2017-05-10 11:04:06 +02:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
// modules
|
|
|
|
const express = require('express');
|
|
|
|
const fs = require('fs');
|
|
|
|
const logger = require('debug')('me2u5:users');
|
|
|
|
|
|
|
|
// HTTP status codes by name
|
|
|
|
const codes = require('./http-codes');
|
|
|
|
|
|
|
|
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
|
2017-06-08 13:14:53 +02:00
|
|
|
const checkHl = require('../middleware/permission-check').checkHl;
|
2017-05-10 11:04:06 +02:00
|
|
|
const sortCollectionBy = require('../middleware/util').sortCollection;
|
|
|
|
const routerHandling = require('../middleware/router-handling');
|
|
|
|
|
|
|
|
// Mongoose Model using mongoDB
|
|
|
|
const UserModel = require('../models/user');
|
|
|
|
const RankModel = require('../models/rank');
|
|
|
|
const AwardingModel = require('../models/awarding');
|
|
|
|
|
|
|
|
const resultSet = {'__v': 0, 'updatedAt': 0, 'timestamp': 0};
|
|
|
|
|
|
|
|
|
|
|
|
const users = express.Router();
|
|
|
|
|
|
|
|
// routes **********************
|
|
|
|
users.route('/')
|
|
|
|
.get((req, res, next) => {
|
|
|
|
if (req.query.simple) {
|
|
|
|
UserModel.find({}, res.locals.filter, res.locals.limitskip, (err, items) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
// if the collection is empty we do not send empty arrays back.
|
|
|
|
|
|
|
|
res.locals.items = items;
|
|
|
|
res.locals.processed = true;
|
|
|
|
next();
|
|
|
|
})
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
const nameQuery = req.query.q;
|
|
|
|
const fractionFilter = req.query.fractFilter;
|
2017-06-09 18:30:35 +02:00
|
|
|
const squadFilter = req.query.squadId;
|
2017-05-10 11:04:06 +02:00
|
|
|
|
2017-06-09 18:30:35 +02:00
|
|
|
UserModel.find({}, (err, users) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
if (err) return next(err);
|
|
|
|
if (users.length === 0) {
|
|
|
|
res.locals.items = users;
|
|
|
|
res.locals.processed = true;
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
let resUsers = [];
|
|
|
|
let rowsLength = users.length;
|
|
|
|
users.forEach((user) => {
|
|
|
|
// filter by name
|
|
|
|
if (!nameQuery || (nameQuery && user.username.toLowerCase().includes(nameQuery.toLowerCase()))) {
|
|
|
|
getExtendedUser(user, next, (extUser) => {
|
2017-06-09 18:30:35 +02:00
|
|
|
|
|
|
|
// filter by squad
|
|
|
|
if (squadFilter) {
|
|
|
|
if (extUser.squad && extUser.squad._id.toString() === squadFilter) {
|
|
|
|
resUsers.push(extUser);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
rowsLength -= 1;
|
|
|
|
}
|
|
|
|
}
|
2017-05-10 11:04:06 +02:00
|
|
|
// filter by fraction
|
2017-06-09 18:30:35 +02:00
|
|
|
else if (!fractionFilter ||
|
2017-05-23 13:16:47 +02:00
|
|
|
(fractionFilter && extUser.squad && extUser.squad.fraction.toLowerCase() === fractionFilter) ||
|
|
|
|
(fractionFilter && fractionFilter === 'unassigned' && !extUser.squad)) {
|
2017-05-10 11:04:06 +02:00
|
|
|
resUsers.push(extUser);
|
|
|
|
} else {
|
|
|
|
rowsLength -= 1;
|
|
|
|
}
|
|
|
|
if (resUsers.length === rowsLength) {
|
|
|
|
resUsers = sortCollectionBy(resUsers, 'username');
|
|
|
|
res.locals.items = resUsers;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
rowsLength -= 1;
|
|
|
|
// no user matching query - return empty []
|
|
|
|
if (rowsLength === 0) {
|
|
|
|
res.locals.items = resUsers;
|
|
|
|
res.locals.processed = true;
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
2017-06-08 13:14:53 +02:00
|
|
|
.post(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
const user = new UserModel(req.body);
|
|
|
|
// timestamp and default are set automatically by Mongoose Schema Validation
|
|
|
|
user.save((err) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.wrongrequest;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
res.status(codes.created);
|
2017-05-14 16:35:44 +02:00
|
|
|
getExtendedUser(user, next, (extUser) => {
|
|
|
|
res.locals.items = extUser;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
})
|
2017-05-10 11:04:06 +02:00
|
|
|
});
|
|
|
|
})
|
|
|
|
|
|
|
|
.all(routerHandling.httpMethodNotAllowed);
|
|
|
|
|
|
|
|
|
|
|
|
users.route('/:id')
|
|
|
|
.get((req, res, next) => {
|
|
|
|
|
|
|
|
UserModel.findById(req.params.id, (err, item) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
else if (!item) {
|
|
|
|
err = new Error("item not found");
|
|
|
|
err.status = codes.notfound;
|
|
|
|
return next(err);
|
|
|
|
} else if (req.query.simple) {
|
|
|
|
res.locals.items = item;
|
|
|
|
next();
|
|
|
|
}
|
|
|
|
getExtendedUser(item, next, (extUser) => {
|
|
|
|
res.locals.items = extUser;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
})
|
|
|
|
|
|
|
|
});
|
|
|
|
})
|
|
|
|
|
2017-06-08 13:14:53 +02:00
|
|
|
.patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
|
|
|
|
// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
|
|
|
|
const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
|
|
|
|
err.status = codes.notfound;
|
|
|
|
next(err);
|
|
|
|
return; // prevent node to process this function further after next() has finished.
|
|
|
|
}
|
|
|
|
|
|
|
|
// optional task 3: increment version manually as we do not use .save(.)
|
|
|
|
req.body.updatedAt = new Date();
|
|
|
|
req.body.$inc = {__v: 1};
|
|
|
|
|
|
|
|
// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.
|
|
|
|
UserModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.wrongrequest;
|
|
|
|
}
|
|
|
|
else if (!item) {
|
|
|
|
err = new Error("item not found");
|
|
|
|
err.status = codes.notfound;
|
|
|
|
} else if (req.query.simple) {
|
|
|
|
res.locals.items = item;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
UserModel.findById(item._id, (err, user) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
if (!user) {
|
|
|
|
res.locals.items = {};
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
}
|
|
|
|
getExtendedUser(user, next, (extUser) => {
|
|
|
|
res.locals.items = extUser;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2017-06-08 13:14:53 +02:00
|
|
|
.put(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
|
2017-05-13 14:57:40 +02:00
|
|
|
// first check that the given element id is the same as the URL id
|
|
|
|
if (!req.body || req.body._id !== req.params.id) {
|
|
|
|
// the URL does not fit the given element
|
|
|
|
var err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
|
|
|
|
err.status = codes.notfound;
|
|
|
|
next(err);
|
|
|
|
return; // prevent node to process this function further after next() has finished.
|
|
|
|
}
|
|
|
|
// main difference of PUT and PATCH is that PUT expects all data in request: checked by using the schema
|
2017-06-08 19:46:36 +02:00
|
|
|
var user = new UserModel(req.body);
|
2017-05-13 14:57:40 +02:00
|
|
|
UserModel.findById(req.params.id, req.body, {new: true}, function (err, item) {
|
|
|
|
// with parameter {new: true} the TweetNModel will return the new and changed object from the DB and not the old one.
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.wrongrequest;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
else if (!item) {
|
|
|
|
err = new Error("item not found");
|
|
|
|
err.status = codes.notfound;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
// optional task 3b: check that version is still accurate
|
2017-06-08 19:46:36 +02:00
|
|
|
else if (user.__v !== item.__v) {
|
2017-05-13 14:57:40 +02:00
|
|
|
err = new Error("version outdated. Meanwhile update on item happened. Please GET resource again")
|
|
|
|
err.status = codes.conflict;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
// now update all fields in DB item with body data in variable video
|
|
|
|
for (var field in UserModel.schema.paths) {
|
|
|
|
if ((field !== '_id') && (field !== '__v')) {
|
|
|
|
// this includes undefined. is important to reset attributes that are missing in req.body
|
2017-06-08 19:46:36 +02:00
|
|
|
item.set(field, user[field]);
|
2017-05-13 14:57:40 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// optional task 3: update updatedAt and increase version
|
|
|
|
item.updatedAt = new Date();
|
|
|
|
item.increment(); // this sets __v++
|
|
|
|
item.save(function (err) {
|
|
|
|
if (!err) {
|
|
|
|
res.locals.items = item;
|
|
|
|
} else {
|
|
|
|
err.status = codes.wrongrequest;
|
|
|
|
err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
|
|
|
|
}
|
|
|
|
getExtendedUser(item, next, (extUser) => {
|
|
|
|
res.locals.items = extUser;
|
|
|
|
res.locals.processed = true;
|
|
|
|
return next();
|
|
|
|
})
|
|
|
|
});
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2017-06-08 13:14:53 +02:00
|
|
|
.delete(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
|
2017-05-10 11:04:06 +02:00
|
|
|
UserModel.findByIdAndRemove(req.params.id, (err, item) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.wrongrequest;
|
|
|
|
}
|
|
|
|
else if (!item) {
|
|
|
|
err = new Error("item not found");
|
|
|
|
err.status = codes.notfound;
|
|
|
|
}
|
|
|
|
|
|
|
|
// deleted all awardings linked to this user
|
|
|
|
AwardingModel.find({userId: req.params.id}).remove().exec();
|
|
|
|
|
|
|
|
// check if signature exists and delete compressed and uncompressed file
|
|
|
|
const fileMinified = __dirname + '/../resource/signature/' + req.params.id + '.png';
|
|
|
|
if (fs.existsSync(fileMinified)) {
|
2017-07-15 10:54:35 +02:00
|
|
|
fs.unlink(fileMinified, (err) => {
|
|
|
|
});
|
2017-05-10 11:04:06 +02:00
|
|
|
}
|
|
|
|
const file = __dirname + '/../resource/signature/big/' + req.params.id + '.png';
|
|
|
|
if (fs.existsSync(file)) {
|
2017-07-15 10:54:35 +02:00
|
|
|
fs.unlink(file, (err) => {
|
|
|
|
});
|
2017-05-10 11:04:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// we don't set res.locals.items and thus it will send a 204 (no content) at the end. see last handler user.use(..)
|
|
|
|
res.locals.processed = true;
|
|
|
|
next(err); // this works because err is in normal case undefined and that is the same as no parameter
|
|
|
|
});
|
|
|
|
})
|
|
|
|
|
|
|
|
.all(
|
|
|
|
routerHandling.httpMethodNotAllowed
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
// this middleware function can be used, if you like or remove it
|
|
|
|
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
|
|
|
|
users.use(routerHandling.emptyResponse);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create model for single extended user and
|
|
|
|
* return via callback
|
|
|
|
*/
|
|
|
|
let getExtendedUser = (user, next, callback) => {
|
|
|
|
let extUser = {};
|
|
|
|
UserModel.findById(user._id, resultSet)
|
|
|
|
.populate('squadId', resultSet).exec((err, member) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
extUser._id = user._id;
|
|
|
|
extUser.username = user.username;
|
|
|
|
extUser.squad = member.squadId;
|
|
|
|
|
|
|
|
if (extUser.squad) {
|
|
|
|
RankModel.findOne({
|
|
|
|
level: member.rankLvl,
|
|
|
|
fraction: member.squadId.fraction
|
|
|
|
}, resultSet, (err, rank) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
extUser.rank = rank;
|
|
|
|
}).then(() => {
|
|
|
|
addAwards(extUser).then(() => {
|
|
|
|
callback(extUser);
|
|
|
|
})
|
|
|
|
})
|
|
|
|
} else {
|
2017-05-13 14:57:40 +02:00
|
|
|
extUser.rank = {level: user.rankLvl};
|
2017-05-10 11:04:06 +02:00
|
|
|
addAwards(extUser).then(() => {
|
|
|
|
callback(extUser);
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
};
|
|
|
|
|
|
|
|
let addAwards = (extUser) => {
|
|
|
|
return AwardingModel.find({userId: extUser._id}, resultSet, {sort: {date: 'desc'}})
|
|
|
|
.populate('decorationId', resultSet)
|
|
|
|
.exec((err, awards) => {
|
|
|
|
if (err) {
|
|
|
|
err.status = codes.servererror;
|
|
|
|
return next(err);
|
|
|
|
}
|
|
|
|
extUser.awards = awards;
|
|
|
|
})
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = users;
|