Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add manager profile editing functionality #8

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add manager profile editing functionality #8

wants to merge 3 commits into from

Conversation

Nandgopal-R
Copy link

Add API for Updating Manager Profile

Description

This pull request adds an API endpoint editManagerProfileById , which allows authorized user to update a manager's profile

Features

  • Added the editManagerProfileById API endpoint
  • Introduced a new POST route: /manager/profile/edit

This PR handles issue #4

Please review @Ashrockzzz2003

@Ashrockzzz2003 Ashrockzzz2003 self-requested a review January 1, 2025 06:44
Ashrockzzz2003
Ashrockzzz2003 requested changes Jan 1, 2025
View reviewed changes
Copy link
Owner

@Ashrockzzz2003 Ashrockzzz2003 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal is to update only the name. Please make changes accordingly. Only the manager themself will access this API. Therefore, userRole 0 is the only role authorised to use this route. Update logic to support that.

controller/userWebController.js Outdated
Comment on lines 1956 to 1957
"managerEmail" : "<managerEmail>",
"managerPassword" : "<managerPassword>",
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The password update will happen thru forget password and this. Insecure way! Also, email cannot be updated by the manager.

controller/userWebController.js Outdated
Comment on lines 1959 to 1960
"managerRole" : "<0/1>",
"accountStatus" : "<0/1/2>"
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

even this too. Only name can be edited.

controller/userWebController.js Outdated
*/
webTokenValidator,
async (req, res) => {
if (req.body.userRole === null || req.body.userRole === undefined || req.body.userRole === "" || (req.body.userRole !== "1" && req.body.userRole !== "0" && req.body.userRole !== "2") ||
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is for the manager to update by themselves. hence userRole can only be 0.

@Nandgopal-R
Copy link
Author

The goal is to update only the name. Please make changes accordingly. Only the manager themself will access this API. Therefore, userRole 0 is the only role authorised to use this route. Update logic to support that.

Ohh ok, I'll change it

@Ashrockzzz2003 Ashrockzzz2003 linked an issue Jan 1, 2025 that may be closed by this pull request
Add API endpoint to edit manager profile data by manager. #4
Open
1 task
@Nandgopal-R
Copy link
Author

Screenshot 2025-01-01 215423

@Ashrockzzz2003, since only the name is being edited should I do all these checks or should I only validate the name of the manager and only pass the name of the manager in the request body?

@Ashrockzzz2003
Copy link
Owner

Screenshot 2025-01-01 215423

@Ashrockzzz2003, since only the name is being edited should I do all these checks or should I only validate the name of the manager and only pass the name of the manager in the request body?

The request body only will have the updated name.

  1. The user role comes through the token validator. Validating if the userRole is that of manager is the first check.
  2. With the userEmail field that's extracted from token, query the db to extract the managerId.
  3. Validate the managerName now. Update it.

@Nandgopal-R
Copy link
Author

Nandgopal-R commented Jan 1, 2025
edited
Loading

So a manager can only change his own name or they can change anyone's name?

If they are allowed to change anyone's name should'nt the id also be passed in the request body?

@Ashrockzzz2003
Copy link
Owner

So a manager can only change his own name or they can change anyone's name?

If they are allowed to change anyone's name should'nt the id also be passed in the request body?

Yes
But this api is to edit only manager's name by themselves. Maybe we can extend it to allow admin to modify name. That case we'll need manager id. If you're planning to add that too, do it.

@Nandgopal-R
Copy link
Author

So a manager can only change his own name or they can change anyone's name?
If they are allowed to change anyone's name should'nt the id also be passed in the request body?

Yes But this api is to edit only manager's name by themselves. Maybe we can extend it to allow admin to modify name. That case we'll need manager id. If you're planning to add that too, do it.

I'll add it

@Nandgopal-R
Copy link
Author

@Ashrockzzz2003 I have made the changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ashrockzzz2003 Ashrockzzz2003 Awaiting requested review from Ashrockzzz2003

Assignees

@Nandgopal-R Nandgopal-R

Labels
AMWOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add API endpoint to edit manager profile data by manager.
2 participants
@Nandgopal-R @Ashrockzzz2003