ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-08 02:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

org member promotion/demotion

Browse Source
This commit is contained in:
Oliver Bryan
2026-01-09 08:17:01 +00:00
parent c361b5cc64
commit 903fd5f347
5 changed files with 189 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
packages/backend/src/routes/organisation/update-member-role.ts
View File

@@ -1,12 +1,20 @@
import type { BunRequest } from "bun";
import { getOrganisationById, getUserById, updateOrganisationMemberRole } from "../../db/queries";
import type { AuthedRequest } from "../../auth/middleware";
import {
getOrganisationById,
getOrganisationMemberRole,
getUserById,
updateOrganisationMemberRole,
} from "../../db/queries";
// /organisation/update-member-role?organisationId=1&userId=2&role=admin
export default async function organisationUpdateMemberRole(req: BunRequest) {
export default async function organisationUpdateMemberRole(req: AuthedRequest) {
const url = new URL(req.url);
const organisationId = url.searchParams.get("organisationId");
const userId = url.searchParams.get("userId");
const role = url.searchParams.get("role");
if (!role || !["admin", "member"].includes(role)) {
return new Response("Invalid role: must be either 'admin' or 'member'", { status: 400 });
}
if (!organisationId || !userId || !role) {
return new Response(
@@ -32,7 +40,21 @@ export default async function organisationUpdateMemberRole(req: BunRequest) {
return new Response(`user with id ${userId} not found`, { status: 404 });
}
const member = await updateOrganisationMemberRole(orgIdNumber, userIdNumber, role);
const requesterMember = await getOrganisationMemberRole(orgIdNumber, req.userId);
if (!requesterMember) {
return new Response("You are not a member of this organisation", { status: 403 });
}
let member = await getOrganisationMemberRole(orgIdNumber, userIdNumber);
if (!member) {
return new Response(`User with id ${userId} is not a member of this organisation`, { status: 404 });
}
if (requesterMember.role !== "owner" && requesterMember.role !== "admin") {
return new Response("Only owners and admins can update member roles", { status: 403 });
}
member = await updateOrganisationMemberRole(orgIdNumber, userIdNumber, role);
return Response.json(member);
}