diff --git a/internal/controllers/userController.go b/internal/controllers/userController.go index 8286c2f..bfffdd3 100644 --- a/internal/controllers/userController.go +++ b/internal/controllers/userController.go @@ -179,7 +179,7 @@ func (h *UserController) GetVerificationByUserID(c fiber.Ctx) error { // @Success 200 {object} response.CommonResponse // @Failure 400 {object} response.CommonResponse // @Failure 500 {object} response.CommonResponse -// @Router /users/{id} [put] +// @Router /users/current [put] func (h *UserController) UpdateProfile(c fiber.Ctx) error { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() @@ -187,7 +187,7 @@ func (h *UserController) UpdateProfile(c fiber.Ctx) error { dto := &request.UpdateProfileDto{} if err := validator.ValidateBodyDto(c, dto); err != nil { return c.Status(fiber.StatusBadRequest).JSON(response.CommonResponse{ - Status: false, + Status: false, Errors: err, }) } @@ -217,14 +217,14 @@ func (h *UserController) UpdateProfile(c fiber.Ctx) error { // @Success 200 {object} response.CommonResponse // @Failure 400 {object} response.CommonResponse // @Failure 500 {object} response.CommonResponse -// @Router /users/{id}/password [patch] +// @Router /users/current/password [patch] func (h *UserController) ChangePassword(c fiber.Ctx) error { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() dto := &request.ChangePasswordDto{} if err := validator.ValidateBodyDto(c, dto); err != nil { return c.Status(fiber.StatusBadRequest).JSON(response.CommonResponse{ - Status: false, + Status: false, Errors: err, }) } @@ -317,7 +317,7 @@ func (h *UserController) ChangeRoleUser(c fiber.Ctx) error { dto := &request.ChangeRoleDto{} if err := validator.ValidateBodyDto(c, dto); err != nil { return c.Status(fiber.StatusBadRequest).JSON(response.CommonResponse{ - Status: false, + Status: false, Errors: err, }) } @@ -336,8 +336,8 @@ func (h *UserController) ChangeRoleUser(c fiber.Ctx) error { Message: "Invalid user claims", }) } - - user, err := h.service.ChangeRoleUser(ctx, claims, dto) + userId := c.Params("id") + user, err := h.service.ChangeRoleUser(ctx, userId, claims, dto) if err != nil { return c.Status(fiber.StatusInternalServerError).JSON(response.CommonResponse{ Status: false, @@ -397,7 +397,7 @@ func (h *UserController) SearchUser(c fiber.Ctx) error { dto := &request.SearchUserDto{} if err := validator.ValidateQueryDto(c, dto); err != nil { return c.Status(fiber.StatusBadRequest).JSON(response.CommonResponse{ - Status: false, + Status: false, Errors: err, }) } diff --git a/internal/dtos/request/user.go b/internal/dtos/request/user.go index 73411be..1372f5d 100644 --- a/internal/dtos/request/user.go +++ b/internal/dtos/request/user.go @@ -18,7 +18,6 @@ type ChangePasswordDto struct { } type ChangeRoleDto struct { - UserID string `json:"user_id" validate:"required,uuid"` Roles []string `json:"role_ids" validate:"required,min=1,dive,required,uuid"` } diff --git a/internal/routes/userRoute.go b/internal/routes/userRoute.go index 0776691..74e39c1 100644 --- a/internal/routes/userRoute.go +++ b/internal/routes/userRoute.go @@ -17,6 +17,12 @@ func UserRoutes(app *fiber.App, controller *controllers.UserController, userRepo middlewares.JwtAccess(userRepo), controller.GetUserCurrent, ) + + route.Put( + "/current", + middlewares.JwtAccess(userRepo), + controller.UpdateProfile, + ) route.Get( "/current/media", @@ -30,6 +36,12 @@ func UserRoutes(app *fiber.App, controller *controllers.UserController, userRepo controller.GetUserApplication, ) + route.Patch( + "/current/password", + middlewares.JwtAccess(userRepo), + controller.ChangePassword, + ) + route.Get( "/:id", middlewares.JwtAccess(userRepo), @@ -37,12 +49,6 @@ func UserRoutes(app *fiber.App, controller *controllers.UserController, userRepo controller.GetUserById, ) - route.Put( - "/:id", - middlewares.JwtAccess(userRepo), - controller.UpdateProfile, - ) - route.Delete( "/:id", middlewares.JwtAccess(userRepo), @@ -74,16 +80,10 @@ func UserRoutes(app *fiber.App, controller *controllers.UserController, userRepo route.Patch( "/:id/role", middlewares.JwtAccess(userRepo), - middlewares.RequireAnyRole(constants.ADMIN), + middlewares.RequireAnyRole(constants.ADMIN, constants.MOD), controller.ChangeRoleUser, ) - route.Patch( - "/:id/password", - middlewares.JwtAccess(userRepo), - controller.ChangePassword, - ) - route.Get( "/", middlewares.JwtAccess(userRepo), diff --git a/internal/services/userService.go b/internal/services/userService.go index 594259c..0fee487 100644 --- a/internal/services/userService.go +++ b/internal/services/userService.go @@ -27,7 +27,7 @@ type UserService interface { //admin DeleteUser(ctx context.Context, userId string) error - ChangeRoleUser(ctx context.Context, claims *response.JWTClaims, dto *request.ChangeRoleDto) (*response.UserResponse, error) + ChangeRoleUser(ctx context.Context, userId string, claims *response.JWTClaims, dto *request.ChangeRoleDto) (*response.UserResponse, error) RestoreUser(ctx context.Context, userId string) (*response.UserResponse, error) GetUserByID(ctx context.Context, userId string) (*response.UserResponse, error) SearchUser(ctx context.Context, dto *request.SearchUserDto) (*response.PaginatedResponse, error) @@ -84,13 +84,13 @@ func (u *userService) ChangePassword(ctx context.Context, userId string, dto *re return nil } -func (u *userService) ChangeRoleUser(ctx context.Context, claims *response.JWTClaims, dto *request.ChangeRoleDto) (*response.UserResponse, error) { - userId, err := convert.StringToUUID(dto.UserID) +func (u *userService) ChangeRoleUser(ctx context.Context, userId string, claims *response.JWTClaims, dto *request.ChangeRoleDto) (*response.UserResponse, error) { + userUUID, err := convert.StringToUUID(userId) if err != nil { return nil, fiber.NewError(fiber.StatusInternalServerError, err.Error()) } - user, err := u.userRepo.GetByID(ctx, userId) + user, err := u.userRepo.GetByID(ctx, userUUID) if err != nil { return nil, fiber.NewError(fiber.StatusNotFound, err.Error()) } @@ -132,11 +132,11 @@ func (u *userService) ChangeRoleUser(ctx context.Context, claims *response.JWTCl return nil, fiber.NewError(fiber.StatusForbidden, "MOD cannot assign ADMIN role to any user") } - if dto.UserID == claims.UId && !hasModRole { + if userId == claims.UId && !hasModRole { return nil, fiber.NewError(fiber.StatusForbidden, "You can't remove MOD role of yourself") } - if dto.UserID == claims.UId && hasBannedRole { + if userId == claims.UId && hasBannedRole { return nil, fiber.NewError(fiber.StatusForbidden, "You can't assign BANNED role to yourself") } isTargetAdminOrMod := false @@ -152,11 +152,11 @@ func (u *userService) ChangeRoleUser(ctx context.Context, claims *response.JWTCl } if slices.Contains(claims.Roles, constants.ADMIN) { - if dto.UserID == claims.UId && hasBannedRole { + if userId == claims.UId && hasBannedRole { return nil, fiber.NewError(fiber.StatusForbidden, "You can't assign BANNED role to yourself") } - if dto.UserID == claims.UId && !hasAdminRole { + if userId == claims.UId && !hasAdminRole { return nil, fiber.NewError(fiber.StatusForbidden, "You can't remove ADMIN role of yourself") } } @@ -172,13 +172,13 @@ func (u *userService) ChangeRoleUser(ctx context.Context, claims *response.JWTCl user.Roles = append(user.Roles, role.ToRoleSimple()) } - err = u.roleRepo.BulkDeleteRolesFromUser(ctx, userId) + err = u.roleRepo.BulkDeleteRolesFromUser(ctx, userUUID) if err != nil { return nil, fiber.NewError(fiber.StatusInternalServerError, err.Error()) } err = u.roleRepo.CreateUserRole(ctx, sqlc.CreateUserRoleParams{ - UserID: userId, + UserID: userUUID, Column2: roleIdList, }) if err != nil { @@ -186,7 +186,7 @@ func (u *userService) ChangeRoleUser(ctx context.Context, claims *response.JWTCl } err = u.userRepo.UpdateTokenVersion(ctx, sqlc.UpdateTokenVersionParams{ - ID: userId, + ID: userUUID, TokenVersion: user.TokenVersion + 1, }) if err != nil {