opt-cc/api/routes/awardings.js

150 lines
5.7 KiB
JavaScript
Raw Normal View History

2018-03-12 09:26:44 +01:00
'use strict';
2017-05-10 11:04:06 +02:00
// modules
const express = require('express');
// HTTP status codes by name
const codes = require('./http-codes');
const routerHandling = require('../middleware/router-handling');
2017-06-09 18:30:35 +02:00
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkHl = require('../middleware/permission-check').checkHl;
2017-05-10 11:04:06 +02:00
// Mongoose Model using mongoDB
const AwardingModel = require('../models/awarding');
2017-06-09 18:30:35 +02:00
// result set for proposer(appUser) population
const resultSet = {
2018-03-12 09:59:43 +01:00
'__v': 0, 'updatedAt': 0, 'timestamp': 0, 'password': 0, 'permission': 0, 'secret': 0, 'activated': 0,
2017-06-09 18:30:35 +02:00
};
const awarding = new express.Router();
2017-05-10 11:04:06 +02:00
// routes **********************
awarding.route('/')
2018-02-26 09:04:27 +01:00
.get((req, res, next) => {
const filter = {};
if (req.query.userId) {
filter.userId = req.query.userId;
}
if (req.query.inProgress) {
filter.confirmed = 0;
2017-06-10 22:07:32 +02:00
}
2018-02-26 09:04:27 +01:00
if (req.query.simple) {
AwardingModel.find(filter, {}, {sort: {date: 'desc'}}, (err, items) => {
if (err) {
err.status = codes.servererror;
return next(err);
// with return before (or after) the next(err) we prevent that the code continues here after next(err)
// has finished. this saves an extra else {..}
}
// if the collection is empty we do not send empty arrays back.
if (items && items.length > 0) {
res.locals.items = items;
}
res.locals.processed = true;
next();
});
} else {
AwardingModel.find(filter, {}, {sort: {date: 'desc'}})
2018-03-19 20:32:59 +01:00
.populate('decorationId').populate('proposer', resultSet)
2018-03-12 09:59:43 +01:00
.exec((err, items) => {
if (err) {
err.status = codes.servererror;
return next(err);
// with return before (or after) the next(err) we prevent that the code continues here
// after next(err) has finished. this saves an extra else {..}
}
let results = [];
if (req.query.fractFilter) {
for (let item of items) {
if (item.decorationId.fraction === req.query.fractFilter) {
results.push(item);
}
}
res.locals.items = results;
} else {
res.locals.items = items;
}
res.locals.processed = true;
next();
});
2018-02-26 09:04:27 +01:00
}
})
.post(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
const award = new AwardingModel(req.body);
award.confirmed = 1;
award.proposer = req.user._id;
// timestamp and default are set automatically by Mongoose Schema Validation
award.save((err) => {
if (err) {
err.status = codes.wrongrequest;
err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
return next(err);
}
res.status(codes.created);
res.locals.items = award;
next();
});
})
2018-03-12 09:59:43 +01:00
.all(routerHandling.httpMethodNotAllowed);
2017-05-10 11:04:06 +02:00
awarding.route('/:id')
2017-06-10 22:07:32 +02:00
2018-02-26 09:04:27 +01:00
.patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + ' ' +
req.body._id);
2018-02-26 09:04:27 +01:00
err.status = codes.notfound;
next(err);
return; // prevent node to process this function further after next() has finished.
}
req.body.updatedAt = new Date();
req.body.$inc = {__v: 1};
// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to
// reset attributes that are missing.
AwardingModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
if (err) {
err.status = codes.wrongrequest;
2018-03-12 09:26:44 +01:00
} else if (!item) {
err = new Error('item not found');
2018-02-26 09:04:27 +01:00
err.status = codes.notfound;
2018-03-12 09:26:44 +01:00
} else {
2018-02-26 09:04:27 +01:00
res.locals.items = item;
}
next(err);
2018-03-12 09:26:44 +01:00
});
2018-02-26 09:04:27 +01:00
})
.delete(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
AwardingModel.findByIdAndRemove(req.params.id, (err, item) => {
if (err) {
err.status = codes.wrongrequest;
2018-03-12 09:26:44 +01:00
} else if (!item) {
err = new Error('item not found');
2018-02-26 09:04:27 +01:00
err.status = codes.notfound;
}
// we don't set res.locals.items and thus it will send a 204 (no content) at the end. see last handler
// user.use(..)
res.locals.processed = true;
next(err); // this works because err is in normal case undefined and that is the same as no parameter
});
})
2018-03-12 09:59:43 +01:00
.all(routerHandling.httpMethodNotAllowed);
2017-05-10 11:04:06 +02:00
// this middleware function can be used, if you like or remove it
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
awarding.use(routerHandling.emptyResponse);
module.exports = awarding;