server/api/controllers/users/update.js

/*!
 * Copyright (c) 2024 PLANKA Software GmbH
 * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
 */

/**
 * @swagger
 * /users/{id}:
 *   patch:
 *     summary: Update user
 *     description: Updates a user. Users can update their own profile, admins can update any user.
 *     tags:
 *       - Users
 *     parameters:
 *       - name: id
 *         in: path
 *         required: true
 *         description: ID of the user to update
 *         schema:
 *           type: string
 *           example: 1357158568008091264
 *     requestBody:
 *       required: true
 *       content:
 *         application/json:
 *           schema:
 *             type: object
 *             properties:
 *               role:
 *                 type: string
 *                 enum: [admin, projectOwner, boardUser]
 *                 description: User role defining access permissions
 *                 example: admin
 *               name:
 *                 type: string
 *                 maxLength: 128
 *                 description: Full display name of the user
 *                 example: John Doe
 *               avatar:
 *                 type: object
 *                 nullable: true
 *                 description: Avatar of the user (only null value to remove avatar)
 *               phone:
 *                 type: string
 *                 maxLength: 128
 *                 nullable: true
 *                 description: Contact phone number
 *                 example: +1234567890
 *               organization:
 *                 type: string
 *                 maxLength: 128
 *                 nullable: true
 *                 description: Organization or company name
 *                 example: Acme Corporation
 *               language:
 *                 type: string
 *                 enum: [ar-YE, bg-BG, cs-CZ, da-DK, de-DE, el-GR, en-GB, en-US, es-ES, et-EE, fa-IR, fi-FI, fr-FR, hu-HU, id-ID, it-IT, ja-JP, ko-KR, nl-NL, pl-PL, pt-BR, pt-PT, ro-RO, ru-RU, sk-SK, sr-Cyrl-RS, sr-Latn-RS, sv-SE, tr-TR, uk-UA, uz-UZ, zh-CN, zh-TW]
 *                 nullable: true
 *                 description: Preferred language for user interface and notifications
 *                 example: en-US
 *               subscribeToOwnCards:
 *                 type: boolean
 *                 description: Whether the user subscribes to their own cards
 *                 example: false
 *               subscribeToCardWhenCommenting:
 *                 type: boolean
 *                 description: Whether the user subscribes to cards when commenting
 *                 example: true
 *               turnOffRecentCardHighlighting:
 *                 type: boolean
 *                 description: Whether recent card highlighting is disabled
 *                 example: false
 *               enableFavoritesByDefault:
 *                 type: boolean
 *                 description: Whether favorites are enabled by default
 *                 example: false
 *               defaultEditorMode:
 *                 type: string
 *                 enum: [wysiwyg, markup]
 *                 description: Default markdown editor mode
 *                 example: wysiwyg
 *               defaultHomeView:
 *                 type: string
 *                 enum: [gridProjects, groupedProjects]
 *                 description: Default view mode for the home page
 *                 example: groupedProjects
 *               defaultProjectsOrder:
 *                 type: string
 *                 enum: [byDefault, alphabetically, byCreationTime]
 *                 description: Default sort order for projects display
 *                 example: byDefault
 *               isDeactivated:
 *                 type: boolean
 *                 description: Whether the user account is deactivated and cannot log in (for admins)
 *                 example: false
 *     responses:
 *       200:
 *         description: User updated successfully
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *               required:
 *                 - item
 *               properties:
 *                 item:
 *                   $ref: '#/components/schemas/User'
 *       400:
 *         $ref: '#/components/responses/ValidationError'
 *       401:
 *         $ref: '#/components/responses/Unauthorized'
 *       403:
 *         $ref: '#/components/responses/Forbidden'
 *       404:
 *         $ref: '#/components/responses/NotFound'
 *       409:
 *         $ref: '#/components/responses/Conflict'
 */

const { idInput } = require('../../../utils/inputs');

const Errors = {
  NOT_ENOUGH_RIGHTS: {
    notEnoughRights: 'Not enough rights',
  },
  USER_NOT_FOUND: {
    userNotFound: 'User not found',
  },
  ACTIVE_LIMIT_REACHED: {
    activeLimitReached: 'Active limit reached',
  },
};

module.exports = {
  inputs: {
    id: {
      ...idInput,
      required: true,
    },
    role: {
      type: 'string',
      isIn: Object.values(User.Roles),
    },
    name: {
      type: 'string',
      isNotEmptyString: true,
      maxLength: 128,
    },
    avatar: {
      type: 'json',
      custom: _.isNull,
    },
    phone: {
      type: 'string',
      isNotEmptyString: true,
      maxLength: 128,
      allowNull: true,
    },
    organization: {
      type: 'string',
      isNotEmptyString: true,
      maxLength: 128,
      allowNull: true,
    },
    language: {
      type: 'string',
      isIn: User.LANGUAGES,
      allowNull: true,
    },
    subscribeToOwnCards: {
      type: 'boolean',
    },
    subscribeToCardWhenCommenting: {
      type: 'boolean',
    },
    turnOffRecentCardHighlighting: {
      type: 'boolean',
    },
    enableFavoritesByDefault: {
      type: 'boolean',
    },
    defaultEditorMode: {
      type: 'string',
      isIn: Object.values(User.EditorModes),
    },
    defaultHomeView: {
      type: 'string',
      isIn: Object.values(User.HomeViews),
    },
    defaultProjectsOrder: {
      type: 'string',
      isIn: Object.values(User.ProjectOrders),
    },
    isDeactivated: {
      type: 'boolean',
    },
  },

  exits: {
    notEnoughRights: {
      responseType: 'forbidden',
    },
    userNotFound: {
      responseType: 'notFound',
    },
    activeLimitReached: {
      responseType: 'conflict',
    },
  },

  async fn(inputs) {
    const { currentUser } = this.req;

    const availableInputKeys = ['id', 'name', 'avatar', 'phone', 'organization'];
    if (inputs.id === currentUser.id) {
      availableInputKeys.push(...User.PERSONAL_FIELD_NAMES);
    } else if (currentUser.role === User.Roles.ADMIN) {
      availableInputKeys.push('role', 'isDeactivated');
    } else {
      throw Errors.USER_NOT_FOUND; // Forbidden
    }

    if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
      throw Errors.NOT_ENOUGH_RIGHTS;
    }

    let user = await User.qm.getOneById(inputs.id);

    if (!user) {
      throw Errors.USER_NOT_FOUND;
    }

    // TODO: refactor
    if (user.email === sails.config.custom.defaultAdminEmail) {
      if (inputs.role || inputs.name) {
        throw Errors.NOT_ENOUGH_RIGHTS;
      }
    } else if (user.isSsoUser) {
      if (!sails.config.custom.oidcIgnoreRoles && inputs.role) {
        throw Errors.NOT_ENOUGH_RIGHTS;
      }

      if (inputs.name) {
        throw Errors.NOT_ENOUGH_RIGHTS;
      }
    }

    const values = {
      ..._.pick(inputs, [
        'role',
        'name',
        'avatar',
        'phone',
        'organization',
        'language',
        'subscribeToOwnCards',
        'subscribeToCardWhenCommenting',
        'turnOffRecentCardHighlighting',
        'enableFavoritesByDefault',
        'defaultEditorMode',
        'defaultHomeView',
        'defaultProjectsOrder',
        'isDeactivated',
      ]),
    };

    user = await sails.helpers.users.updateOne
      .with({
        values,
        record: user,
        actorUser: currentUser,
        request: this.req,
      })
      .intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);

    if (!user) {
      throw Errors.USER_NOT_FOUND;
    }

    return {
      item: sails.helpers.users.presentOne(user, currentUser),
    };
  },
};
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`/*!`
			`* Copyright (c) 2024 PLANKA Software GmbH`
			`* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md`
			`*/`

docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`/**`
			`* @swagger`
docs: Add base path for API endpoints to Swagger 2025-09-08 18:25:26 +02:00			`* /users/{id}:`
docs: Add full Swagger JSDoc coverage 2025-09-08 16:20:27 +02:00			`* patch:`
			`* summary: Update user`
			`* description: Updates a user. Users can update their own profile, admins can update any user.`
			`* tags:`
			`* - Users`
			`* parameters:`
			`* - name: id`
			`* in: path`
			`* required: true`
			`* description: ID of the user to update`
			`* schema:`
			`* type: string`
			`* example: 1357158568008091264`
			`* requestBody:`
			`* required: true`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* properties:`
			`* role:`
			`* type: string`
			`* enum: [admin, projectOwner, boardUser]`
			`* description: User role defining access permissions`
			`* example: admin`
			`* name:`
			`* type: string`
			`* maxLength: 128`
			`* description: Full display name of the user`
			`* example: John Doe`
			`* avatar:`
			`* type: object`
			`* nullable: true`
			`* description: Avatar of the user (only null value to remove avatar)`
			`* phone:`
			`* type: string`
			`* maxLength: 128`
			`* nullable: true`
			`* description: Contact phone number`
			`* example: +1234567890`
			`* organization:`
			`* type: string`
			`* maxLength: 128`
			`* nullable: true`
			`* description: Organization or company name`
			`* example: Acme Corporation`
			`* language:`
			`* type: string`
			`* enum: [ar-YE, bg-BG, cs-CZ, da-DK, de-DE, el-GR, en-GB, en-US, es-ES, et-EE, fa-IR, fi-FI, fr-FR, hu-HU, id-ID, it-IT, ja-JP, ko-KR, nl-NL, pl-PL, pt-BR, pt-PT, ro-RO, ru-RU, sk-SK, sr-Cyrl-RS, sr-Latn-RS, sv-SE, tr-TR, uk-UA, uz-UZ, zh-CN, zh-TW]`
			`* nullable: true`
			`* description: Preferred language for user interface and notifications`
			`* example: en-US`
			`* subscribeToOwnCards:`
			`* type: boolean`
			`* description: Whether the user subscribes to their own cards`
			`* example: false`
			`* subscribeToCardWhenCommenting:`
			`* type: boolean`
			`* description: Whether the user subscribes to cards when commenting`
			`* example: true`
			`* turnOffRecentCardHighlighting:`
			`* type: boolean`
			`* description: Whether recent card highlighting is disabled`
			`* example: false`
			`* enableFavoritesByDefault:`
			`* type: boolean`
			`* description: Whether favorites are enabled by default`
			`* example: false`
			`* defaultEditorMode:`
			`* type: string`
			`* enum: [wysiwyg, markup]`
			`* description: Default markdown editor mode`
			`* example: wysiwyg`
			`* defaultHomeView:`
			`* type: string`
			`* enum: [gridProjects, groupedProjects]`
			`* description: Default view mode for the home page`
			`* example: groupedProjects`
			`* defaultProjectsOrder:`
			`* type: string`
			`* enum: [byDefault, alphabetically, byCreationTime]`
			`* description: Default sort order for projects display`
			`* example: byDefault`
			`* isDeactivated:`
			`* type: boolean`
			`* description: Whether the user account is deactivated and cannot log in (for admins)`
			`* example: false`
			`* responses:`
			`* 200:`
			`* description: User updated successfully`
			`* content:`
			`* application/json:`
			`* schema:`
			`* type: object`
			`* required:`
			`* - item`
			`* properties:`
			`* item:`
			`* $ref: '#/components/schemas/User'`
			`* 400:`
			`* $ref: '#/components/responses/ValidationError'`
			`* 401:`
			`* $ref: '#/components/responses/Unauthorized'`
			`* 403:`
			`* $ref: '#/components/responses/Forbidden'`
			`* 404:`
			`* $ref: '#/components/responses/NotFound'`
			`* 409:`
			`* $ref: '#/components/responses/Conflict'`
			`*/`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const { idInput } = require('../../../utils/inputs');`

Initial commit 2019-08-31 04:07:25 +05:00			`const Errors = {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`NOT_ENOUGH_RIGHTS: {`
			`notEnoughRights: 'Not enough rights',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`USER_NOT_FOUND: {`
Add username to user 2020-04-03 00:35:25 +05:00			`userNotFound: 'User not found',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`ACTIVE_LIMIT_REACHED: {`
			`activeLimitReached: 'Active limit reached',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`

			`module.exports = {`
			`inputs: {`
			`id: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`...idInput,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`role: {`
			`type: 'string',`
			`isIn: Object.values(User.Roles),`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
			`name: {`
			`type: 'string',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`isNotEmptyString: true,`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`maxLength: 128,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`avatar: {`
Initial commit 2019-08-31 04:07:25 +05:00			`type: 'json',`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`custom: _.isNull,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Add phone and organization fields to user 2020-04-09 18:27:28 +05:00			`phone: {`
			`type: 'string',`
			`isNotEmptyString: true,`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`maxLength: 128,`
Add phone and organization fields to user 2020-04-09 18:27:28 +05:00			`allowNull: true,`
			`},`
			`organization: {`
			`type: 'string',`
			`isNotEmptyString: true,`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`maxLength: 128,`
Add phone and organization fields to user 2020-04-09 18:27:28 +05:00			`allowNull: true,`
			`},`
feat: Add language selector Closes #212 2022-07-26 12:26:42 +02:00			`language: {`
			`type: 'string',`
feat: Languages with country codes 2024-07-21 19:33:57 +02:00			`isIn: User.LANGUAGES,`
feat: Add language selector Closes #212 2022-07-26 12:26:42 +02:00			`allowNull: true,`
			`},`
Add preferences tab to user settings, add subscribe to own cards option 2020-04-10 00:11:34 +05:00			`subscribeToOwnCards: {`
			`type: 'boolean',`
			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`subscribeToCardWhenCommenting: {`
			`type: 'boolean',`
			`},`
			`turnOffRecentCardHighlighting: {`
			`type: 'boolean',`
			`},`
			`enableFavoritesByDefault: {`
			`type: 'boolean',`
			`},`
			`defaultEditorMode: {`
			`type: 'string',`
			`isIn: Object.values(User.EditorModes),`
			`},`
			`defaultHomeView: {`
			`type: 'string',`
			`isIn: Object.values(User.HomeViews),`
			`},`
			`defaultProjectsOrder: {`
			`type: 'string',`
			`isIn: Object.values(User.ProjectOrders),`
			`},`
			`isDeactivated: {`
			`type: 'boolean',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

			`exits: {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`notEnoughRights: {`
			`responseType: 'forbidden',`
			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`userNotFound: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`responseType: 'notFound',`
			`},`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`activeLimitReached: {`
			`responseType: 'conflict',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`async fn(inputs) {`
Initial commit 2019-08-31 04:07:25 +05:00			`const { currentUser } = this.req;`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`const availableInputKeys = ['id', 'name', 'avatar', 'phone', 'organization'];`
			`if (inputs.id === currentUser.id) {`
			`availableInputKeys.push(...User.PERSONAL_FIELD_NAMES);`
			`} else if (currentUser.role === User.Roles.ADMIN) {`
			`availableInputKeys.push('role', 'isDeactivated');`
			`} else {`
			`throw Errors.USER_NOT_FOUND; // Forbidden`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`let user = await User.qm.getOneById(inputs.id);`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (!user) {`
			`throw Errors.USER_NOT_FOUND;`
			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`// TODO: refactor`
feat: Use environment variables for default admin configuration 2023-09-12 01:12:38 +02:00			`if (user.email === sails.config.custom.defaultAdminEmail) {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (inputs.role \|\| inputs.name) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
			`}`
			`} else if (user.isSsoUser) {`
			`if (!sails.config.custom.oidcIgnoreRoles && inputs.role) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
fix: Disable role change when OIDC roles are not ignored 2023-10-25 23:39:34 +02:00			`}`

feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`if (inputs.name) {`
			`throw Errors.NOT_ENOUGH_RIGHTS;`
			`}`
feat: Use environment variables for default admin configuration 2023-09-12 01:12:38 +02:00			`}`

feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`const values = {`
			`..._.pick(inputs, [`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`'role',`
feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`'name',`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`'avatar',`
feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`'phone',`
			`'organization',`
			`'language',`
			`'subscribeToOwnCards',`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`'subscribeToCardWhenCommenting',`
			`'turnOffRecentCardHighlighting',`
			`'enableFavoritesByDefault',`
			`'defaultEditorMode',`
			`'defaultHomeView',`
			`'defaultProjectsOrder',`
			`'isDeactivated',`
feat: Preserve original format of images, change interpolation kernel Closes #349 2022-12-24 00:47:59 +01:00			`]),`
			`};`
Initial commit 2019-08-31 04:07:25 +05:00
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`user = await sails.helpers.users.updateOne`
			`.with({`
			`values,`
			`record: user,`
			`actorUser: currentUser,`
			`request: this.req,`
			`})`
			`.intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (!user) {`
			`throw Errors.USER_NOT_FOUND;`
			`}`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`return {`
feat: Version 2 Closes #627, closes #1047 2025-05-10 02:09:06 +02:00			`item: sails.helpers.users.presentOne(user, currentUser),`
Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`};`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`