Skip to content

Commit

Permalink
Fix bug preventing org. admins to add new users
Browse files Browse the repository at this point in the history
Organization admins aren't allowed to write the field `superAdmin` for
security reasons, so creating new users with `superAdmin: false` would
fail even though it's `false`. Just don't write that field at all.
  • Loading branch information
simenheg committed Mar 20, 2024
1 parent 4e3097f commit 35d319b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 23 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format

## [UNRELEASED]

### Fixed

- Fixed a bug that made organization admins unable to add new users.

### Security

- Updated dependencies.
Expand Down
37 changes: 14 additions & 23 deletions src/db/User/User.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,27 +9,20 @@ export const getAllUserIds = () =>
export const getUserFromId = (id) => collectionReference.doc(id).get();

export const create = async (user) => {
try {
if (!user.email) {
throw new Error('Invalid email');
}

const { exists } = await collectionReference.doc(user.id).get();
if (exists) {
throw new Error(`User ${user.id} already exists!`);
}

await collectionReference.doc(user.id).set({
...user,
superAdmin: false,
admin: [],
preferences,
});

return true;
} catch (error) {
throw new Error(`Could not add user ${user.id}`);
if (!user.email) {
throw new Error('Invalid email');
}

const { exists } = await collectionReference.doc(user.id).get();
if (exists) {
throw new Error(`User ${user.id} already exists!`);
}

await collectionReference.doc(user.id).set({
...user,
admin: [],
preferences,
});
};

export const remove = async (user) => {
Expand Down Expand Up @@ -66,9 +59,7 @@ export const addUsers = async (userList) => {
if (!userList || !userList.length) {
throw new Error('Invalid data');
}
const promises = userList
.map((email) => ({ id: email, email, superAdmin: false, admin: [] }))
.map(create);
const promises = userList.map((email) => ({ id: email, email })).map(create);

try {
return Promise.all(promises);
Expand Down

0 comments on commit 35d319b

Please sign in to comment.