Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 22:37:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
LibreChat/packages/api/src/admin/roles.ts

367 lines
12 KiB
TypeScript
Raw Normal View History

fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
import { SystemRoles } from 'librechat-data-provider';
fix: validate permissions in create, RoleConflictError, rollback safety, cache consistency - Add permissions type/array validation in createRoleHandler - Introduce RoleConflictError class replacing fragile string-prefix matching - Wrap rollback in !role null path with try/catch for correct 404 response - Wrap deleteRoleByName cache.set in try/catch matching createRoleByName - Narrow updateRoleHandler body type to { name?, description? } - Add tests: non-string description in create, rollback failure logging, permissions array rejection, description max-length assertion fix
2026-03-26 17:05:01 -07:00
import { logger, isValidObjectIdString, RoleConflictError } from '@librechat/data-schemas';
fix: address re-review findings for admin roles - Gate deleteRoleByName on existence check — skip user reassignment and cache invalidation when role doesn't exist (fixes test mismatch) - Reverse rename order: migrate users before renaming role so a migration failure leaves the system in a consistent state - Add .sort({ _id: 1 }) to listUsersByRole for deterministic pagination - Import shared AdminMember type from data-schemas instead of local copy; make joinedAt optional since neither groups nor roles populate it - Change IRole.description from optional to required to match schema default - Add data-layer tests for updateUsersByRole and countUsersByRole - Add handler test verifying users-first rename ordering and migration failure safety
2026-03-26 15:54:14 -07:00
import type { IRole, IUser, AdminMember } from '@librechat/data-schemas';
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
import type { FilterQuery } from 'mongoose';
import type { Response } from 'express';
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
import type { ServerRequest } from '~/types/http';
const MAX_NAME_LENGTH = 500;
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
const MAX_DESCRIPTION_LENGTH = 2000;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
interface RoleNameParams {
name: string;
}
interface RoleMemberParams extends RoleNameParams {
userId: string;
}
export interface AdminRolesDeps {
listRoles: () => Promise<IRole[]>;
fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
getRoleByName: (name: string, fields?: string | string[] | null) => Promise<IRole | null>;
fix: rename createRole/deleteRole to avoid AccessRole name collision The existing accessRole.ts already exports createRole/deleteRole for the AccessRole model. In createMethods index.ts, these are spread after roleMethods, overwriting them. Renamed our Role methods to createRoleByName/deleteRoleByName to match the existing pattern (getRoleByName, updateRoleByName) and avoid the collision.
2026-03-25 08:56:38 -07:00
createRoleByName: (roleData: Partial<IRole>) => Promise<IRole>;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
updateRoleByName: (name: string, updates: Partial<IRole>) => Promise<IRole | null>;
updateAccessPermissions: (
name: string,
perms: Record<string, Record<string, boolean>>,
roleData?: IRole,
) => Promise<void>;
fix: rename createRole/deleteRole to avoid AccessRole name collision The existing accessRole.ts already exports createRole/deleteRole for the AccessRole model. In createMethods index.ts, these are spread after roleMethods, overwriting them. Renamed our Role methods to createRoleByName/deleteRoleByName to match the existing pattern (getRoleByName, updateRoleByName) and avoid the collision.
2026-03-25 08:56:38 -07:00
deleteRoleByName: (name: string) => Promise<IRole | null>;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
findUser: (
criteria: FilterQuery<IUser>,
fields?: string | string[] | null,
) => Promise<IUser | null>;
updateUser: (userId: string, data: Partial<IUser>) => Promise<IUser | null>;
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
updateUsersByRole: (oldRole: string, newRole: string) => Promise<void>;
listUsersByRole: (
roleName: string,
options?: { limit?: number; offset?: number },
) => Promise<IUser[]>;
countUsersByRole: (roleName: string) => Promise<number>;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
}
export function createAdminRolesHandlers(deps: AdminRolesDeps) {
const {
listRoles,
getRoleByName,
fix: rename createRole/deleteRole to avoid AccessRole name collision The existing accessRole.ts already exports createRole/deleteRole for the AccessRole model. In createMethods index.ts, these are spread after roleMethods, overwriting them. Renamed our Role methods to createRoleByName/deleteRoleByName to match the existing pattern (getRoleByName, updateRoleByName) and avoid the collision.
2026-03-25 08:56:38 -07:00
createRoleByName,
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
updateRoleByName,
updateAccessPermissions,
fix: rename createRole/deleteRole to avoid AccessRole name collision The existing accessRole.ts already exports createRole/deleteRole for the AccessRole model. In createMethods index.ts, these are spread after roleMethods, overwriting them. Renamed our Role methods to createRoleByName/deleteRoleByName to match the existing pattern (getRoleByName, updateRoleByName) and avoid the collision.
2026-03-25 08:56:38 -07:00
deleteRoleByName,
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
findUser,
updateUser,
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
updateUsersByRole,
fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
listUsersByRole,
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
countUsersByRole,
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
} = deps;
async function listRolesHandler(_req: ServerRequest, res: Response) {
try {
const roles = await listRoles();
return res.status(200).json({ roles });
} catch (error) {
logger.error('[adminRoles] listRoles error:', error);
return res.status(500).json({ error: 'Failed to list roles' });
}
}
async function getRoleHandler(req: ServerRequest, res: Response) {
try {
const { name } = req.params as RoleNameParams;
const role = await getRoleByName(name);
if (!role) {
return res.status(404).json({ error: 'Role not found' });
}
return res.status(200).json({ role });
} catch (error) {
logger.error('[adminRoles] getRole error:', error);
return res.status(500).json({ error: 'Failed to get role' });
}
}
async function createRoleHandler(req: ServerRequest, res: Response) {
try {
feat: add description field to Role model - Add description to IRole, CreateRoleRequest, UpdateRoleRequest types - Add description field to Mongoose roleSchema (default: '') - Wire description through createRoleHandler and updateRoleHandler - Include description in listRoles select clause so it appears in list
2026-03-25 10:51:09 -07:00
const { name, description, permissions } = req.body as {
fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
name?: string;
feat: add description field to Role model - Add description to IRole, CreateRoleRequest, UpdateRoleRequest types - Add description field to Mongoose roleSchema (default: '') - Wire description through createRoleHandler and updateRoleHandler - Include description in listRoles select clause so it appears in list
2026-03-25 10:51:09 -07:00
description?: string;
fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
permissions?: IRole['permissions'];
};
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
if (!name || typeof name !== 'string' || !name.trim()) {
return res.status(400).json({ error: 'name is required' });
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (name.trim().length > MAX_NAME_LENGTH) {
return res
.status(400)
.json({ error: `name must not exceed ${MAX_NAME_LENGTH} characters` });
}
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
if (description !== undefined && typeof description !== 'string') {
return res.status(400).json({ error: 'description must be a string' });
}
if (description && description.length > MAX_DESCRIPTION_LENGTH) {
return res
.status(400)
.json({ error: `description must not exceed ${MAX_DESCRIPTION_LENGTH} characters` });
}
fix: validate permissions in create, RoleConflictError, rollback safety, cache consistency - Add permissions type/array validation in createRoleHandler - Introduce RoleConflictError class replacing fragile string-prefix matching - Wrap rollback in !role null path with try/catch for correct 404 response - Wrap deleteRoleByName cache.set in try/catch matching createRoleByName - Narrow updateRoleHandler body type to { name?, description? } - Add tests: non-string description in create, rollback failure logging, permissions array rejection, description max-length assertion fix
2026-03-26 17:05:01 -07:00
if (
permissions !== undefined &&
(typeof permissions !== 'object' || Array.isArray(permissions))
) {
return res.status(400).json({ error: 'permissions must be an object' });
}
fix: rename createRole/deleteRole to avoid AccessRole name collision The existing accessRole.ts already exports createRole/deleteRole for the AccessRole model. In createMethods index.ts, these are spread after roleMethods, overwriting them. Renamed our Role methods to createRoleByName/deleteRoleByName to match the existing pattern (getRoleByName, updateRoleByName) and avoid the collision.
2026-03-25 08:56:38 -07:00
const role = await createRoleByName({
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
name: name.trim(),
feat: add description field to Role model - Add description to IRole, CreateRoleRequest, UpdateRoleRequest types - Add description field to Mongoose roleSchema (default: '') - Wire description through createRoleHandler and updateRoleHandler - Include description in listRoles select clause so it appears in list
2026-03-25 10:51:09 -07:00
description: description ?? '',
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
permissions: permissions ?? {},
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
});
return res.status(201).json({ role });
} catch (error) {
logger.error('[adminRoles] createRole error:', error);
fix: validate permissions in create, RoleConflictError, rollback safety, cache consistency - Add permissions type/array validation in createRoleHandler - Introduce RoleConflictError class replacing fragile string-prefix matching - Wrap rollback in !role null path with try/catch for correct 404 response - Wrap deleteRoleByName cache.set in try/catch matching createRoleByName - Narrow updateRoleHandler body type to { name?, description? } - Add tests: non-string description in create, rollback failure logging, permissions array rejection, description max-length assertion fix
2026-03-26 17:05:01 -07:00
if (error instanceof RoleConflictError) {
return res.status(409).json({ error: error.message });
}
return res.status(500).json({ error: 'Failed to create role' });
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
}
}
async function updateRoleHandler(req: ServerRequest, res: Response) {
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
const { name } = req.params as RoleNameParams;
fix: validate permissions in create, RoleConflictError, rollback safety, cache consistency - Add permissions type/array validation in createRoleHandler - Introduce RoleConflictError class replacing fragile string-prefix matching - Wrap rollback in !role null path with try/catch for correct 404 response - Wrap deleteRoleByName cache.set in try/catch matching createRoleByName - Narrow updateRoleHandler body type to { name?, description? } - Add tests: non-string description in create, rollback failure logging, permissions array rejection, description max-length assertion fix
2026-03-26 17:05:01 -07:00
const body = req.body as { name?: string; description?: string };
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
let isRename = false;
let trimmedName = '';
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
let migrationRan = false;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
try {
fix: address Copilot review findings in admin roles handlers
2026-03-25 11:22:25 -07:00
if (
body.name !== undefined &&
(!body.name || typeof body.name !== 'string' || !body.name.trim())
) {
return res.status(400).json({ error: 'name must be a non-empty string' });
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (body.name !== undefined && body.name.trim().length > MAX_NAME_LENGTH) {
return res
.status(400)
.json({ error: `name must not exceed ${MAX_NAME_LENGTH} characters` });
}
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
if (body.description !== undefined && typeof body.description !== 'string') {
return res.status(400).json({ error: 'description must be a string' });
}
if (body.description && body.description.length > MAX_DESCRIPTION_LENGTH) {
return res
.status(400)
.json({ error: `description must not exceed ${MAX_DESCRIPTION_LENGTH} characters` });
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
trimmedName = body.name?.trim() ?? '';
isRename = trimmedName !== '' && trimmedName !== name;
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (isRename && SystemRoles[name as keyof typeof SystemRoles]) {
return res.status(403).json({ error: 'Cannot rename system role' });
}
if (isRename && SystemRoles[trimmedName as keyof typeof SystemRoles]) {
fix: address Copilot review findings in admin roles handlers
2026-03-25 11:22:25 -07:00
return res.status(409).json({ error: 'Cannot rename to a reserved system role name' });
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
const existing = await getRoleByName(name);
if (!existing) {
return res.status(404).json({ error: 'Role not found' });
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (isRename) {
const duplicate = await getRoleByName(trimmedName);
if (duplicate) {
return res.status(409).json({ error: `Role "${trimmedName}" already exists` });
}
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
const updates: Partial<IRole> = {};
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
if (isRename) {
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
updates.name = trimmedName;
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
}
feat: add description field to Role model - Add description to IRole, CreateRoleRequest, UpdateRoleRequest types - Add description field to Mongoose roleSchema (default: '') - Wire description through createRoleHandler and updateRoleHandler - Include description in listRoles select clause so it appears in list
2026-03-25 10:51:09 -07:00
if (body.description !== undefined) {
updates.description = body.description;
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
if (Object.keys(updates).length === 0) {
return res.status(200).json({ role: existing });
}
fix: address re-review findings for admin roles - Gate deleteRoleByName on existence check — skip user reassignment and cache invalidation when role doesn't exist (fixes test mismatch) - Reverse rename order: migrate users before renaming role so a migration failure leaves the system in a consistent state - Add .sort({ _id: 1 }) to listUsersByRole for deterministic pagination - Import shared AdminMember type from data-schemas instead of local copy; make joinedAt optional since neither groups nor roles populate it - Change IRole.description from optional to required to match schema default - Add data-layer tests for updateUsersByRole and countUsersByRole - Add handler test verifying users-first rename ordering and migration failure safety
2026-03-26 15:54:14 -07:00
if (isRename) {
await updateUsersByRole(name, trimmedName);
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
migrationRan = true;
fix: address re-review findings for admin roles - Gate deleteRoleByName on existence check — skip user reassignment and cache invalidation when role doesn't exist (fixes test mismatch) - Reverse rename order: migrate users before renaming role so a migration failure leaves the system in a consistent state - Add .sort({ _id: 1 }) to listUsersByRole for deterministic pagination - Import shared AdminMember type from data-schemas instead of local copy; make joinedAt optional since neither groups nor roles populate it - Change IRole.description from optional to required to match schema default - Add data-layer tests for updateUsersByRole and countUsersByRole - Add handler test verifying users-first rename ordering and migration failure safety
2026-03-26 15:54:14 -07:00
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
const role = await updateRoleByName(name, updates);
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (!role) {
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
if (migrationRan) {
fix: validate permissions in create, RoleConflictError, rollback safety, cache consistency - Add permissions type/array validation in createRoleHandler - Introduce RoleConflictError class replacing fragile string-prefix matching - Wrap rollback in !role null path with try/catch for correct 404 response - Wrap deleteRoleByName cache.set in try/catch matching createRoleByName - Narrow updateRoleHandler body type to { name?, description? } - Add tests: non-string description in create, rollback failure logging, permissions array rejection, description max-length assertion fix
2026-03-26 17:05:01 -07:00
try {
await updateUsersByRole(trimmedName, name);
} catch (rollbackError) {
logger.error('[adminRoles] rollback failed (role not found path):', rollbackError);
}
fix: add rollback on rename failure and update PR description - Roll back user migration if updateRoleByName returns null during a rename (race: role deleted between existence check and update) - Add test verifying rollback calls updateUsersByRole in reverse - Update PR #12400 description to reflect current test counts (56 handler tests, 40 data-layer tests) and safety features
2026-03-26 16:12:33 -07:00
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
return res.status(404).json({ error: 'Role not found' });
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
return res.status(200).json({ role });
} catch (error) {
fix: guard spurious rollback, harden createRole error path, validate before DB calls - Add migrationRan flag to prevent rollback of user migration that never ran - Return generic message on 500 in createRoleHandler, specific only for 409 - Move description validation before DB queries in updateRoleHandler - Return existing role early when update body has no changes - Wrap cache.set in createRoleByName with try/catch to prevent masking DB success - Add JSDoc on 11000 catch explaining compound unique index - Add tests: spurious rollback guard, empty update body, description validation ordering, listUsersByRole pagination
2026-03-26 16:38:11 -07:00
if (migrationRan) {
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
try {
await updateUsersByRole(trimmedName, name);
} catch (rollbackError) {
logger.error('[adminRoles] rollback failed after updateRole error:', rollbackError);
}
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
logger.error('[adminRoles] updateRole error:', error);
return res.status(500).json({ error: 'Failed to update role' });
}
}
async function updateRolePermissionsHandler(req: ServerRequest, res: Response) {
try {
const { name } = req.params as RoleNameParams;
const { permissions } = req.body as {
permissions: Record<string, Record<string, boolean>>;
};
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
if (!permissions || typeof permissions !== 'object' || Array.isArray(permissions)) {
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
return res.status(400).json({ error: 'permissions object is required' });
}
const existing = await getRoleByName(name);
if (!existing) {
return res.status(404).json({ error: 'Role not found' });
}
await updateAccessPermissions(name, permissions, existing);
const updated = await getRoleByName(name);
return res.status(200).json({ role: updated });
} catch (error) {
logger.error('[adminRoles] updateRolePermissions error:', error);
return res.status(500).json({ error: 'Failed to update role permissions' });
}
}
async function deleteRoleHandler(req: ServerRequest, res: Response) {
try {
const { name } = req.params as RoleNameParams;
if (SystemRoles[name as keyof typeof SystemRoles]) {
return res.status(403).json({ error: 'Cannot delete system role' });
}
fix: rollback on rename throw, description validation, delete/DRY cleanup - Hoist isRename/trimmedName above try block so catch can roll back user migration when updateRoleByName throws (not just returns null) - Add description type + max-length (2000) validation in create and update, consistent with groups handler - Remove redundant getRoleByName existence check in deleteRoleHandler — use deleteRoleByName return value directly - Skip no-op name write when body.name equals current name (use isRename) - Extract getUserModel() accessor to DRY repeated Model<IUser> casts - Use name.trim() consistently in createRoleByName error messages - Add tests: rename-throw rollback, description validation (create+update), update delete test mocks to match simplified handler
2026-03-26 16:25:14 -07:00
const deleted = await deleteRoleByName(name);
if (!deleted) {
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
return res.status(404).json({ error: 'Role not found' });
}
return res.status(200).json({ success: true });
} catch (error) {
logger.error('[adminRoles] deleteRole error:', error);
return res.status(500).json({ error: 'Failed to delete role' });
}
}
async function getRoleMembersHandler(req: ServerRequest, res: Response) {
try {
const { name } = req.params as RoleNameParams;
const existing = await getRoleByName(name);
if (!existing) {
return res.status(404).json({ error: 'Role not found' });
}
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
const limit = Math.min(Math.max(Number(req.query.limit) || 50, 1), 200);
const offset = Math.max(Number(req.query.offset) || 0, 0);
const [users, total] = await Promise.all([
listUsersByRole(name, { limit, offset }),
countUsersByRole(name),
]);
fix: address convention violations in admin roles handlers
2026-03-24 23:54:32 -07:00
const members: AdminMember[] = users.map((u) => ({
userId: u._id?.toString() ?? '',
name: u.name ?? u._id?.toString() ?? '',
email: u.email ?? '',
avatarUrl: u.avatar,
}));
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
return res.status(200).json({ members, total, limit, offset });
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
} catch (error) {
logger.error('[adminRoles] getRoleMembers error:', error);
return res.status(500).json({ error: 'Failed to get role members' });
}
}
async function addRoleMemberHandler(req: ServerRequest, res: Response) {
try {
const { name } = req.params as RoleNameParams;
const { userId } = req.body as { userId: string };
if (!userId || typeof userId !== 'string') {
return res.status(400).json({ error: 'userId is required' });
}
fix: address Copilot review findings in admin roles handlers
2026-03-25 11:22:25 -07:00
if (!isValidObjectIdString(userId)) {
return res.status(400).json({ error: 'Invalid user ID format' });
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
const existing = await getRoleByName(name);
if (!existing) {
return res.status(404).json({ error: 'Role not found' });
}
const user = await findUser({ _id: userId });
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
await updateUser(userId, { role: name });
return res.status(200).json({ success: true });
} catch (error) {
logger.error('[adminRoles] addRoleMember error:', error);
return res.status(500).json({ error: 'Failed to add role member' });
}
}
async function removeRoleMemberHandler(req: ServerRequest, res: Response) {
try {
const { name, userId } = req.params as RoleMemberParams;
fix: address Copilot review findings in admin roles handlers
2026-03-25 11:22:25 -07:00
if (!isValidObjectIdString(userId)) {
return res.status(400).json({ error: 'Invalid user ID format' });
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
fix: address external review findings for admin roles - Block renaming system roles (ADMIN/USER) and add user migration on rename - Add input validation: name max-length, trim on update, duplicate name check - Replace fragile String.includes error matching with prefix-based classification - Catch MongoDB 11000 duplicate key in createRoleByName - Add pagination (limit/offset/total) to getRoleMembersHandler - Reverse delete order in deleteRoleByName — reassign users before deletion - Add role existence check in removeRoleMember; drop unused createdAt select - Add Array.isArray guard for permissions input; use consistent ?? coalescing - Fix import ordering per AGENTS.md conventions - Type-cast mongoose.models.User as Model<IUser> for proper TS inference - Add comprehensive tests: rename guards, pagination, validation, 500 paths
2026-03-26 15:30:33 -07:00
const existing = await getRoleByName(name);
if (!existing) {
return res.status(404).json({ error: 'Role not found' });
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
const user = await findUser({ _id: userId });
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
if (user.role !== name) {
return res.status(400).json({ error: 'User is not a member of this role' });
}
feat: prevent removing the last admin user Add guard in removeRoleMember that checks countUsersByRole before demoting an ADMIN user, returning 400 if they are the last one.
2026-03-26 17:05:43 -07:00
if (name === SystemRoles.ADMIN) {
const adminCount = await countUsersByRole(SystemRoles.ADMIN);
if (adminCount <= 1) {
return res.status(400).json({ error: 'Cannot remove the last admin user' });
}
}
feat: add admin roles handler factory and Express routes
2026-03-24 23:40:12 -07:00
await updateUser(userId, { role: SystemRoles.USER });
return res.status(200).json({ success: true });
} catch (error) {
logger.error('[adminRoles] removeRoleMember error:', error);
return res.status(500).json({ error: 'Failed to remove role member' });
}
}
return {
listRoles: listRolesHandler,
getRole: getRoleHandler,
createRole: createRoleHandler,
updateRole: updateRoleHandler,
updateRolePermissions: updateRolePermissionsHandler,
deleteRole: deleteRoleHandler,
getRoleMembers: getRoleMembersHandler,
addRoleMember: addRoleMemberHandler,
removeRoleMember: removeRoleMemberHandler,
};
}
Reference in a new issue Copy permalink