Added privilege modification to the API

2021-03-12 15:04:01 +11:00
parent cbd3ed9d3e
commit 61ddd5b38f
4 changed files with 38 additions and 2 deletions
@@ -0,0 +1,25 @@
+const { accounts } = require('../database/models');
+
+//auth/account/privilege
+const route = async (req, res) => {
+	//check the user's privilege
+	if (req.user.privilege != 'administrator') {
+		return res.status(401).send('Only admins can change privilege');
+	}
+
+	const updated = await accounts.update({
+		privilege: req.body.privilege
+	}, {
+		where: {
+			username: req.body.username
+		}
+	});
+
+	if (updated < 1) {
+		return res.status(403).send(`Unknown account`);
+	}
+
+	return res.status(200).end();
+};
+
+module.exports = route;