181 lines
5.8 KiB
JavaScript
181 lines
5.8 KiB
JavaScript
|
'use strict';
|
||
|
|
||
|
// modules
|
||
|
const express = require('express');
|
||
|
|
||
|
// HTTP status codes by name
|
||
|
const codes = require('./http-codes');
|
||
|
|
||
|
const routerHandling = require('../middleware/router-handling');
|
||
|
|
||
|
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
|
||
|
const checkSql = require('../middleware/permission-check').checkSql;
|
||
|
const checkHl = require('../middleware/permission-check').checkHl;
|
||
|
|
||
|
// Mongoose Model using mongoDB
|
||
|
const UserModel = require('../models/user');
|
||
|
const AwardingModel = require('../models/awarding');
|
||
|
const PromotionModel = require('../models/promotion');
|
||
|
|
||
|
// result set for proposer(appUser) population
|
||
|
const resultSet = {
|
||
|
'__v': 0,
|
||
|
'updatedAt': 0,
|
||
|
'timestamp': 0,
|
||
|
'password': 0,
|
||
|
'permission': 0,
|
||
|
'secret': 0,
|
||
|
'activated': 0,
|
||
|
};
|
||
|
|
||
|
const request = new express.Router();
|
||
|
|
||
|
|
||
|
// routes **********************
|
||
|
request.route('/award')
|
||
|
|
||
|
.post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {
|
||
|
const award = new AwardingModel(req.body);
|
||
|
award.confirmed = 0;
|
||
|
award.proposer = req.user._id;
|
||
|
// timestamp and default are set automatically by Mongoose Schema Validation
|
||
|
award.save((err) => {
|
||
|
if (err) {
|
||
|
err.status = codes.wrongrequest;
|
||
|
err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
|
||
|
return next(err);
|
||
|
}
|
||
|
res.status(codes.created);
|
||
|
res.locals.items = award;
|
||
|
next();
|
||
|
});
|
||
|
})
|
||
|
|
||
|
.all(
|
||
|
routerHandling.httpMethodNotAllowed
|
||
|
);
|
||
|
|
||
|
request.route('/promotion')
|
||
|
|
||
|
.get((req, res, next) => {
|
||
|
// TODO: add SQL authentication?
|
||
|
const squadFilter = req.query.squadId;
|
||
|
const fractFilter = req.query.fractFilter;
|
||
|
const progressFilter = req.query.inProgress;
|
||
|
let filter;
|
||
|
if (squadFilter) {
|
||
|
filter = {squadId: squadFilter};
|
||
|
}
|
||
|
let userIds = [];
|
||
|
UserModel.find(filter).populate('squadId').exec((err, items) => {
|
||
|
if (err) {
|
||
|
err.status = codes.servererror;
|
||
|
return next(err);
|
||
|
}
|
||
|
|
||
|
for (let item of items) {
|
||
|
if (!fractFilter || (fractFilter && item.squadId && item.squadId.fraction === fractFilter)) {
|
||
|
userIds.push(item._id);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
let promotionFilter = {
|
||
|
userId: {'$in': userIds},
|
||
|
};
|
||
|
if (progressFilter) {
|
||
|
promotionFilter.confirmed = 0;
|
||
|
}
|
||
|
|
||
|
PromotionModel.find(promotionFilter, {}, {sort: {timestamp: 'desc'}})
|
||
|
.populate('userId').populate('proposer', resultSet).exec((err, items) => {
|
||
|
if (err) {
|
||
|
err.status = codes.servererror;
|
||
|
return next(err);
|
||
|
}
|
||
|
|
||
|
if (items && items.length > 0) {
|
||
|
res.locals.items = items;
|
||
|
} else {
|
||
|
res.locals.items = [];
|
||
|
}
|
||
|
res.locals.processed = true;
|
||
|
next();
|
||
|
});
|
||
|
});
|
||
|
})
|
||
|
|
||
|
.post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {
|
||
|
const promotion = new PromotionModel(req.body);
|
||
|
promotion.confirmed = 0;
|
||
|
promotion.proposer = req.user._id;
|
||
|
// timestamp and default are set automatically by Mongoose Schema Validation
|
||
|
promotion.save((err) => {
|
||
|
if (err) {
|
||
|
err.status = codes.wrongrequest;
|
||
|
err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
|
||
|
return next(err);
|
||
|
}
|
||
|
res.status(codes.created);
|
||
|
res.locals.items = promotion;
|
||
|
next();
|
||
|
});
|
||
|
})
|
||
|
|
||
|
.all(
|
||
|
routerHandling.httpMethodNotAllowed
|
||
|
);
|
||
|
|
||
|
|
||
|
request.route('/promotion/:id')
|
||
|
.patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
|
||
|
if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
|
||
|
// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
|
||
|
const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + ' ' +
|
||
|
req.body._id);
|
||
|
err.status = codes.notfound;
|
||
|
next(err);
|
||
|
return; // prevent node to process this function further after next() has finished.
|
||
|
}
|
||
|
|
||
|
req.body.updatedAt = new Date();
|
||
|
req.body.$inc = {__v: 1};
|
||
|
|
||
|
// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to
|
||
|
// reset attributes that are missing.
|
||
|
PromotionModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
|
||
|
if (err) {
|
||
|
err.status = codes.wrongrequest;
|
||
|
} else if (!item) {
|
||
|
err = new Error('item not found');
|
||
|
err.status = codes.notfound;
|
||
|
} else {
|
||
|
if (item.confirmed === 1) {
|
||
|
let updateUser = {
|
||
|
_id: item.userId,
|
||
|
rankLvl: item.newRankLvl,
|
||
|
};
|
||
|
UserModel.findByIdAndUpdate(updateUser._id, updateUser, {new: true}, (err, item) => {
|
||
|
if (err) {
|
||
|
err.status = codes.wrongrequest;
|
||
|
} else if (!item) {
|
||
|
err = new Error('user not found');
|
||
|
err.status = codes.notfound;
|
||
|
}
|
||
|
});
|
||
|
}
|
||
|
res.locals.items = item;
|
||
|
}
|
||
|
next(err);
|
||
|
});
|
||
|
})
|
||
|
.all(
|
||
|
routerHandling.httpMethodNotAllowed
|
||
|
);
|
||
|
|
||
|
// this middleware function can be used, if you like or remove it
|
||
|
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
|
||
|
request.use(routerHandling.emptyResponse);
|
||
|
|
||
|
|
||
|
module.exports = request;
|