"use strict"; // modules const express = require('express'); const logger = require('debug')('cc:awardings'); // HTTP status codes by name const codes = require('./http-codes'); const routerHandling = require('../middleware/router-handling'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkSql = require('../middleware/permission-check').checkSql; const checkHl = require('../middleware/permission-check').checkHl; // Mongoose Model using mongoDB const UserModel = require('../models/user'); const AwardingModel = require('../models/awarding'); const PromotionModel = require('../models/promotion'); // result set for proposer(appUser) population const resultSet = { '__v': 0, 'updatedAt': 0, 'timestamp': 0, 'password': 0, 'permission': 0, 'secret': 0, 'activated': 0 }; const request = express.Router(); // routes ********************** request.route('/award') .post(apiAuthenticationMiddleware, checkSql, (req, res, next) => { const award = new AwardingModel(req.body); award.confirmed = 0; award.proposer = req.user._id; // timestamp and default are set automatically by Mongoose Schema Validation award.save((err) => { if (err) { err.status = codes.wrongrequest; err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors); return next(err); } res.status(codes.created); res.locals.items = award; next(); }); }) .all( routerHandling.httpMethodNotAllowed ); request.route('/promotion') .get(apiAuthenticationMiddleware, checkSql, (req, res, next) => { const squadFilter = req.query.squadId; const fractFilter = req.query.fractFilter; const progressFilter = req.query.inProgress; let filter; if (squadFilter) { filter = {squadId: squadFilter}; } let userIds = []; UserModel.find(filter).populate('squadId').exec((err, items) => { if (err) { err.status = codes.servererror; return next(err); } for (let item of items) { if (!fractFilter || (fractFilter && item.squadId && item.squadId.fraction === fractFilter)) { userIds.push(item._id); } } let promotionFilter = { userId: {"$in": userIds} }; if (progressFilter) { promotionFilter.confirmed = 0; } PromotionModel.find(promotionFilter, {}, {sort: {timestamp: 'desc'}}) .populate('userId').populate('proposer', resultSet).exec((err, items) => { if (err) { err.status = codes.servererror; return next(err); } if (items && items.length > 0) { res.locals.items = items; } else { res.locals.items = []; } res.locals.processed = true; next(); }) }); }) .post(apiAuthenticationMiddleware, checkSql, (req, res, next) => { const promotion = new PromotionModel(req.body); promotion.confirmed = 0; promotion.proposer = req.user._id; // timestamp and default are set automatically by Mongoose Schema Validation promotion.save((err) => { if (err) { err.status = codes.wrongrequest; err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors); return next(err); } res.status(codes.created); res.locals.items = promotion; next(); }); }) .all( routerHandling.httpMethodNotAllowed ); request.route('/promotion/:id') .patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => { if (!req.body || (req.body._id && req.body._id !== req.params.id)) { // little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id); err.status = codes.notfound; next(err); return; // prevent node to process this function further after next() has finished. } req.body.updatedAt = new Date(); req.body.$inc = {__v: 1}; // PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing. PromotionModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => { if (err) { err.status = codes.wrongrequest; } else if (!item) { err = new Error("item not found"); err.status = codes.notfound; } else { if (item.confirmed === 1) { let updateUser = { _id: item.userId, rankLvl: item.newRankLvl }; UserModel.findByIdAndUpdate(updateUser._id, updateUser, {new: true}, (err, item) => { if (err) { err.status = codes.wrongrequest; } else if (!item) { err = new Error("user not found"); err.status = codes.notfound; } }); } res.locals.items = item; } next(err); }) }) .all( routerHandling.httpMethodNotAllowed ); // this middleware function can be used, if you like or remove it // it looks for object(s) in res.locals.items and if they exist, they are send to the client as json request.use(routerHandling.emptyResponse); module.exports = request;