fix(striker-ui-api): make only admin can see all users

main
Tsu-ba-me 2 years ago
parent 61deceb849
commit 7465a3ab4e
  1. 13
      striker-ui-api/src/lib/request_handlers/user/getUser.ts

@ -2,13 +2,22 @@ import buildGetRequestHandler from '../buildGetRequestHandler';
import { buildQueryResultReducer } from '../../buildQueryResultModifier'; import { buildQueryResultReducer } from '../../buildQueryResultModifier';
export const getUser = buildGetRequestHandler((request, buildQueryOptions) => { export const getUser = buildGetRequestHandler((request, buildQueryOptions) => {
const { user: { uuid: sessionUserUuid } = {} } = request; const { user: { name: sessionUserName, uuid: sessionUserUuid } = {} } =
request;
let condLimitRegular = '';
if (sessionUserName !== 'admin') {
condLimitRegular = `WHERE user_uuid = '${sessionUserUuid}'`;
}
const query = ` const query = `
SELECT SELECT
a.user_name, a.user_name,
a.user_uuid a.user_uuid
FROM users AS a;`; FROM users AS a
${condLimitRegular};`;
const afterQueryReturn: QueryResultModifierFunction | undefined = const afterQueryReturn: QueryResultModifierFunction | undefined =
buildQueryResultReducer< buildQueryResultReducer<
Record<string, { userName: string; userUUID: string }> Record<string, { userName: string; userUUID: string }>

Loading…
Cancel
Save