feat: user management api by lolakk05 · Pull Request #302 · Solvro/backend-topwr

lolakk05 · 2026-05-15T16:02:35Z

I tested a few functionalities:

solvro_admin can change other users permissions, roles
user cant change their own roles/permissions.

github-actions · 2026-05-15T16:03:05Z

Looks like you did not link an issue to this PR. If this PR completes a task, consider linking it.

lolakk05 · 2026-05-15T16:04:20Z

aha i tak chyba źle podpiałem issue

mini-bomba · 2026-05-15T16:06:18Z

the workflow that reminds you to link issues only looks at your pull request's description, so it only checks for issues linked with keywords, not manually
iirc github doesn't make it that easy to figure out which issues are linked manually (well they don't make it easy to check for keyword-linked issues either, but at least they make the list of valid keywords public)

mini-bomba · 2026-05-15T16:08:04Z

also you don't need to manually request reviews on our repos, github automatically requests reviews from appropriate users/teams based on the codeowners file we've created

mini-bomba

yeah no, this aint finished at all

mini-bomba

only general review pass for now, focusing on the source of your lint issues and possible api design problems

mini-bomba · 2026-05-15T18:49:33Z

+    const page = request.input("page", 1) as number;
+    const limit = request.input("limit", 10) as number;


do not use input/param, validate everything (applies to the entire file)

mini-bomba · 2026-05-15T18:52:35Z

+  async findOne({ request, auth }: HttpContext) {
+    await this.requireSuperUserOrSelf(auth, parseInt(request.param("id")));


i think it would be more reasonable to have an endpoint such as /users/me rather than allowing the user to get "get" themselves using the standard endpoint if they know their own id
also we might already have such an endpoint, in the auth controller...

mini-bomba · 2026-05-15T18:54:56Z

+  }
+
+  async update({ request, auth }: HttpContext) {
+    await this.requireSuperUserOrSelf(auth, parseInt(request.param("id")));


and also be careful with what the user can update themselves
tbh i think they should only be able to edit their own password, and we likely have such a method in the auth controller already

mini-bomba · 2026-05-15T18:55:26Z

mini-bomba

just some minor comments

…creation

mini-bomba

lgtm 🔥

* feat: user management api * refactor: user contoller to custom one, transactions" * fix: lint * fix: fix: lint * refactor: changes * fix: delete endpoint wrap with transactions and arrow function error creation

feat: user management api

e655b83

lolakk05 requested a review from mini-bomba May 15, 2026 16:02

lolakk05 self-assigned this May 15, 2026

lolakk05 requested a review from a team as a code owner May 15, 2026 16:02

lolakk05 linked an issue May 15, 2026 that may be closed by this pull request

feat: user management api #275

Closed

pull-request-size Bot added the size/M label May 15, 2026

mini-bomba requested changes May 15, 2026

View reviewed changes

Comment thread app/controllers/v1/permissions.ts Outdated

Comment thread app/controllers/v1/users.ts

Comment thread app/models/user.ts Outdated

refactor: user contoller to custom one, transactions"

28a1d81

pull-request-size Bot added size/L and removed size/M labels May 15, 2026

fix: lint

e795074

mini-bomba requested changes May 15, 2026

View reviewed changes

lolakk05 added 2 commits May 15, 2026 20:58

fix: fix: lint

438603b

refactor: changes

29d8362

mini-bomba reviewed Jun 1, 2026

View reviewed changes

Comment thread app/controllers/v1/permissions.ts Outdated

Comment thread app/controllers/v1/users.ts Outdated

fix: delete endpoint wrap with transactions and arrow function error …

684eeaa

…creation

lolakk05 requested a review from mini-bomba June 7, 2026 18:05

mini-bomba approved these changes Jun 8, 2026

View reviewed changes

mini-bomba added this pull request to the merge queue Jun 8, 2026

Merged via the queue into main with commit 7c83b41 Jun 8, 2026
12 checks passed

mini-bomba deleted the feat/user-management-api branch June 8, 2026 20:21

		const page = request.input("page", 1) as number;
		const limit = request.input("limit", 10) as number;

		async findOne({ request, auth }: HttpContext) {
		await this.requireSuperUserOrSelf(auth, parseInt(request.param("id")));

Conversation

lolakk05 commented May 15, 2026

Uh oh!

github-actions Bot commented May 15, 2026

Uh oh!

lolakk05 commented May 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mini-bomba commented May 15, 2026

Uh oh!

mini-bomba commented May 15, 2026

Uh oh!

mini-bomba left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mini-bomba left a comment

Choose a reason for hiding this comment

Uh oh!

mini-bomba May 15, 2026

Choose a reason for hiding this comment

Uh oh!

mini-bomba May 15, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mini-bomba May 15, 2026

Choose a reason for hiding this comment

Uh oh!

mini-bomba May 15, 2026

Choose a reason for hiding this comment

Uh oh!

mini-bomba left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

mini-bomba left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

lolakk05 commented May 15, 2026 •

edited

Loading