fixed admin promotion, stopped self from demoting self

2025-04-26 11:22:28 -05:00 · 2025-04-26 11:22:28 -05:00 · 4dcd03c426
commit 4dcd03c426
parent 3efb9a76f5
2 changed files with 23 additions and 5 deletions
--- a/backend/src/routes/userAdmin.js
+++ b/backend/src/routes/userAdmin.js
@ -89,11 +89,11 @@ module.exports = (pool, query, authMiddleware) => {
    }
  });
  
-  // Update user (admin can update is_disabled and internal_notes)
+  // Update user (admin can update is_disabled, is_admin and internal_notes)
  router.patch('/:id', async (req, res, next) => {
    try {
      const { id } = req.params;
-      const { is_disabled, internal_notes } = req.body;
+      const { is_disabled, internal_notes, is_admin} = req.body;
      
      // Check if user is admin
      if (!req.user.is_admin) {
@ -118,12 +118,14 @@ module.exports = (pool, query, authMiddleware) => {
        UPDATE users 
        SET 
          is_disabled = $1, 
-          internal_notes = $2
-        WHERE id = $3
+          internal_notes = $2,
+          is_admin = $3
+        WHERE id = $4
        RETURNING id, email, first_name, last_name, is_admin, is_disabled, internal_notes
      `, [
        is_disabled !== undefined ? is_disabled : userCheck.rows[0].is_disabled,
        internal_notes !== undefined ? internal_notes : userCheck.rows[0].internal_notes,
+        is_admin !== undefined ? is_admin : userCheck.rows[0].is_admin,
        id
      ]);
      
--- a/frontend/src/pages/Admin/CustomersPage.jsx
+++ b/frontend/src/pages/Admin/CustomersPage.jsx
@ -48,6 +48,7 @@ const AdminCustomersPage = () => {
  const [emailRecipient, setEmailRecipient] = useState(null);
  const [formData, setFormData] = useState({
    is_disabled: false,
+    is_admin: false,
    internal_notes: ''
  });

@ -99,6 +100,7 @@ const AdminCustomersPage = () => {
    setCurrentUser(user);
    setFormData({
      is_disabled: user.is_disabled,
+      is_admin: user.is_admin,
      internal_notes: user.internal_notes || ''
    });
    setEditDialogOpen(true);
@ -127,7 +129,7 @@ const AdminCustomersPage = () => {
    const { name, value, checked } = e.target;
    setFormData(prev => ({
      ...prev,
-      [name]: name === 'is_disabled' ? checked : value
+      [name]: name === 'is_disabled' || name === 'is_admin' ? checked : value
    }));
  };

@ -334,6 +336,20 @@ const AdminCustomersPage = () => {
                sx={{ my: 2, display: 'block' }}
              />
              
+              <FormControlLabel
+                control={
+                  <Switch
+                    checked={formData.is_admin}
+                    onChange={handleFormChange}
+                    name="is_admin"
+                    color="error"
+                  />
+                }
+                label={formData.is_admin ? "Account is Admin" : "Account is not Admin"}
+                sx={{ my: 2, display: 'block' }}
+              />
+              
+              
              <TextField
                autoFocus
                name="internal_notes"