🛡️ Safety: Prevent self-deactivation and fix staff UI
This commit is contained in:
Hamza-Ayed
@@ -44,6 +44,6 @@ export class UsersController {
|
|||||||
@Delete(':id')
|
@Delete(':id')
|
||||||
@Roles(UserRole.ADMIN)
|
@Roles(UserRole.ADMIN)
|
||||||
async remove(@CurrentUser() user: any, @Param('id') id: string) {
|
async remove(@CurrentUser() user: any, @Param('id') id: string) {
|
||||||
return this.usersService.remove(user.tenantId, id);
|
return this.usersService.remove(user.tenantId, id, user.id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -64,7 +64,10 @@ export class UsersService {
|
|||||||
/**
|
/**
|
||||||
* تعطيل مستخدم
|
* تعطيل مستخدم
|
||||||
*/
|
*/
|
||||||
async remove(tenantId: string, id: string): Promise<void> {
|
async remove(tenantId: string, id: string, currentUserId: string): Promise<void> {
|
||||||
|
if (id === currentUserId) {
|
||||||
|
throw new ConflictException('لا يمكنك تعطيل حسابك الشخصي');
|
||||||
|
}
|
||||||
const user = await this.findOne(tenantId, id);
|
const user = await this.findOne(tenantId, id);
|
||||||
await this.userRepository.update(id, { is_active: false });
|
await this.userRepository.update(id, { is_active: false });
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,8 +8,10 @@ import { useState, useEffect } from 'react';
|
|||||||
import { Users, UserPlus, Mail, Power } from 'lucide-react';
|
import { Users, UserPlus, Mail, Power } from 'lucide-react';
|
||||||
import { motion, AnimatePresence } from 'framer-motion';
|
import { motion, AnimatePresence } from 'framer-motion';
|
||||||
import apiClient from '../../api/client';
|
import apiClient from '../../api/client';
|
||||||
|
import { useAuthStore } from '../../store/authStore';
|
||||||
|
|
||||||
export const StaffPage = () => {
|
export const StaffPage = () => {
|
||||||
|
const currentUser = useAuthStore((state) => state.user);
|
||||||
const [staff, setStaff] = useState<any[]>([]);
|
const [staff, setStaff] = useState<any[]>([]);
|
||||||
const [isLoading, setIsLoading] = useState(true);
|
const [isLoading, setIsLoading] = useState(true);
|
||||||
const [isAddModalOpen, setIsAddModalOpen] = useState(false);
|
const [isAddModalOpen, setIsAddModalOpen] = useState(false);
|
||||||
@@ -98,13 +100,15 @@ export const StaffPage = () => {
|
|||||||
<Users className="w-7 h-7" />
|
<Users className="w-7 h-7" />
|
||||||
</div>
|
</div>
|
||||||
<div className="flex gap-2">
|
<div className="flex gap-2">
|
||||||
<button
|
{member.id !== currentUser?.id && (
|
||||||
onClick={() => toggleStatus(member.id)}
|
<button
|
||||||
className={`p-2 rounded-xl transition-all ${member.is_active ? 'text-emerald-500 bg-emerald-50' : 'text-slate-400 bg-slate-50'}`}
|
onClick={() => toggleStatus(member.id)}
|
||||||
title={member.is_active ? 'تعطيل الحساب' : 'تفعيل الحساب'}
|
className={`p-2 rounded-xl transition-all ${member.is_active ? 'text-emerald-500 bg-emerald-50' : 'text-slate-400 bg-slate-50'}`}
|
||||||
>
|
title={member.is_active ? 'تعطيل الحساب' : 'تفعيل الحساب'}
|
||||||
<Power className="w-4 h-4" />
|
>
|
||||||
</button>
|
<Power className="w-4 h-4" />
|
||||||
|
</button>
|
||||||
|
)}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user