111 lines
2.4 KiB
JavaScript
111 lines
2.4 KiB
JavaScript
const aqp = require('api-query-params');
|
|
const errors = require('restify-errors');
|
|
|
|
const config = require('../config');
|
|
const User = require('../models/user');
|
|
const { PUBLIC, STAFF } = require('../strategies/selects/user');
|
|
|
|
module.exports = function (server, auth) {
|
|
server.post('/users', auth.manager, (req, res, next) => {
|
|
let { password = null, ...data } = req.body || {};
|
|
|
|
let user = new User(data);
|
|
user.save(function(err) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(new errors.InternalError(err.message));
|
|
next();
|
|
}
|
|
|
|
if (password) {
|
|
user.setPassword(password);
|
|
}
|
|
|
|
res.send(201);
|
|
next();
|
|
});
|
|
});
|
|
|
|
server.get('/users', auth.manager, (req, res, next) => {
|
|
const { filter } = aqp(req.query);
|
|
const select = req.user.isManager ? STAFF : PUBLIC;
|
|
|
|
User.find(filter, select, function (err, docs) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
}
|
|
|
|
res.send(docs);
|
|
next();
|
|
});
|
|
});
|
|
|
|
server.get('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
|
|
const select = req.user.isManager ? STAFF : PUBLIC;
|
|
|
|
User.findOne({ _id: req.params.user_id }, select, function (err, doc) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
}
|
|
|
|
res.send(req.user.isManager ? doc : doc.toProfileJSON());
|
|
next();
|
|
});
|
|
});
|
|
|
|
server.put('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
|
|
let data = req.body || {};
|
|
|
|
if (!data._id) {
|
|
data = Object.assign({}, data, { _id: req.params.user_id });
|
|
}
|
|
|
|
User.findOne({ _id: req.params.user_id }, function (err, doc) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
} else if (!doc) {
|
|
return next(
|
|
new errors.ResourceNotFoundError(
|
|
'The resource you requested could not be found.',
|
|
),
|
|
);
|
|
}
|
|
|
|
User.update({ _id: data._id }, data, function (err) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
}
|
|
|
|
res.send(200, data);
|
|
next();
|
|
});
|
|
});
|
|
});
|
|
|
|
server.del('/users/:user_id', auth.manager, (req, res, next) => {
|
|
User.deleteOne({ _id: req.params.user_id }, function (err) {
|
|
if (err) {
|
|
console.error(err);
|
|
return next(
|
|
new errors.InvalidContentError(err),
|
|
);
|
|
}
|
|
|
|
res.send(204);
|
|
next();
|
|
});
|
|
});
|
|
};
|