refactor: remove redundant role field, keep only is_admin
- Remove role column from users schema (migration 0003) - Update auth and admin services to use is_admin only - Remove role from JWT token payloads - Update admin CLI to use is_admin field - Update frontend admin page to use isAdmin boolean - Fix security: remove console.log dumping credentials in settings Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -195,7 +195,6 @@ const app = new Elysia()
|
||||
id: payload.userId,
|
||||
email: payload.email,
|
||||
callsign: payload.callsign,
|
||||
role: payload.role,
|
||||
isAdmin: payload.isAdmin,
|
||||
impersonatedBy: payload.impersonatedBy, // Admin ID if impersonating
|
||||
},
|
||||
@@ -400,7 +399,6 @@ const app = new Elysia()
|
||||
userId: user.id,
|
||||
email: user.email,
|
||||
callsign: user.callsign,
|
||||
role: user.role,
|
||||
isAdmin: user.isAdmin,
|
||||
exp,
|
||||
});
|
||||
@@ -1139,7 +1137,7 @@ const app = new Elysia()
|
||||
|
||||
/**
|
||||
* POST /api/admin/users/:userId/role
|
||||
* Update user role (admin only)
|
||||
* Update user admin status (admin only)
|
||||
*/
|
||||
.post('/api/admin/users/:userId/role', async ({ user, params, body, set }) => {
|
||||
if (!user || !user.isAdmin) {
|
||||
@@ -1153,26 +1151,21 @@ const app = new Elysia()
|
||||
return { success: false, error: 'Invalid user ID' };
|
||||
}
|
||||
|
||||
const { role, isAdmin } = body;
|
||||
const { isAdmin } = body;
|
||||
|
||||
if (!role || typeof isAdmin !== 'boolean') {
|
||||
if (typeof isAdmin !== 'boolean') {
|
||||
set.status = 400;
|
||||
return { success: false, error: 'role and isAdmin are required' };
|
||||
}
|
||||
|
||||
if (!['user', 'admin'].includes(role)) {
|
||||
set.status = 400;
|
||||
return { success: false, error: 'Invalid role' };
|
||||
return { success: false, error: 'isAdmin (boolean) is required' };
|
||||
}
|
||||
|
||||
try {
|
||||
await changeUserRole(user.id, targetUserId, role, isAdmin);
|
||||
await changeUserRole(user.id, targetUserId, isAdmin);
|
||||
return {
|
||||
success: true,
|
||||
message: 'User role updated successfully',
|
||||
message: 'User admin status updated successfully',
|
||||
};
|
||||
} catch (error) {
|
||||
logger.error('Error updating user role', { error: error.message, userId: user.id });
|
||||
logger.error('Error updating user admin status', { error: error.message, userId: user.id });
|
||||
set.status = 400;
|
||||
return {
|
||||
success: false,
|
||||
@@ -1238,7 +1231,6 @@ const app = new Elysia()
|
||||
userId: targetUser.id,
|
||||
email: targetUser.email,
|
||||
callsign: targetUser.callsign,
|
||||
role: targetUser.role,
|
||||
isAdmin: targetUser.isAdmin,
|
||||
impersonatedBy: user.id, // Admin ID who started impersonation
|
||||
exp,
|
||||
@@ -1299,7 +1291,6 @@ const app = new Elysia()
|
||||
userId: adminUser.id,
|
||||
email: adminUser.email,
|
||||
callsign: adminUser.callsign,
|
||||
role: adminUser.role,
|
||||
isAdmin: adminUser.isAdmin,
|
||||
exp,
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user