Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deleteAdmin Api fix issue #952 #969

Merged
merged 2 commits into from
May 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 6 additions & 13 deletions backend/app/routes/faq/deleteFaq.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,30 +2,23 @@
const faq = require('../../models/faq');
const { ErrorHandler } = require('../../../helpers/error');
const constants = require('../../../constants');
const Admin = require('../../models/Admin');

module.exports = async (req, res, next) => {
const { userId } = req.body;
const { faqId } = req.body;
if (!userId || !faqId) {
const payload = res.locals.decode;
if (!payload.isSuperAdmin) {
return res.status(401).json({ error: 'You are not authorized to perform this action' });
}
if (!faqId) {
const error = new ErrorHandler(constants.ERRORS.DATABASE, {
statusCode: 500,
message: `You don't have the required permissions`,
errStack: '',
});
return next(error);
}
const [err] = await to(Admin.findById(userId));
const [err] = await to(faq.findByIdAndDelete(faqId));

Check failure

Code scanning / CodeQL

Database query built from user-controlled sources High

This query object depends on a
user-provided value
.
if (err) {
const error = new ErrorHandler(constants.ERRORS.DATABASE, {
statusCode: 500,
message: `You don't have the required permissions`,
errStack: err,
});
return next(error);
}
const [err2] = await to(faq.findByIdAndDelete(faqId));
if (err2) {
const error = new ErrorHandler(constants.ERRORS.DATABASE, {
statusCode: 500,
message: `Faq doesn't exist`,
Expand Down
6 changes: 3 additions & 3 deletions backend/app/routes/faq/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
const validation = require('../../../helpers/middlewares/validation');
const deleteFaq = require('./deleteFaq');
const updateFaq = require('./updateFaq');

router.post('/faq', validation(FAQValidationSchema), faq);
const {authMiddleware}=require('../../../helpers/middlewares/auth')
router.post('/postFaq', validation(FAQValidationSchema), faq);
router.get('/getFaq', getfaq);
router.put('/deleteFaq', deleteFaq);
router.put('/deleteFaq',authMiddleware, deleteFaq);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.
router.patch('/updateFaq',updateFaq);

module.exports = router;
8 changes: 1 addition & 7 deletions backend/app/routes/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,7 @@ const auth = require('./auth');
const { emailTest } = require('./testRoutes/emailTest');
const tinyURL = require('./tinyURL');
const broadcast = require('./broadcast');
const faq = require('./faq/post');
const getFaq = require('./faq/getFaq');
const deleteFaq = require('./faq/deleteFaq');
const updateFaq = require('./faq/updateFaq')
const faq = require('./faq');
const joinUs = require('./joinUs');
const contactus = require('./contactUs')
const question = require('./Q&A/question');
Expand All @@ -19,9 +16,6 @@ router.use('/admin', admin);
router.use('/auth', auth);
router.post('/emailTest', emailTest);
router.use('/faq', faq);
router.use('/deleteFaq', deleteFaq);
router.use('/updateFaq',updateFaq)
router.use('/getFaq', getFaq);
router.use('/contactus', contactus);
router.use('/broadcast', broadcast);
router.use('/question', question);
Expand Down
2 changes: 1 addition & 1 deletion frontend/src/pages/Admin/Components/Faq/AddFaq/AddFaq.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ export class AddFaq extends React.Component {
e.preventDefault();
if (this.handleValidation()) {
let tags = this.state.tags;
return fetch(`${END_POINT}/faq`, {
return fetch(`${END_POINT}/faq/postFaq`, {
method: "POST",
headers: {
"Content-Type": "application/json",
Expand Down
158 changes: 84 additions & 74 deletions frontend/src/pages/Admin/Components/Faq/ManageFaq/ManageFaq.jsx
Original file line number Diff line number Diff line change
@@ -1,86 +1,96 @@
import React from "react"
import React from "react";
import { useEffect, useState } from "react";
import Accordion from "@material-ui/core/Accordion";
import AccordionDetails from "@material-ui/core/AccordionDetails";
import AccordionSummary from "@material-ui/core/AccordionSummary";
import Typography from "@material-ui/core/Typography";
import Button from "@material-ui/core/Button"
import { Edit, Delete } from "@material-ui/icons"
import Button from "@material-ui/core/Button";
import { Edit, Delete } from "@material-ui/icons";
import ExpandMoreIcon from "@material-ui/icons/ExpandMore";
import { END_POINT } from "../../../../../config/api";
import Loader from "../../../../../components/util/Loader";
import style from "./manage-faq.module.scss"
import style from "./manage-faq.module.scss";
export function ManageFaq() {
const [faqs, setFaqs] = useState([]);
const [expanded, setExpanded] = React.useState(false);
const [isFetching, setIsFetching] = useState(false)
const handleChange = (panel) => (event, isExpanded) => {
setExpanded(isExpanded ? panel : false);
};
async function fetchAllFaq() {
try {
const response = await fetch(`${END_POINT}/getFaq`);
const data = await response.json();
console.log(data)
setFaqs(data.Faq)
setIsFetching(false)
}
catch (err) {
console.log(err.message)
}
const [faqs, setFaqs] = useState([]);
const [expanded, setExpanded] = React.useState(false);
const [isFetching, setIsFetching] = useState(false);
const handleChange = (panel) => (event, isExpanded) => {
setExpanded(isExpanded ? panel : false);
};
async function fetchAllFaq() {
try {
const response = await fetch(`${END_POINT}/faq/getFaq`);
const data = await response.json();
console.log(data);
setFaqs(data.Faq);
setIsFetching(false);
} catch (err) {
console.log(err.message);
}
useEffect(() => {
setIsFetching(true)
fetchAllFaq()
}, [])
}
useEffect(() => {
setIsFetching(true);
fetchAllFaq();
}, []);

return (
<div>
<h1 style={{ textAlign: "center" }}>Manage FAQ</h1>
<div className={style["faq"]}>
<div className={`${style["faq-block"]}`}>
{isFetching ? (
<Loader></Loader>
) : (
faqs.map((faq) => (
<Accordion
key={faq._id}
className={style["accord-dark"]}
expanded={expanded === `panel1-${faq._id}`}
onChange={handleChange(`panel1-${faq._id}`)}
>
<AccordionSummary
style={{ color: "white" }}
expandIcon={
<ExpandMoreIcon
style={{ color: "white", fontSize: "27px" }}
/>
}
aria-controls="panel1a-content"
id="panel1a-header"
>
<h3 className={style["faq-question"]}>
<i
className="fa fa-question-circle"
aria-hidden="true"
></i>
&nbsp; &nbsp;{faq.question}
</h3>
</AccordionSummary>
<AccordionDetails className={style["accord-details"]}>
<Typography style={{ color: "white" }}>
{faq.answer}
</Typography>
<div className={style["btns-container"]}>
<Button id={style["update-btn"]} className={style["btns"]} variant="contained" endIcon={<Edit />}>UPDATE</Button>
<Button id={style["delete-btn"]} className={style["btns"]} variant="contained" endIcon={<Delete />}>DELETE</Button>
</div>
</AccordionDetails>
</Accordion>
))
)}
</div>
</div>
return (
<div>
<h1 style={{ textAlign: "center" }}>Manage FAQ</h1>
<div className={style["faq"]}>
<div className={`${style["faq-block"]}`}>
{isFetching ? (
<Loader></Loader>
) : (
faqs.map((faq) => (
<Accordion
key={faq._id}
className={style["accord-dark"]}
expanded={expanded === `panel1-${faq._id}`}
onChange={handleChange(`panel1-${faq._id}`)}
>
<AccordionSummary
style={{ color: "white" }}
expandIcon={
<ExpandMoreIcon
style={{ color: "white", fontSize: "27px" }}
/>
}
aria-controls="panel1a-content"
id="panel1a-header"
>
<h3 className={style["faq-question"]}>
<i className="fa fa-question-circle" aria-hidden="true"></i>
&nbsp; &nbsp;{faq.question}
</h3>
</AccordionSummary>
<AccordionDetails className={style["accord-details"]}>
<Typography style={{ color: "white" }}>
{faq.answer}
</Typography>
<div className={style["btns-container"]}>
<Button
id={style["update-btn"]}
className={style["btns"]}
variant="contained"
endIcon={<Edit />}
>
UPDATE
</Button>
<Button
id={style["delete-btn"]}
className={style["btns"]}
variant="contained"
endIcon={<Delete />}
>
DELETE
</Button>
</div>
</AccordionDetails>
</Accordion>
))
)}
</div>
);
}
</div>
</div>
);
}
2 changes: 1 addition & 1 deletion frontend/src/pages/Faq/Faq.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export function Faq(props) {
};

const fetchFaqs = () => {
fetch(`${END_POINT}/getFaq`, {
fetch(`${END_POINT}/faq/getFaq`, {
method: "GET",
headers: {
"Content-Type": "application/json",
Expand Down
Loading