import { Response } from "express"import { getAuth } from "firebase-admin/auth

1. import { Response } from "express"
2. import { getAuth } from "firebase-admin/auth"
3. import { Request } from "../types"
4.  
5. interface Privileges {
6.   owner: boolean
7.   admin: boolean
8.   moderator: boolean
9.   editor: boolean
10. }
11.  
12. export default class AdminController {
13.   // Return a user's privileges, so the UI presents the correct options
14.   public async getMyPrivileges(req: Request, res: Response): Promise<Response> {
15.     const { owner, admin, moderator, editor } = req.firebaseUser
16.  
17.     const result: Privileges = {
18.       owner: !!owner,
19.       admin: !!admin,
20.       moderator: !!moderator,
21.       editor: !!editor,
22.     }
23.  
24.     return res.status(200).json(result)
25.   }
26.  
27.   public async getPrivileges(req: Request, res: Response): Promise<Response> {
28.     const { uid } = req.params
29.     const user = await getAuth().getUser(uid)
30.  
31.     if (!user) {
32.       return res.status(404).json("User not found")
33.     }
34.  
35.     const { owner, admin, moderator, editor } = user.customClaims
36.  
37.     const result: Privileges = {
38.       owner: !!owner,
39.       admin: !!admin,
40.       moderator: !!moderator,
41.       editor: !!editor,
42.     }
43.  
44.     return res.status(200).json(result)
45.   }
46.  
47.   // Assign another user additional privileges
48.   // Only an owner can create other owners or admins
49.   // Admins can only assign moderators and editors privileges to other users
50.   // Moderators and editors do not have any privileges they can assign
51.   public async setPrivileges(req: Request, res: Response): Promise<Response> {
52.     const { uid, owner, admin, moderator, editor } = req.firebaseUser
53.     const { privileges, targetUid } = req.body
54.  
55.     if (!privileges || !targetUid) {
56.       return res.status(400).json("Missing required data")
57.     }
58.  
59.     const targetUser = await getAuth().getUser(targetUid)
60.  
61.     if (!targetUser) {
62.       return res.status(404).json("User not found")
63.     }
64.  
65.     const targetUserClaims = targetUser.customClaims
66.  
67.     if (owner) {
68.       if (privileges.owner) {
69.         targetUserClaims.owner = true
70.       }
71.       if (privileges.admin) {
72.         targetUserClaims.admin = true
73.       }
74.       if (privileges.moderator) {
75.         targetUserClaims.moderator = true
76.       }
77.       if (privileges.editor) {
78.         targetUserClaims.editor = true
79.       }
80.     } else if (admin) {
81.       if (privileges.moderator) {
82.         targetUserClaims.moderator = true
83.       }
84.       if (privileges.editor) {
85.         targetUserClaims.editor = true
86.       }
87.     } else {
88.       return res.status(403).json("You do not have permission to do that")
89.     }
90.  
91.     try {
92.       await getAuth().setCustomUserClaims(targetUid, targetUserClaims)
93.       return res.status(200).json("Privileges updated")
94.     } catch (error) {
95.       return res.status(500).json("Error updating privileges")
96.     }
97.   }
98. }
99.