diff --git a/server/resolvers/adminUpdateUser.go b/server/resolvers/adminUpdateUser.go index 2aa9bf6..334c4a9 100644 --- a/server/resolvers/adminUpdateUser.go +++ b/server/resolvers/adminUpdateUser.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/enum" "github.com/authorizerdev/authorizer/server/graph/model" @@ -91,7 +92,7 @@ func AdminUpdateUser(ctx context.Context, params model.AdminUpdateUserInput) (*m inputRoles = append(inputRoles, *item) } - if !utils.IsValidRolesArray(inputRoles) { + if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), inputRoles) { return res, fmt.Errorf("invalid list of roles") } diff --git a/server/resolvers/signup.go b/server/resolvers/signup.go index 2eeb982..8cebd10 100644 --- a/server/resolvers/signup.go +++ b/server/resolvers/signup.go @@ -39,7 +39,7 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse, if len(params.Roles) > 0 { // check if roles exists - if !utils.IsValidRolesArray(params.Roles) { + if !utils.IsValidRoles(constants.ROLES, params.Roles) { return res, fmt.Errorf(`invalid roles`) } else { inputRoles = params.Roles diff --git a/server/resolvers/updateProfile.go b/server/resolvers/updateProfile.go index 25f8095..14d47ec 100644 --- a/server/resolvers/updateProfile.go +++ b/server/resolvers/updateProfile.go @@ -124,31 +124,6 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model }() } - // TODO this idea needs to be verified otherwise every user can make themselves super admin - // rolesToSave := "" - // if params.Roles != nil && len(params.Roles) > 0 { - // currentRoles := strings.Split(user.Roles, ",") - // inputRoles := []string{} - // for _, item := range params.Roles { - // inputRoles = append(inputRoles, *item) - // } - - // if !utils.IsValidRolesArray(inputRoles) { - // return res, fmt.Errorf("invalid list of roles") - // } - - // if !utils.IsStringArrayEqual(inputRoles, currentRoles) { - // rolesToSave = strings.Join(inputRoles, ",") - // } - - // session.DeleteToken(fmt.Sprintf("%v", user.ID)) - // utils.DeleteCookie(gc) - // } - - // if rolesToSave != "" { - // user.Roles = rolesToSave - // } - _, err = db.Mgr.UpdateUser(user) if err != nil { log.Println("Error updating user:", err) diff --git a/server/utils/validator.go b/server/utils/validator.go index 192289c..1a02376 100644 --- a/server/utils/validator.go +++ b/server/utils/validator.go @@ -40,22 +40,6 @@ func IsSuperAdmin(gc *gin.Context) bool { return secret == constants.ADMIN_SECRET } -func IsValidRolesArray(roles []string) bool { - valid := true - currentRoleMap := map[string]bool{} - - for _, currentRole := range constants.ROLES { - currentRoleMap[currentRole] = true - } - for _, inputRole := range roles { - if !currentRoleMap[inputRole] { - valid = false - break - } - } - return valid -} - func IsValidRoles(userRoles []string, roles []string) bool { valid := true for _, role := range roles {