fix: user profile not deleted without "Manage User Access" permission…

… gf-449 (#478) * fix: added check for user self-access gf-449 * refactor: added variables for better semantic gf-449 * feat: added methods for handling user self-deletion and update gf-449 * feat: added methods for handling user self-deletion and update to the frontend gf-449
BinaryStudioAcademy · Sep 24, 2024 · 5e017f5 · 5e017f5
1 parent 1479786
commit 5e017f5
Show file tree

Hide file tree

Showing 8 changed files with 146 additions and 59 deletions.
diff --git a/apps/backend/src/modules/users/user.controller.ts b/apps/backend/src/modules/users/user.controller.ts
@@ -62,30 +62,40 @@ class UserController extends BaseController {
 
 		this.addRoute({
 			handler: (options) =>
-				this.patch(
+				this.delete(
 					options as APIHandlerOptions<{
-						body: UserPatchRequestDto;
 						params: { id: string };
 					}>,
 				),
-			method: "PATCH",
+			method: "DELETE",
 			path: UsersApiPath.$ID,
 			preHandlers: [checkUserPermissions([PermissionKey.MANAGE_USER_ACCESS])],
+		});
+
+		this.addRoute({
+			handler: (options) =>
+				this.patchCurrentUser(
+					options as APIHandlerOptions<{
+						body: UserPatchRequestDto;
+						user: { id: string };
+					}>,
+				),
+			method: "PATCH",
+			path: UsersApiPath.ROOT,
 			validation: {
 				body: userPatchValidationSchema,
 			},
 		});
 
 		this.addRoute({
 			handler: (options) =>
-				this.delete(
+				this.deleteCurrentUser(
 					options as APIHandlerOptions<{
-						params: { id: string };
+						user: { id: string };
 					}>,
 				),
 			method: "DELETE",
-			path: UsersApiPath.$ID,
-			preHandlers: [checkUserPermissions([PermissionKey.MANAGE_USER_ACCESS])],
+			path: UsersApiPath.ROOT,
 		});
 	}
 
@@ -118,6 +128,28 @@ class UserController extends BaseController {
 		};
 	}
 
+	/**
+	 * @swagger
+	 * /users:
+	 *    delete:
+	 *      tags:
+	 *        - Users
+	 *      description: Delete the current user
+	 *      responses:
+	 *        204:
+	 *          description: User deleted successfully
+	 */
+	private async deleteCurrentUser(
+		options: APIHandlerOptions<{
+			user: { id: string };
+		}>,
+	): Promise<APIHandlerResponse> {
+		return {
+			payload: await this.userService.delete(Number(options.user.id)),
+			status: HTTPCode.OK,
+		};
+	}
+
 	/**
 	 * @swagger
 	 * /users:
@@ -167,19 +199,13 @@ class UserController extends BaseController {
 
 	/**
 	 * @swagger
-	 * /users/{id}:
+	 * /users:
 	 *    patch:
 	 *      tags:
 	 *        - Users
-	 *      description: Update user info
-	 *      parameters:
-	 *        - in: path
-	 *          name: id
-	 *          description: ID of the user to update\
-	 *          schema:
-	 *            type: string
+	 *      description: Update current user's information
 	 *      requestBody:
-	 *        description: Updated user object\
+	 *        description: Updated user object
 	 *        content:
 	 *          application/json:
 	 *            schema:
@@ -191,7 +217,7 @@ class UserController extends BaseController {
 	 *                  type: string
 	 *      responses:
 	 *        200:
-	 *          description: Successful operation
+	 *          description: User updated successfully
 	 *          content:
 	 *            application/json:
 	 *              schema:
@@ -201,17 +227,16 @@ class UserController extends BaseController {
 	 *                    type: object
 	 *                    $ref: "#/components/schemas/User"
 	 */
-
-	private async patch(
+	private async patchCurrentUser(
 		options: APIHandlerOptions<{
 			body: UserPatchRequestDto;
-			params: { id: string };
+			user: { id: string };
 		}>,
 	): Promise<APIHandlerResponse> {
-		const userId = Number(options.params.id);
+		const currentUserId = Number(options.user.id);
 
 		return {
-			payload: await this.userService.patch(userId, options.body),
+			payload: await this.userService.patch(currentUserId, options.body),
 			status: HTTPCode.OK,
 		};
 	}

diff --git a/apps/frontend/src/modules/users/slices/actions.ts b/apps/frontend/src/modules/users/slices/actions.ts
@@ -28,6 +28,23 @@ const deleteById = createAsyncThunk<boolean, { id: number }, AsyncThunkConfig>(
 	},
 );
 
+const deleteCurrentUser = createAsyncThunk<
+	boolean,
+	undefined,
+	AsyncThunkConfig
+>(`${sliceName}/delete-current-user`, async (_, { dispatch, extra }) => {
+	const { toastNotifier, userApi } = extra;
+
+	const isDeleted = await userApi.deleteCurrentUser();
+
+	if (isDeleted) {
+		toastNotifier.showSuccess(NotificationMessage.USER_DELETE_SUCCESS);
+		void dispatch(authActions.logout());
+	}
+
+	return isDeleted;
+});
+
 const loadAll = createAsyncThunk<
 	UserGetAllResponseDto,
 	UserGetAllQueryParameters,
@@ -38,19 +55,22 @@ const loadAll = createAsyncThunk<
 	return userApi.getAll(query);
 });
 
-const updateProfile = createAsyncThunk<
+const updateCurrentUserProfile = createAsyncThunk<
 	UserPatchResponseDto,
-	{ id: number; payload: UserPatchRequestDto },
+	UserPatchRequestDto,
 	AsyncThunkConfig
->(`${sliceName}/profile`, async ({ id, payload }, { dispatch, extra }) => {
-	const { toastNotifier, userApi } = extra;
+>(
+	`${sliceName}/update-current-user-profile`,
+	async (payload, { dispatch, extra }) => {
+		const { toastNotifier, userApi } = extra;
 
-	const user = await userApi.patch(id, payload);
-	void dispatch(authActions.getAuthenticatedUser());
+		const user = await userApi.patchCurrentUser(payload);
+		void dispatch(authActions.getAuthenticatedUser());
 
-	toastNotifier.showSuccess(NotificationMessage.PROFILE_UPDATE_SUCCESS);
+		toastNotifier.showSuccess(NotificationMessage.PROFILE_UPDATE_SUCCESS);
 
-	return user;
-});
+		return user;
+	},
+);
 
-export { deleteById, loadAll, updateProfile };
+export { deleteById, deleteCurrentUser, loadAll, updateCurrentUserProfile };
diff --git a/apps/frontend/src/modules/users/slices/users.slice.ts b/apps/frontend/src/modules/users/slices/users.slice.ts
@@ -5,7 +5,12 @@ import { DataStatus } from "~/libs/enums/enums.js";
 import { type ValueOf } from "~/libs/types/types.js";
 import { type UserGetAllItemResponseDto } from "~/modules/users/users.js";
 
-import { deleteById, loadAll, updateProfile } from "./actions.js";
+import {
+	deleteById,
+	deleteCurrentUser,
+	loadAll,
+	updateCurrentUserProfile,
+} from "./actions.js";
 
 type State = {
 	dataStatus: ValueOf<typeof DataStatus>;
@@ -39,25 +44,37 @@ const { actions, name, reducer } = createSlice({
 			state.dataStatus = DataStatus.REJECTED;
 		});
 
-		builder.addCase(updateProfile.pending, (state) => {
+		builder.addCase(deleteById.pending, (state) => {
+			state.deleteStatus = DataStatus.PENDING;
+		});
+		builder.addCase(deleteById.fulfilled, (state, action) => {
+			const { id } = action.meta.arg;
+			state.users = state.users.filter((user) => user.id !== id);
+			state.usersTotalCount -= ITEMS_CHANGED_COUNT;
+			state.deleteStatus = DataStatus.FULFILLED;
+		});
+		builder.addCase(deleteById.rejected, (state) => {
+			state.deleteStatus = DataStatus.REJECTED;
+		});
+
+		builder.addCase(updateCurrentUserProfile.pending, (state) => {
 			state.updateProfileStatus = DataStatus.PENDING;
 		});
-		builder.addCase(updateProfile.fulfilled, (state) => {
+		builder.addCase(updateCurrentUserProfile.fulfilled, (state) => {
 			state.updateProfileStatus = DataStatus.FULFILLED;
 		});
-		builder.addCase(updateProfile.rejected, (state) => {
+		builder.addCase(updateCurrentUserProfile.rejected, (state) => {
 			state.updateProfileStatus = DataStatus.REJECTED;
 		});
-		builder.addCase(deleteById.pending, (state) => {
+
+		builder.addCase(deleteCurrentUser.pending, (state) => {
 			state.deleteStatus = DataStatus.PENDING;
 		});
-		builder.addCase(deleteById.fulfilled, (state, action) => {
-			const { id } = action.meta.arg;
-			state.users = state.users.filter((user) => user.id !== id);
+		builder.addCase(deleteCurrentUser.fulfilled, (state) => {
 			state.usersTotalCount -= ITEMS_CHANGED_COUNT;
 			state.deleteStatus = DataStatus.FULFILLED;
 		});
-		builder.addCase(deleteById.rejected, (state) => {
+		builder.addCase(deleteCurrentUser.rejected, (state) => {
 			state.deleteStatus = DataStatus.REJECTED;
 		});
 	},

diff --git a/apps/frontend/src/modules/users/slices/users.ts b/apps/frontend/src/modules/users/slices/users.ts
@@ -1,11 +1,17 @@
-import { deleteById, loadAll, updateProfile } from "./actions.js";
+import {
+	deleteById,
+	deleteCurrentUser,
+	loadAll,
+	updateCurrentUserProfile,
+} from "./actions.js";
 import { actions } from "./users.slice.js";
 
 const allActions = {
 	...actions,
 	deleteById,
+	deleteCurrentUser,
 	loadAll,
-	updateProfile,
+	updateCurrentUserProfile,
 };
 
 export { allActions as actions };

diff --git a/apps/frontend/src/modules/users/users-api.ts b/apps/frontend/src/modules/users/users-api.ts
@@ -34,6 +34,18 @@ class UserApi extends BaseHTTPApi {
 		return await response.json<boolean>();
 	}
 
+	public async deleteCurrentUser(): Promise<boolean> {
+		const response = await this.load(
+			this.getFullEndpoint(UsersApiPath.ROOT, {}),
+			{
+				hasAuth: true,
+				method: "DELETE",
+			},
+		);
+
+		return await response.json<boolean>();
+	}
+
 	public async getAll({
 		name = "",
 		page,
@@ -71,6 +83,22 @@ class UserApi extends BaseHTTPApi {
 
 		return await response.json<UserPatchResponseDto>();
 	}
+
+	public async patchCurrentUser(
+		payload: UserPatchRequestDto,
+	): Promise<UserPatchResponseDto> {
+		const response = await this.load(
+			this.getFullEndpoint(UsersApiPath.ROOT, {}),
+			{
+				contentType: ContentType.JSON,
+				hasAuth: true,
+				method: "PATCH",
+				payload: JSON.stringify(payload),
+			},
+		);
+
+		return await response.json<UserPatchResponseDto>();
+	}
 }
 
 export { UserApi };
diff --git a/apps/frontend/src/pages/profile/libs/components/delete-account/delete-account.tsx b/apps/frontend/src/pages/profile/libs/components/delete-account/delete-account.tsx
@@ -5,11 +5,7 @@ import { actions as userActions } from "~/modules/users/users.js";
 
 import styles from "./styles.module.css";
 
-type Properties = {
-	userId: number;
-};
-
-const DeleteAccount = ({ userId }: Properties): JSX.Element => {
+const DeleteAccount = (): JSX.Element => {
 	const dispatch = useAppDispatch();
 
 	const { isOpened, onClose, onOpen } = useModal();
@@ -19,9 +15,9 @@ const DeleteAccount = ({ userId }: Properties): JSX.Element => {
 	}, [onOpen]);
 
 	const handleDeleteConfirm = useCallback(() => {
-		void dispatch(userActions.deleteById({ id: userId }));
+		void dispatch(userActions.deleteCurrentUser());
 		void dispatch(authActions.logout());
-	}, [dispatch, userId]);
+	}, [dispatch]);
 
 	return (
 		<div className={styles["profile-delete"]}>

diff --git a/apps/frontend/src/pages/profile/libs/components/edit-user-form/edit-user-form.tsx b/apps/frontend/src/pages/profile/libs/components/edit-user-form/edit-user-form.tsx
@@ -14,7 +14,7 @@ type Properties = {
 };
 
 const EditUserForm = ({ user }: Properties): JSX.Element => {
-	const { email, id: userId, name } = user;
+	const { email, name } = user;
 	const dispatch = useAppDispatch();
 
 	const { control, errors, handleSubmit, isDirty } =
@@ -29,15 +29,10 @@ const EditUserForm = ({ user }: Properties): JSX.Element => {
 	const handleFormSubmit = useCallback(
 		(event_: React.BaseSyntheticEvent): void => {
 			void handleSubmit((formData: UserPatchRequestDto) => {
-				void dispatch(
-					usersActions.updateProfile({
-						id: userId,
-						payload: formData,
-					}),
-				);
+				void dispatch(usersActions.updateCurrentUserProfile(formData));
 			})(event_);
 		},
-		[dispatch, handleSubmit, userId],
+		[dispatch, handleSubmit],
 	);
 
 	return (

diff --git a/apps/frontend/src/pages/profile/profile.tsx b/apps/frontend/src/pages/profile/profile.tsx
@@ -17,7 +17,7 @@ const Profile = (): JSX.Element => {
 					<EditUserForm user={user} />
 				</div>
 				<div className={styles["divider"]} />
-				<DeleteAccount userId={user.id} />
+				<DeleteAccount />
 			</div>
 		</PageLayout>
 	);