58 lines
2.3 KiB
JavaScript
58 lines
2.3 KiB
JavaScript
/**
|
|
* @param {string} key
|
|
* @param {string} playerId
|
|
* @param {string} permission
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/AddNewAdmin.lvorex", express.json())
|
|
app.post("/AddNewAdmin.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Admins", 1)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
if (config.Framework.includes("qb")) {
|
|
FrameworkObject.Functions.AddPermission(postBody.playerId, postBody.permission)
|
|
} else if (config.Framework.includes("esx")) {
|
|
const xPlayer = FrameworkObject.GetPlayerFromId(postBody.playerId)
|
|
let result = await query(`
|
|
update \`users\` set \`group\` = '${postBody.permission}'
|
|
where \`identifier\` = '${xPlayer.getIdentifier()}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
}
|
|
|
|
res.json({ code: 200, message: `Successfully given ${postBody.permission} rank.` })
|
|
})
|
|
|
|
/**
|
|
* @param {string} key
|
|
* @param {string} playerId
|
|
* @returns {string}
|
|
*/
|
|
|
|
app.use("/RemoveAdmin.lvorex", express.json())
|
|
app.post("/RemoveAdmin.lvorex", async (req, res) => {
|
|
const postBody = req.body
|
|
const { keyFound, userKey } = await controlKey(req, postBody.key)
|
|
|
|
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
|
|
const PermissionCheck = await checkPermission(userKey.rank, "Admins", 2)
|
|
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
|
|
|
|
if (config.Framework.includes("qb")) {
|
|
FrameworkObject.Functions.RemovePermission(postBody.playerId)
|
|
} else if (config.Framework.includes("esx")) {
|
|
const xPlayer = FrameworkObject.GetPlayerFromId(postBody.playerId)
|
|
let result = await query(`
|
|
update \`users\` set \`group\` = 'user'
|
|
where \`identifier\` = '${xPlayer.getIdentifier()}'
|
|
`)
|
|
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
|
|
}
|
|
|
|
res.json({ code: 200, message: `Users rank successfully taken.` })
|
|
}) |