github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add check making sure you have at least one admin role left before deletion

Browse Source
This commit is contained in:
rijkvanzanten
2020-10-13 16:27:02 -04:00
parent ea7ad5481a
commit 99b7ba0e2e
1 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
api/src/services/roles.ts
View File

@@ -3,6 +3,7 @@ import { AbstractServiceOptions, PrimaryKey } from '../types';
import { PermissionsService } from './permissions';
import { UsersService } from './users';
import { PresetsService } from './presets';
import { UnprocessableEntityException } from '../exceptions';
export class RolesService extends ItemsService {
constructor(options?: AbstractServiceOptions) {
@@ -14,15 +15,28 @@ export class RolesService extends ItemsService {
async delete(key: PrimaryKey | PrimaryKey[]): Promise<PrimaryKey | PrimaryKey[]> {
const keys = Array.isArray(key) ? key : [key];
// Make sure there's at least one admin role left after this deletion is done
const otherAdminRoles = await this.knex
.count('*', { as: 'count' })
.from('directus_roles')
.whereNotIn('id', keys)
.andWhere({ admin_access: true })
.first();
const otherAdminRolesCount = +(otherAdminRoles?.count || 0);
if (otherAdminRolesCount === 0)
throw new UnprocessableEntityException('You have to have at least one admin role.');
// Remove all permissions associated with this role
const permissionsService = new PermissionsService({
knex: this.knex,
accountability: this.accountability,
});
const permissionsForRole = await permissionsService.readByQuery({
const permissionsForRole = (await permissionsService.readByQuery({
fields: ['id'],
filter: { role: { _in: keys } },
}) as { id: number }[];
})) as { id: number }[];
const permissionIDs = permissionsForRole.map((permission) => permission.id);
await permissionsService.delete(permissionIDs);
@@ -31,10 +45,12 @@ export class RolesService extends ItemsService {
knex: this.knex,
accountability: this.accountability,
});
const presetsForRole = await presetsService.readByQuery({
const presetsForRole = (await presetsService.readByQuery({
fields: ['id'],
filter: { role: { _in: keys } },
}) as { id: string }[];
})) as { id: string }[];
const presetIDs = presetsForRole.map((preset) => preset.id);
await presetsService.delete(presetIDs);
@@ -43,10 +59,12 @@ export class RolesService extends ItemsService {
knex: this.knex,
accountability: this.accountability,
});
const usersInRole = await usersService.readByQuery({
const usersInRole = (await usersService.readByQuery({
fields: ['id'],
filter: { role: { _in: keys } },
}) as { id: string }[];
})) as { id: string }[];
const userIDs = usersInRole.map((user) => user.id);
await usersService.update({ status: 'suspended', role: null }, userIDs);