Add Edit Role API Endpoint

backend/graphql/index.ts

@@ -61,6 +61,7 @@ const graphQLMiddlewares = {
     deleteSimpleEntity: authorizedByAllRoles(),
     createUser: authorizedByAdmin(),
     updateUser: authorizedByAdmin(),
+    updateUserRole: authorizedByAdmin(),
     deleteUserById: authorizedByAdmin(),
     deleteUserByEmail: authorizedByAdmin(),
     logout: isAuthorizedByUserId("userId"),

backend/graphql/resolvers/userResolvers.ts

@@ -5,7 +5,7 @@ import UserService from "../../services/implementations/userService";
 import IAuthService from "../../services/interfaces/authService";
 import IEmailService from "../../services/interfaces/emailService";
 import IUserService from "../../services/interfaces/userService";
-import { CreateUserDTO, UpdateUserDTO, UserDTO } from "../../types";
+import { CreateUserDTO, Role, UpdateUserDTO, UserDTO } from "../../types";
 import { generateCSV } from "../../utilities/CSVUtils";
 
 const userService: IUserService = new UserService();
@@ -50,6 +50,12 @@ const userResolvers = {
     ): Promise<UserDTO> => {
       return userService.updateUserById(id, user);
     },
+    updateUserRole: async (
+      _parent: undefined,
+      { id, role }: { id: string; role: Role },
+    ): Promise<void> => {
+      return userService.updateUserRoleById(id, role);
+    },
     deleteUserById: async (
       _parent: undefined,
       { id }: { id: string },

backend/graphql/types/userType.ts

@@ -27,7 +27,6 @@ const userType = gql`
     firstName: String!
     lastName: String!
     email: String!
-    role: Role!
   }
 
   extend type Query {
@@ -40,6 +39,7 @@ const userType = gql`
   extend type Mutation {
     createUser(user: CreateUserDTO!): UserDTO!
     updateUser(id: ID!, user: UpdateUserDTO!): UserDTO!
+    updateUserRole(id: ID!, role: Role!): ID
     deleteUserById(id: ID!): ID
     deleteUserByEmail(email: String!): ID
   }

backend/services/implementations/userService.ts

@@ -205,7 +205,7 @@ class UserService implements IUserService {
       // must explicitly specify runValidators when updating through findByIdAndUpdate
       oldUser = await MgUser.findByIdAndUpdate(
         userId,
-        { firstName: user.firstName, lastName: user.lastName, role: user.role },
+        { firstName: user.firstName, lastName: user.lastName },
         { runValidators: true },
       );
 
@@ -225,7 +225,6 @@ class UserService implements IUserService {
             {
               firstName: oldUser.firstName,
               lastName: oldUser.lastName,
-              role: oldUser.role,
             },
             { runValidators: true },
           );
@@ -251,10 +250,31 @@ class UserService implements IUserService {
       firstName: user.firstName,
       lastName: user.lastName,
       email: updatedFirebaseUser.email ?? "",
-      role: user.role,
+      role: oldUser.role,
     };
   }
 
+  async updateUserRoleById(userId: string, newRole: Role): Promise<void> {
+    try {
+      const user = await MgUser.findById(userId);
+
+      if (!user) {
+        throw new Error(`userId ${userId} not found.`);
+      }
+      // must explicitly specify runValidators when updating through findByIdAndUpdate
+      await MgUser.findByIdAndUpdate(
+        userId,
+        { role: newRole },
+        { runValidators: true },
+      );
+    } catch (error: unknown) {
+      Logger.error(
+        `Failed to update user role. Reason = ${getErrorMessage(error)}`,
+      );
+      throw error;
+    }
+  }
+
   async deleteUserById(userId: string): Promise<void> {
     try {
       const deletedUser: User | null = await MgUser.findByIdAndDelete(userId);

backend/services/interfaces/userService.ts

@@ -78,6 +78,14 @@ interface IUserService {
    */
   updateUserById(userId: string, user: UpdateUserDTO): Promise<UserDTO>;
 
+  /**
+   * Update a  user's role - only accessible by Admin.
+   * @param userId user's id
+   * @param role the new role for the user
+   * @throws Error if role update fails
+   */
+  updateUserRoleById(userId: string, role: string): void | PromiseLike<void>;
+
   /**
    * Delete a user by id
    * @param userId user's userId