31 lines
879 B
JavaScript
31 lines
879 B
JavaScript
const { Organization } = require('../../models/index');
|
|
|
|
async function RemoveOrgMember(req, res, next) {
|
|
const user = req.user;
|
|
const orgID = req.params.orgID;
|
|
const doomedUserIDs = req.body.doomedUsers;
|
|
|
|
const result = await Organization.findByPk(orgID, {
|
|
include: { association: 'orgOwner' },
|
|
});
|
|
|
|
if (!result) {
|
|
return res.status(500).send('No organization exists with that id.');
|
|
}
|
|
|
|
if (!doomedUserIDs) {
|
|
await result.removeOrgMember(user.userID);
|
|
} else {
|
|
if (user.userID == result.orgOwner.userID) {
|
|
await result.removeOrgMember(doomedUserIDs);
|
|
} else {
|
|
return res
|
|
.status(403)
|
|
.send('You do not have permission to do that.');
|
|
}
|
|
}
|
|
|
|
return res.send('User(s) removed from organization.');
|
|
}
|
|
|
|
module.exports = RemoveOrgMember;
|