (req, res) {
333333 if ( ! project ) {
334334 return res . status ( 404 ) . send ( { message : 'Project ' + req . params . id + ' not found' } ) ;
335335 }
336- if ( ( ! project . managers || ! project . managers . includes ( user . uid ) ) && user . uid != project . owner ) {
336+ if ( ( ! project . managers || ! project . managers . includes ( user . uid ) ) && user . uid !== project . owner && ! user . is_admin ) {
337337 return res . status ( 401 ) . send ( { message : 'User ' + user . uid + ' is not project manager for project ' + project . id } ) ;
338338 }
339+ if ( req . body . user == project . owner ) {
340+ return res . status ( 403 ) . send ( { message : 'User ' + req . body . user + ' is the owner of project ' + project . id } ) ;
341+ }
339342 let newuser = await dbsrv . mongo_users ( ) . findOne ( { uid : req . body . user } ) ;
340343 if ( ! newuser ) {
341344 return res . status ( 404 ) . send ( { message : 'User ' + req . body . user + ' not found' } ) ;
@@ -377,8 +380,8 @@ router.post('/project/:id/add/manager/:uid', async function(req, res) {
377380 if ( ! project ) {
378381 return res . status ( 404 ) . send ( { message : 'Project ' + req . params . id + ' not found' } ) ;
379382 }
380- if ( user . uid != project . owner ) {
381- return res . status ( 401 ) . send ( { message : 'User ' + user . uid + ' is not the owner of project ' + project . id } ) ;
383+ if ( user . uid != project . owner && ! user . is_admin ) {
384+ return res . status ( 401 ) . send ( { message : 'Non-admin user ' + user . uid + ' is not the owner of project ' + project . id } ) ;
382385 }
383386 const new_manager = await dbsrv . mongo_users ( ) . findOne ( { 'uid' : req . params . uid } ) ;
384387 if ( ! new_manager ) {
@@ -405,7 +408,7 @@ router.post('/project/:id/add/manager/:uid', async function(req, res) {
405408 return res . status ( 500 ) . send ( { message : 'Server Error, contact admin' } ) ;
406409 }
407410 }
408- return res . send ( { message : req . body . request + ' ' + req . body . user + ' done' } ) ;
411+ return res . send ( { message : 'Add manager ' + new_manager . uid + ' done' } ) ;
409412} ) ;
410413
411414
@@ -424,8 +427,8 @@ router.post('/project/:id/remove/manager/:uid', async function(req, res) {
424427 if ( ! project ) {
425428 return res . status ( 404 ) . send ( { message : 'Project ' + req . params . id + ' not found' } ) ;
426429 }
427- if ( user . uid != project . owner ) {
428- return res . status ( 401 ) . send ( { message : 'User ' + user . uid + ' is not the owner of project ' + project . id } ) ;
430+ if ( user . uid != project . owner && ! user . is_admin ) {
431+ return res . status ( 401 ) . send ( { message : 'Non-admin user ' + user . uid + ' is not the owner of project ' + project . id } ) ;
429432 }
430433 const ex_manager = await dbsrv . mongo_users ( ) . findOne ( { 'uid' : req . params . uid } ) ;
431434 if ( ! ex_manager ) {
@@ -449,7 +452,7 @@ router.post('/project/:id/remove/manager/:uid', async function(req, res) {
449452 return res . status ( 500 ) . send ( { message : 'Server Error, contact admin' } ) ;
450453 }
451454 }
452- return res . send ( { message : req . body . request + ' ' + req . body . user + ' done' } ) ;
455+ return res . send ( { message : 'Remove manager ' + ex_manager . uid + ' done' } ) ;
453456} ) ;
454457
455458
0 commit comments