monkeeShark/packages/backend/src/server/api/endpoints/admin/roles/unassign.ts

102 lines
2.8 KiB
TypeScript
Raw Normal View History

import { Inject, Injectable } from '@nestjs/common';
import { Endpoint } from '@/server/api/endpoint-base.js';
import type { RoleAssignmentsRepository, RolesRepository, UsersRepository } from '@/models/index.js';
import { DI } from '@/di-symbols.js';
import { ApiError } from '@/server/api/error.js';
import { IdService } from '@/core/IdService.js';
import { GlobalEventService } from '@/core/GlobalEventService.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = {
tags: ['admin', 'role'],
requireCredential: true,
requireModerator: true,
errors: {
noSuchRole: {
message: 'No such role.',
code: 'NO_SUCH_ROLE',
id: '6e519036-a70d-4c76-b679-bc8fb18194e2',
},
noSuchUser: {
message: 'No such user.',
code: 'NO_SUCH_USER',
id: '2b730f78-1179-461b-88ad-d24c9af1a5ce',
},
notAssigned: {
message: 'Not assigned.',
code: 'NOT_ASSIGNED',
id: 'b9060ac7-5c94-4da4-9f55-2047c953df44',
},
accessDenied: {
message: 'Only administrators can edit members of the role.',
code: 'ACCESS_DENIED',
id: '24636eee-e8c1-493e-94b2-e16ad401e262',
},
},
} as const;
export const paramDef = {
type: 'object',
properties: {
roleId: { type: 'string', format: 'misskey:id' },
userId: { type: 'string', format: 'misskey:id' },
},
required: [
'roleId',
'userId',
],
} as const;
// eslint-disable-next-line import/no-default-export
@Injectable()
export default class extends Endpoint<typeof meta, typeof paramDef> {
constructor(
@Inject(DI.usersRepository)
private usersRepository: UsersRepository,
@Inject(DI.rolesRepository)
private rolesRepository: RolesRepository,
@Inject(DI.roleAssignmentsRepository)
private roleAssignmentsRepository: RoleAssignmentsRepository,
private globalEventService: GlobalEventService,
private roleService: RoleService,
private idService: IdService,
) {
super(meta, paramDef, async (ps, me) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
throw new ApiError(meta.errors.accessDenied);
}
const user = await this.usersRepository.findOneBy({ id: ps.userId });
if (user == null) {
throw new ApiError(meta.errors.noSuchUser);
}
const roleAssignment = await this.roleAssignmentsRepository.findOneBy({ userId: user.id, roleId: role.id });
if (roleAssignment == null) {
throw new ApiError(meta.errors.notAssigned);
}
await this.roleAssignmentsRepository.delete(roleAssignment.id);
this.rolesRepository.update(ps.roleId, {
lastUsedAt: new Date(),
});
this.globalEventService.publishInternalEvent('userRoleUnassigned', roleAssignment);
});
}
}