@borodindmitriy/base-code - npm Package Compare versions

Comparing version 4.0.5 to 4.0.6

lib/back/UserModel.js

@@ -130,4 +130,4 @@ "use strict";
             yield this.repository.updateMany(query, { $set: { group } });
-            const users = yield _super("read").call(this, query, { projection: { salt: 0, hashed_password: 0 } });
-            this.send({ bulkUpdate: users.map((u) => u.toJS()) }, uid, wsid);
+            const users = yield _super("read").call(this, query);
+            this.send({ bulkUpdate: users.map((u) => u.toJSSecure()) }, uid, wsid);
             return users;
@@ -134,0 +134,0 @@ });

lib/back/UserService.js

@@ -171,21 +171,21 @@ "use strict";
             const himSelfUpdate = ids.length === 1 && ids[0] === req.user.id;
-            if (this.ACL.updateGroup.length === 0 ||
-                himSelfUpdate ||
-                (req.user && this.ACL.updateGroup.includes(req.user.group))) {
-                try {
-                    const result = yield this.model.updateGroup(ids, group, req.user.id, wsid);
-                    if (result) {
-                        res.status(200).json(result.map((r) => r.toJS()));
+            if (req.user) {
+                if (this.ACL.updateGroup.length === 0 || himSelfUpdate || this.ACL.updateGroup.includes(req.user.group)) {
+                    try {
+                        const result = yield this.model.updateGroup(ids, group, req.user.id, wsid);
+                        if (result) {
+                            res.status(200).json(result.map((r) => r.toJS()));
+                        }
+                        else {
+                            res.status(404).send(`[ ${this.constructor.name} ][ URL: ${URL} ][ USERS_NOT_FOUND_BY_IDs: ${ids} ]`);
+                        }
                     }
-                    else {
-                        res.status(404).send(`Users not found.`);
+                    catch (error) {
+                        res.status(500).send(`[ ${this.constructor.name} ][ URL: ${URL} ][ ERROR: ${error.message || error} ]`);
                     }
                 }
-                catch (error) {
-                    res.status(500).send(error.message);
+                else {
+                    res.status(403).send(`[ ${this.constructor.name} ][ URL: ${URL} ][ ACCESS_DENIED ]`);
                 }
             }
-            else {
-                res.status(403).send();
-            }
         }));
@@ -192,0 +192,0 @@ }

package.json

 {
   "name": "@borodindmitriy/base-code",
   "description": "Common classes's library.",
-  "version": "4.0.5",
+  "version": "4.0.6",
   "engines": {
@@ -6,0 +6,0 @@ "node": ">=8",

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 8 instances in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 8 instances in 1 package

Improved metrics

Total package byte prevSize

174502

0.12%

No dependency changes