diff --git a/routes/bids.js b/routes/bids.js index eb1fef7..2fae132 100644 --- a/routes/bids.js +++ b/routes/bids.js @@ -4,11 +4,6 @@ const Bid = require('../models/bid'); module.exports = function(server) { server.post('/bids', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -30,7 +25,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -44,7 +39,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -54,11 +49,6 @@ module.exports = function(server) { }); server.put('/bids/:bid_id', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -70,7 +60,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } else if (!doc) { return next( @@ -84,7 +74,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -99,7 +89,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } diff --git a/routes/events.js b/routes/events.js index eab7f05..61cea6c 100644 --- a/routes/events.js +++ b/routes/events.js @@ -4,11 +4,6 @@ const Event = require('../models/event'); module.exports = function(server) { server.post('/events', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -30,7 +25,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -44,7 +39,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -54,11 +49,6 @@ module.exports = function(server) { }); server.put('/events/:event_id', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -70,7 +60,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } else if (!doc) { return next( @@ -84,7 +74,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -99,7 +89,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } diff --git a/routes/installs.js b/routes/installs.js index bc377c3..27ad68e 100644 --- a/routes/installs.js +++ b/routes/installs.js @@ -4,11 +4,6 @@ const Install = require('../models/install'); module.exports = function(server) { server.post('/installs', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -30,7 +25,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -44,7 +39,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -54,11 +49,6 @@ module.exports = function(server) { }); server.put('/installs/:install_id', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -70,7 +60,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } else if (!doc) { return next( @@ -84,7 +74,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -99,7 +89,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } diff --git a/routes/items.js b/routes/items.js index 2f60ba1..71ce493 100644 --- a/routes/items.js +++ b/routes/items.js @@ -1,18 +1,14 @@ +const aqp = require('api-query-params'); const errors = require('restify-errors'); const Item = require('../models/item'); +const { PUBLIC, STAFF } = require('../strategies/selects/item'); module.exports = function(server) { server.post('/items', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } + const data = req.body || {}; + const item = new Item(data); - let data = req.body || {}; - - let item = new Item(data); item.save(function(err) { if (err) { console.error(err); @@ -26,11 +22,13 @@ module.exports = function(server) { }); server.get('/items', (req, res, next) => { - Item.apiQuery(req.params, function(err, docs) { + const select = req.user.isManager ? STAFF : PUBLIC; + + Item.find(req.params, select, function(err, docs) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -40,11 +38,13 @@ module.exports = function(server) { }); server.get('/items/:item_id', (req, res, next) => { - Item.findOne({ _id: req.params.item_id }, function(err, doc) { + const select = req.user.isManager ? STAFF : PUBLIC; + + Item.findOne({ _id: req.params.item_id }, select, function(err, doc) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -54,12 +54,6 @@ module.exports = function(server) { }); server.put('/items/:item_id', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } - let data = req.body || {}; if (!data._id) { @@ -70,7 +64,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } else if (!doc) { return next( @@ -80,11 +74,11 @@ module.exports = function(server) { ); } - Item.update({ _id: data._id }, data, function(err) { + Item.updateOne({ _id: data._id }, data, function(err) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -99,7 +93,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } diff --git a/routes/sales.js b/routes/sales.js index 48c0d4b..4601386 100644 --- a/routes/sales.js +++ b/routes/sales.js @@ -10,11 +10,6 @@ const Sale = require('../models/sale'); module.exports = function(server) { server.post('/sales', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -36,7 +31,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -50,7 +45,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -60,11 +55,6 @@ module.exports = function(server) { }); server.put('/sales/:sale_id', (req, res, next) => { - if (!req.is('application/json')) { - return next( - new errors.InvalidContentError("Expects 'application/json'"), - ); - } let data = req.body || {}; @@ -76,7 +66,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } else if (!doc) { return next( @@ -90,7 +80,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } @@ -105,7 +95,7 @@ module.exports = function(server) { if (err) { console.error(err); return next( - new errors.InvalidContentError(err.errors.name.message), + new errors.InvalidContentError(err), ); } diff --git a/routes/users.js b/routes/users.js index 6658f91..a969b51 100644 --- a/routes/users.js +++ b/routes/users.js @@ -2,7 +2,7 @@ const aqp = require('api-query-params'); const errors = require('restify-errors'); const User = require('../models/user'); -const { PUBLIC, PROTECTED } = require('../strategies/selects/user'); +const { PUBLIC, STAFF } = require('../strategies/selects/user'); module.exports = function (server, auth) { server.post('/users', auth.manager, (req, res, next) => { @@ -27,7 +27,7 @@ module.exports = function (server, auth) { server.get('/users', auth.manager, (req, res, next) => { const { filter } = aqp(req.query); - const select = req.user.isManager ? PROTECTED : PUBLIC; + const select = req.user.isManager ? STAFF : PUBLIC; User.find(filter, select, function (err, docs) { if (err) { @@ -43,7 +43,7 @@ module.exports = function (server, auth) { }); server.get('/users/:user_id', auth.managerOrSelf, (req, res, next) => { - const select = req.user.isManager ? PROTECTED : PUBLIC; + const select = req.user.isManager ? STAFF : PUBLIC; User.findOne({ _id: req.params.user_id }, select, function (err, doc) { if (err) { diff --git a/strategies/selects/item.js b/strategies/selects/item.js new file mode 100644 index 0000000..7812750 --- /dev/null +++ b/strategies/selects/item.js @@ -0,0 +1,12 @@ +module.exports = { + PUBLIC: { + reservePrice: 0, + bidders: 0, + hideBeforeStart: 0, + hideAfterEnd: 0, + notifyOnAvailable: 0, + organizationTake: 0, + }, + STAFF: {}, +}; + diff --git a/strategies/selects/user.js b/strategies/selects/user.js index 6915078..7207634 100644 --- a/strategies/selects/user.js +++ b/strategies/selects/user.js @@ -5,6 +5,6 @@ module.exports = { organizationIdentifier: 0, paymentToken: 0, }, - PROTECTED: {}, + STAFF: {}, };