krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

add new permission for managing blockers

Browse Source
This commit is contained in:
Phillip Thelen
2025-08-04 14:21:36 +02:00
parent 227e5ceaa8
commit 1ba9dda0ed
5 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/server/controllers/api-v4/admin.js
View File

@@ -122,7 +122,7 @@ api.getUserHistory = {
api.getBlockers = {
method: 'GET',
url: '/admin/blockers',
middlewares: [authWithHeaders(), ensurePermission('userSupport')],
middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) {
const blockers = await Blocker
.find({ disabled: false })
@@ -136,7 +136,7 @@ api.getBlockers = {
api.createBlocker = {
method: 'POST',
url: '/admin/blockers',
middlewares: [authWithHeaders(), ensurePermission('userSupport')],
middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) {
const id = uuid();
const blocker = await Blocker({
@@ -151,7 +151,7 @@ api.createBlocker = {
api.updateBlocker = {
method: 'PUT',
url: '/admin/blockers/:blockerId',
middlewares: [authWithHeaders(), ensurePermission('userSupport')],
middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) {
req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID();
@@ -171,7 +171,7 @@ api.updateBlocker = {
api.deleteBlocker = {
method: 'DELETE',
url: '/admin/blockers/:blockerId',
middlewares: [authWithHeaders(), ensurePermission('userSupport')],
middlewares: [authWithHeaders(), ensurePermission('accessControl')],
async handler (req, res) {
req.checkParams('blockerId', res.t('blockerIdRequired')).notEmpty().isUUID();