fahed/marketing-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict team_role and brands to admin-only editing
All checks were successful
Deploy / deploy (push) Successful in 11s
Details

Browse Source 
- Remove team_role and brands from profile completion wizard
- Lock team_role and brands fields when user edits own profile
- Remove team_role and brands from PATCH /users/me/profile endpoint
- Profile completeness now checks name instead of team_role

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fahed
2026-02-23 15:36:48 +03:00
parent 4d91e8e8a8
commit 6cdec2b4b5
4 changed files with 16 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/server.js
View File

@@ -663,7 +663,7 @@ app.post('/api/auth/login', async (req, res) => {
avatar: user.avatar,
team_role: user.team_role,
tutorial_completed: user.tutorial_completed,
profileComplete: !!user.team_role,
profileComplete: !!user.name,
modules,
},
});
@@ -739,9 +739,7 @@ app.get('/api/users/me/profile', requireAuth, async (req, res) => {
app.patch('/api/users/me/profile', requireAuth, async (req, res) => {
const data = {};
if (req.body.name !== undefined) data.name = req.body.name;
if (req.body.team_role !== undefined) data.team_role = req.body.team_role;
if (req.body.phone !== undefined) data.phone = req.body.phone;
if (req.body.brands !== undefined) data.brands = JSON.stringify(req.body.brands);
if (Object.keys(data).length === 0) return res.status(400).json({ error: 'No fields to update' });