feat: Introduce admin user management API with user listing, retrieval, account activation/deactivation, and case-insensitive role validation.

This commit is contained in:
JakkrapartXD 2026-01-15 14:09:14 +07:00
parent 5c6c13c261
commit a59b144ebf
6 changed files with 228 additions and 3 deletions

View file

@ -23,9 +23,11 @@ export async function expressAuthentication(
try {
const decoded = jwt.verify(token, config.jwt.secret) as JWTPayload;
// Check if user has required role
// Check if user has required role (case-insensitive)
if (scopes && scopes.length > 0) {
if (!scopes.includes(decoded.roleCode)) {
const userRole = decoded.roleCode.toUpperCase();
const requiredRoles = scopes.map(scope => scope.toUpperCase());
if (!requiredRoles.includes(userRole)) {
throw new Error('Insufficient permissions');
}
}