feat: implement user management features including user deletion and role-based access

2025-07-23 14:55:21 +02:00
parent 584473ba41
commit 4fed3d96f6
10 changed files with 248 additions and 86 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -23,7 +23,7 @@ app.use(cookieParser());
 app.post("/api/login", async (req, res) => {
  try {
    const result = await loginUser(req.body.username, req.body.password);
-    if (result.success && result.role === "admin") {
+    if (result.success && result.user.role === "admin") {
      const userToken = await generateToken({
        role: result.user.role,
        username: result.user.username,
@@ -35,8 +35,10 @@ app.post("/api/login", async (req, res) => {
        token: userToken,
        ...result,
      });
-    } else if (result.success && result.role === "user") {
-      
+    } else if (result.success && result.user.role === "user") {
+      // PROBLEM BELOW DOESNT WORK
+      // FIX LATER
+      res.redirect("http://localhost:5003");
    } else {
      res.status(401).json(result, { message: "Invalid credentials" });
    }
@@ -68,6 +70,28 @@ app.get("/api/getAllUsers", authenticate, async (req, res) => {
  }
 });

+app.post("/api/deleteUser", authenticate, async (req, res) => {
+  if (req.user.role === "admin") {
+    deleteUser(req.body.id)
+      .then((result) => {
+        if (result.success) {
+          res.status(200).json(result);
+        } else {
+          throw new Error("Failed to delete user");
+        }
+      })
+      .catch((err) => {
+        console.error("Error deleting user:", err);
+        res
+          .status(500)
+          .json({ success: false, message: "Internal server error" });
+      });
+    console.log("User deleted successfully");
+  } else {
+    console.log("Access denied for user role");
+  }
+});
+
 app.listen(port, () => {
  console.log(`Express backend server is running at http://localhost:${port}`);
 });
--- a/backend/services/database.js
+++ b/backend/services/database.js
@@ -22,7 +22,7 @@ export async function loginUser(username, password) {
  );

  // If a user is found, return success and user data
-  if (result.length > 0) {
+  if (result.length > 0 && result[0].role === "admin") {
    console.log("User found: ", result[0].username, " ", result[0].id);
    return { success: true, user: result[0] };
  } else {
@@ -95,18 +95,12 @@ export async function updateUser(
 }

 // Function to delete a user from the database
-export async function deleteUser(
-  username,
-  first_name,
-  last_name,
-  password,
-  email
-) {
+export async function deleteUser(id) {
  try {
    // Delete user based on username and password
    const [result] = await pool.query(
-      "DELETE FROM users WHERE username = ?  AND password = ?",
-      [username, password]
+      "DELETE FROM users WHERE id = ?",
+      [id]
    );
    const resultOfquery = result.affectedRows;