summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js15
1 files changed, 8 insertions, 7 deletions
diff --git a/server/api/users.js b/server/api/users.js
index 744ffc6..33ad3d3 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -34,16 +34,17 @@ router.getAsync('/:id', async (req, res) => {
// ########################## POST requests #################################
// Post request for adding roles to users.
-router.postAsync('/:id/roles', async (req, res) => {
- if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end()
+router.postAsync('/roles', async (req, res) => {
+ // if (!await req.user.hasPermission('permissions.grantrevoke')) return res.status(403).end()
- const id = req.params.id === 'current' ? req.user.id : req.params.id
- const user = await db.user.findOne({ where: { id } })
- if (user) {
+ const userIds = req.body.users
+ const roleIds = req.body.roles
+ const users = await db.user.findAll({ where: { id: userIds } })
+ if (users) {
if (req.query.delete !== undefined && req.query.delete !== 'false') {
- await user.removeRoles(req.body.ids)
+ users.forEach(user => { user.removeRoles(roleIds) })
} else {
- await user.addRoles(req.body.ids)
+ users.forEach(user => { user.addRoles(roleIds) })
}
res.status(200).end()
} else {