Update frontend login page.jsx และ backend
This commit is contained in:
admin
@@ -1,32 +1,51 @@
|
||||
import { Router } from 'express';
|
||||
import sql from '../db/index.js';
|
||||
import { requirePerm } from '../middleware/requirePerm.js';
|
||||
import PERM from '../config/permissions.js';
|
||||
// FILE: src/routes/users.js
|
||||
// 03.2 11) เพิ่ม routes/users.js (ใหม่)
|
||||
// - ใช้ร่วมกับ requirePerm()
|
||||
// - สำหรับดูข้อมูลผู้ใช้ตัวเอง และรายชื่อผู้ใช้ (สำหรับ SUPER_ADMIN หรือ ADMIN เท่านั้น)
|
||||
// Users routes
|
||||
// - GET /me to get current user info and roles
|
||||
// - GET /api/users to list users (for SUPER_ADMIN or ADMIN only)
|
||||
// - Requires appropriate permissions via requirePerm middleware
|
||||
// - Uses req.principal loaded by loadPrincipal middleware
|
||||
// (make sure to use loadPrincipalMw() in app.js or the parent router)
|
||||
// (e.g. app.use('/api', requireAuth(), enrichPermissions(), loadPrincipalMw(), apiRouter);)
|
||||
// - req.principal has { userId, roleIds, roleCodes, permissions }
|
||||
// (see utils/rbac.js for details)
|
||||
// - Uses Sequelize ORM for DB access
|
||||
|
||||
import { Router } from "express";
|
||||
import sql from "../db/index.js";
|
||||
import { requirePerm } from "../middleware/requirePerm.js";
|
||||
import PERM from "../config/permissions.js";
|
||||
|
||||
const r = Router();
|
||||
|
||||
// ME
|
||||
r.get('/me', async (req, res) => {
|
||||
const [[u]] = await sql.query('SELECT user_id, username, email, first_name, last_name FROM users WHERE user_id=?',
|
||||
[req.principal.userId]);
|
||||
if (!u) return res.status(404).json({ error: 'User not found' });
|
||||
r.get("/me", async (req, res) => {
|
||||
const [[u]] = await sql.query(
|
||||
"SELECT user_id, username, email, first_name, last_name FROM users WHERE user_id=?",
|
||||
[req.principal.userId]
|
||||
);
|
||||
if (!u) return res.status(404).json({ error: "User not found" });
|
||||
|
||||
// roles in plain
|
||||
const [roles] = await sql.query(`
|
||||
const [roles] = await sql.query(
|
||||
`
|
||||
SELECT r.role_code, r.role_name, ur.org_id, ur.project_id
|
||||
FROM user_roles ur JOIN roles r ON r.role_id = ur.role_id
|
||||
WHERE ur.user_id=?`, [req.principal.userId]);
|
||||
WHERE ur.user_id=?`,
|
||||
[req.principal.userId]
|
||||
);
|
||||
|
||||
res.json({ ...u, roles, role_codes: [...req.principal.roleCodes] });
|
||||
});
|
||||
|
||||
// (optional) USERS LIST – ให้เฉพาะ SUPER_ADMIN หรือ ADMIN (ใน org ตัวเอง)
|
||||
r.get('/',
|
||||
requirePerm('user.read', { scope: 'global' }),
|
||||
async (req, res) => {
|
||||
const [rows] = await sql.query('SELECT user_id, username, email FROM users LIMIT 200');
|
||||
res.json(rows);
|
||||
}
|
||||
);
|
||||
r.get("/", requirePerm("user.read", { scope: "global" }), async (req, res) => {
|
||||
const [rows] = await sql.query(
|
||||
"SELECT user_id, username, email FROM users LIMIT 200"
|
||||
);
|
||||
res.json(rows);
|
||||
});
|
||||
|
||||
export default r;
|
||||
|
||||
Reference in New Issue
Block a user