opt-cc/api/routes/request.js

"use strict";

// modules
const express = require('express');
const logger = require('debug')('cc:awardings');

// HTTP status codes by name
const codes = require('./http-codes');

const routerHandling = require('../middleware/router-handling');

const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkSql = require('../middleware/permission-check').checkSql;
const checkHl = require('../middleware/permission-check').checkHl;

// Mongoose Model using mongoDB
const UserModel = require('../models/user');
const AwardingModel = require('../models/awarding');
const PromotionModel = require('../models/promotion');

// result set for proposer(appUser) population
const resultSet = {
  '__v': 0,
  'updatedAt': 0,
  'timestamp': 0,
  'password': 0,
  'permission': 0,
  'secret': 0,
  'activated': 0
};

const request = express.Router();


// routes **********************
request.route('/award')

  .post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {
    const award = new AwardingModel(req.body);
    award.confirmed = 0;
    award.proposer = req.user._id;
    // timestamp and default are set automatically by Mongoose Schema Validation
    award.save((err) => {
      if (err) {
        err.status = codes.wrongrequest;
        err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
        return next(err);
      }
      res.status(codes.created);
      res.locals.items = award;
      next();
    });
  })

  .all(
    routerHandling.httpMethodNotAllowed
  );

request.route('/promotion')

  .get((req, res, next) => {
    // TODO: add SQL authentication
    const squadFilter = req.query.squadId;
    const fractFilter = req.query.fractFilter;
    const progressFilter = req.query.inProgress;
    let filter;
    if (squadFilter) {
      filter = {squadId: squadFilter};
    }
    let userIds = [];
    UserModel.find(filter).populate('squadId').exec((err, items) => {
      if (err) {
        err.status = codes.servererror;
        return next(err);
      }

      for (let item of items) {
        if (!fractFilter || (fractFilter && item.squadId && item.squadId.fraction === fractFilter)) {
          userIds.push(item._id);
        }
      }

      let promotionFilter = {
        userId: {"$in": userIds}
      };
      if (progressFilter) {
        promotionFilter.confirmed = 0;
      }

      PromotionModel.find(promotionFilter, {}, {sort: {timestamp: 'desc'}})
        .populate('userId').populate('proposer', resultSet).exec((err, items) => {
        if (err) {
          err.status = codes.servererror;
          return next(err);
        }

        if (items && items.length > 0) {
          res.locals.items = items;
        } else {
          res.locals.items = [];
        }
        res.locals.processed = true;
        next();
      })
    });

  })

  .post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {
    const promotion = new PromotionModel(req.body);
    promotion.confirmed = 0;
    promotion.proposer = req.user._id;
    // timestamp and default are set automatically by Mongoose Schema Validation
    promotion.save((err) => {
      if (err) {
        err.status = codes.wrongrequest;
        err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
        return next(err);
      }
      res.status(codes.created);
      res.locals.items = promotion;
      next();
    });
  })

  .all(
    routerHandling.httpMethodNotAllowed
  );


request.route('/promotion/:id')
  .patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
    if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
      // little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
      const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
      err.status = codes.notfound;
      next(err);
      return; // prevent node to process this function further after next() has finished.
    }

    req.body.updatedAt = new Date();
    req.body.$inc = {__v: 1};

    // PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.
    PromotionModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
      if (err) {
        err.status = codes.wrongrequest;
      }
      else if (!item) {
        err = new Error("item not found");
        err.status = codes.notfound;
      }
      else {
        if (item.confirmed === 1) {
          let updateUser = {
            _id: item.userId,
            rankLvl: item.newRankLvl
          };
          UserModel.findByIdAndUpdate(updateUser._id, updateUser, {new: true}, (err, item) => {
            if (err) {
              err.status = codes.wrongrequest;
            }
            else if (!item) {
              err = new Error("user not found");
              err.status = codes.notfound;
            }
          });
        }
        res.locals.items = item;
      }
      next(err);
    })
  })
  .all(
    routerHandling.httpMethodNotAllowed
  );

// this middleware function can be used, if you like or remove it
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
request.use(routerHandling.emptyResponse);


module.exports = request;
add awarding request for sql 2017-06-09 18:30:35 +02:00			`"use strict";`

			`// modules`
			`const express = require('express');`
			`const logger = require('debug')('cc:awardings');`

			`// HTTP status codes by name`
			`const codes = require('./http-codes');`

			`const routerHandling = require('../middleware/router-handling');`

Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`const apiAuthenticationMiddleware = require('../middleware/auth-middleware');`
			`const checkSql = require('../middleware/permission-check').checkSql;`
			`const checkHl = require('../middleware/permission-check').checkHl;`

add awarding request for sql 2017-06-09 18:30:35 +02:00			`// Mongoose Model using mongoDB`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`const UserModel = require('../models/user');`
add awarding request for sql 2017-06-09 18:30:35 +02:00			`const AwardingModel = require('../models/awarding');`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`const PromotionModel = require('../models/promotion');`

			`// result set for proposer(appUser) population`
			`const resultSet = {`
			`'__v': 0,`
			`'updatedAt': 0,`
			`'timestamp': 0,`
			`'password': 0,`
			`'permission': 0,`
			`'secret': 0,`
			`'activated': 0`
			`};`
add awarding request for sql 2017-06-09 18:30:35 +02:00
			`const request = express.Router();`


			`// routes **********************`
			`request.route('/award')`

Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`.post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {`
add awarding request for sql 2017-06-09 18:30:35 +02:00			`const award = new AwardingModel(req.body);`
Add hl confirmation menus 2017-06-10 22:07:32 +02:00			`award.confirmed = 0;`
add awarding request for sql 2017-06-09 18:30:35 +02:00			`award.proposer = req.user._id;`
			`// timestamp and default are set automatically by Mongoose Schema Validation`
			`award.save((err) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);`
			`return next(err);`
			`}`
			`res.status(codes.created);`
			`res.locals.items = award;`
			`next();`
			`});`
			`})`

			`.all(`
			`routerHandling.httpMethodNotAllowed`
			`);`

			`request.route('/promotion')`

remove sql restriction for promotion get 2017-09-18 19:57:22 +02:00			`.get((req, res, next) => {`
			`// TODO: add SQL authentication`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`const squadFilter = req.query.squadId;`
Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`const fractFilter = req.query.fractFilter;`
			`const progressFilter = req.query.inProgress;`
			`let filter;`
			`if (squadFilter) {`
			`filter = {squadId: squadFilter};`
			`}`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`let userIds = [];`
Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`UserModel.find(filter).populate('squadId').exec((err, items) => {`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`if (err) {`
			`err.status = codes.servererror;`
			`return next(err);`
			`}`
Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`for (let item of items) {`
Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`if (!fractFilter \|\| (fractFilter && item.squadId && item.squadId.fraction === fractFilter)) {`
			`userIds.push(item._id);`
			`}`
			`}`

			`let promotionFilter = {`
			`userId: {"$in": userIds}`
			`};`
			`if (progressFilter) {`
			`promotionFilter.confirmed = 0;`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`}`
Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00
			`PromotionModel.find(promotionFilter, {}, {sort: {timestamp: 'desc'}})`
			`.populate('userId').populate('proposer', resultSet).exec((err, items) => {`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`if (err) {`
			`err.status = codes.servererror;`
			`return next(err);`
			`}`

			`if (items && items.length > 0) {`
			`res.locals.items = items;`
			`} else {`
			`res.locals.items = [];`
			`}`
			`res.locals.processed = true;`
			`next();`
			`})`
			`});`

			`})`

Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00			`.post(apiAuthenticationMiddleware, checkSql, (req, res, next) => {`
Add request routes & ui for promotion 2017-06-10 13:16:15 +02:00			`const promotion = new PromotionModel(req.body);`
			`promotion.confirmed = 0;`
			`promotion.proposer = req.user._id;`
			`// timestamp and default are set automatically by Mongoose Schema Validation`
			`promotion.save((err) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);`
			`return next(err);`
			`}`
			`res.status(codes.created);`
			`res.locals.items = promotion;`
			`next();`
			`});`
			`})`
add awarding request for sql 2017-06-09 18:30:35 +02:00
			`.all(`
			`routerHandling.httpMethodNotAllowed`
			`);`

Optimize sign up ux; Add confirmation for promotion 2017-06-11 13:18:03 +02:00
			`request.route('/promotion/:id')`
			`.patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {`
			`if (!req.body \|\| (req.body._id && req.body._id !== req.params.id)) {`
			`// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match`
			`const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);`
			`err.status = codes.notfound;`
			`next(err);`
			`return; // prevent node to process this function further after next() has finished.`
			`}`

			`req.body.updatedAt = new Date();`
			`req.body.$inc = {__v: 1};`

			`// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.`
			`PromotionModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`}`
			`else if (!item) {`
			`err = new Error("item not found");`
			`err.status = codes.notfound;`
			`}`
			`else {`
			`if (item.confirmed === 1) {`
			`let updateUser = {`
			`_id: item.userId,`
			`rankLvl: item.newRankLvl`
			`};`
			`UserModel.findByIdAndUpdate(updateUser._id, updateUser, {new: true}, (err, item) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`}`
			`else if (!item) {`
			`err = new Error("user not found");`
			`err.status = codes.notfound;`
			`}`
			`});`
			`}`
			`res.locals.items = item;`
			`}`
			`next(err);`
			`})`
			`})`
			`.all(`
			`routerHandling.httpMethodNotAllowed`
			`);`

add awarding request for sql 2017-06-09 18:30:35 +02:00			`// this middleware function can be used, if you like or remove it`
			`// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json`
			`request.use(routerHandling.emptyResponse);`


			`module.exports = request;`