mifi/pfosi-looking-api
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no message

Browse Source
This commit is contained in:
Mike Fitzpatrick
2018-03-05 21:55:31 -05:00
parent 69db9ed152
commit b28456ecb6
2 changed files with 514 additions and 443 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
routes/profiles.js
View File

@@ -38,264 +38,319 @@ function processQueryParams (params) {
} }
function update (req, res, next) { function update (req, res, next) {
Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
var ProfileEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id; var ProfileEvents = new EventEmitter();
var data = req.body; var id = req.params.id;
var data = req.body;
if (!id || !data) { if (!id || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err }); res.status(500).json({ message: 'No profile id or data specified.', err: err });
return; return;
}
ProfileEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.update(ProfileEvents, id, data);
} }
ProfileEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.update(ProfileEvents, id, data);
}); });
} }
function updateMessage (req, res, next) { function updateMessage (req, res, next) {
// Token.verifyThen(req.get('authorization'), 'edit', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return;
// }
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
var messageId = req.params.messageId;
var data = req.body;
if (!profileId || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return; return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
var messageId = req.params.messageId;
var data = req.body;
if (!profileId || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return;
}
ProfileEvents.once('updateMessage', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + profileId + ' [' + err + ']', err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.updateMessage(ProfileEvents, profileId, messageId, data);
} }
});
ProfileEvents.once('updateMessage', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + profileId + ' [' + err + ']', err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.updateMessage(ProfileEvents, profileId, messageId, data);
// });
} }
Router.route('/find' + ParamStr) Router.route('/find' + ParamStr)
.get((req, res) => { .get((req, res) => {
var ProfileEvents = new EventEmitter(); Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
var find = processQueryParams(req.params); if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = { var query = {
find: find, find: find,
select: null, select: null,
options: { options: {
limit: !isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0, limit: !isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0,
skip: !isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0, skip: !isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0,
sort: { 'order': 1 } sort: { 'order': 1 }
} }
}; };
ProfileEvents.once('find', (err, result) => { ProfileEvents.once('find', (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'There was an error getting the getting the profiles [' + err + ']', err: err }); res.status(500).json({ message: 'There was an error getting the getting the profiles [' + err + ']', err: err });
} }
if (result) { if (result) {
res.status(200).json(result); res.status(200).json(result);
} }
});
Profiles.find(ProfileEvents, query);
}
}); });
Profiles.find(ProfileEvents, query);
}); });
Router.route('/list' + ParamStr) Router.route('/list' + ParamStr)
.get((req, res) => { .get((req, res) => {
var ProfileEvents = new EventEmitter(); Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
var find = processQueryParams(req.params); if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = { var query = {
find: find, find: find,
select: { order: 1, 'details.name': 1, 'details.pic.thumb': 1 }, select: { order: 1, 'details.name': 1, 'details.pic.thumb': 1 },
options: { options: {
limit: (!isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0), limit: (!isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0),
skip: (!isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0), skip: (!isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0),
sort: { 'order': 1 } sort: { 'order': 1 }
} }
}; };
ProfileEvents.once('find', (err, result) => { ProfileEvents.once('find', (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'There was an error getting the profile list [' + err + ']', err: err }); res.status(500).json({ message: 'There was an error getting the profile list [' + err + ']', err: err });
} }
if (result) { if (result) {
res.status(200).json(result); res.status(200).json(result);
} }
});
Profiles.find(ProfileEvents, query);
}
}); });
Profiles.find(ProfileEvents, query);
}); });
Router.route('/:profileId/messages/images/:which?') Router.route('/:profileId/messages/images/:which?')
.get((req, res) => { .get((req, res) => {
var method; Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
var ProfileEvents = new EventEmitter(); if (err || (decoded && !decoded.hasPermission)) {
var profileId = req.params.profileId; res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var method;
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
switch (req.params.which) { switch (req.params.which) {
case "all": case "all":
method = 'allChatImages'; method = 'allChatImages';
break; break;
case "sent": case "sent":
method = 'allChatImagesSent'; method = 'allChatImagesSent';
break; break;
case "recd": case "recd":
default: default:
method = 'allChatImagesReceived'; method = 'allChatImagesReceived';
} }
ProfileEvents.once(method, (err, result) => { ProfileEvents.once(method, (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not get chat images for profile ' + profileId + '. [' + err + ']', err: err }); res.status(500).json({ message: 'Could not get chat images for profile ' + profileId + '. [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles[method](ProfileEvents, profileId);
} }
if (result) {
res.status(200).json(result);
}
}); });
Profiles[method](ProfileEvents, profileId);
}); });
Router.route('/:profileId/messages/:messageId?') Router.route('/:profileId/messages/:messageId?')
.delete((req, res) => { .delete((req, res) => {
var ProfileEvents = new EventEmitter(); Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
var profileId = req.params.profileId || null; if (err || (decoded && !decoded.hasPermission)) {
var messageId = req.params.messageId || null; res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null;
ProfileEvents.once('deleteMessage', (err, result) => { ProfileEvents.once('deleteMessage', (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not delete message id: ' + messageId + ' [' + err + ']', err: err }); res.status(500).json({ message: 'Could not delete message id: ' + messageId + ' [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.deleteMessage(ProfileEvents, profileId, messageId);
} }
if (result) {
res.status(200).json(result);
}
}); });
Profiles.deleteMessage(ProfileEvents, profileId, messageId);
}) })
.get((req, res) => { .get((req, res) => {
var ProfileEvents = new EventEmitter(); Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
var profileId = req.params.profileId || null; if (err || (decoded && !decoded.hasPermission)) {
var messageId = req.params.messageId || null; res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
var method = messageId ? 'getMessage' : 'allMessages'; return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null;
var method = messageId ? 'getMessage' : 'allMessages';
ProfileEvents.once(method, (err, result) => { ProfileEvents.once(method, (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not get message' + (messageId ? ' ' : 's ') + 'for profile' + (profileId ? '' : 's') + ' [' + err + ']', err: err }); res.status(500).json({ message: 'Could not get message' + (messageId ? ' ' : 's ') + 'for profile' + (profileId ? '' : 's') + ' [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles[method](ProfileEvents, profileId, messageId);
} }
if (result) {
res.status(200).json(result);
}
}); });
Profiles[method](ProfileEvents, profileId, messageId);
}) })
.patch( updateMessage ) .patch( updateMessage )
.put( updateMessage ); .put( updateMessage );
Router.route('/:id?') Router.route('/:id?')
.delete( (req, res) => { .delete( (req, res) => {
// Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
var ProfileEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id; var ProfileEvents = new EventEmitter();
var id = req.params.id;
ProfileEvents.once('delete', (err, result) => { ProfileEvents.once('delete', (err, result) => {
if (err) { if (err) {
res.status(500).json({message: 'Could not delete profile id: ' + id, err: err}); res.status(500).json({message: 'Could not delete profile id: ' + id, err: err});
} }
if (result) { if (result) {
res.status(204).json({}); res.status(204).json({});
} }
}); });
Profiles.delete(ProfileEvents, id); Profiles.delete(ProfileEvents, id);
// }); }
});
}) })
.get( (req, res) => { .get( (req, res) => {
// Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
var ProfileEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id || null; var ProfileEvents = new EventEmitter();
var method = id ? 'get' : 'all'; var id = req.params.id || null;
var method = id ? 'get' : 'all';
ProfileEvents.once(method, (err, result) => { ProfileEvents.once(method, (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not get profile' + (id ? '' : 's'), err: err }); res.status(500).json({ message: 'Could not get profile' + (id ? '' : 's'), err: err });
} }
if (result) { if (result) {
res.status(200).json(result); res.status(200).json(result);
} }
}); });
Profiles[method](ProfileEvents, id); Profiles[method](ProfileEvents, id);
// }); }
});
}) })
.patch( update ) .patch( update )
.post((req, res) => { .post((req, res) => {
// Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => {
// if (err) { if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return; return;
// } }
var ProfileEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var profile = Array.isArray(req.body) ? req.body : [ req.body ]; var ProfileEvents = new EventEmitter();
var multi = profile.length > 1; var profile = Array.isArray(req.body) ? req.body : [ req.body ];
var multi = profile.length > 1;
ProfileEvents.once('create', (err, result) => { ProfileEvents.once('create', (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not create profile' + (multi ? 's' : ''), err: err, profile: profile }); res.status(500).json({ message: 'Could not create profile' + (multi ? 's' : ''), err: err, profile: profile });
} }
if (result) { if (result) {
res.status(200).json(result); res.status(200).json(result);
} }
}); });
Profiles.create(ProfileEvents, profile); Profiles.create(ProfileEvents, profile);
// }); }
});
}) })
.put( update ); .put( update );

524
routes/users.js
View File

@@ -5,156 +5,25 @@ var Token = require('../modules/token');
var UserModel = require('../models/user'); var UserModel = require('../models/user');
function updateUser (req, res, next) { function updateUser (req, res, next) {
Token.verifyThen(req.get('authorization'), ['view', 'super'], (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
var UserEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id;
var data = req.body;
if (id === decoded.data.uid || decoded.canElevate) {
if (!decoded.canElevate) {
delete data.permission;
}
UserEvents.once('updateUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update user id ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUser(UserEvents, id, data);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
});
}
function updateUserSetting (req, res, next) {
console.log('[UsersRoute::updateUserSetting]');
console.log('req.params: ', req.params);
console.log('req.body: ', req.body);
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var settingsId = req.params.settingsId;
var data = req.body;
UserEvents.once('updateUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not update setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUserSetting(UserEvents, userId, settingsId, data);
});
}
Router.route('/')
.post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter(); var UserEvents = new EventEmitter();
var user = req.body; var id = req.params.id;
var data = req.body;
UserEvents.once('createUser', (err, result) => { if (id === decoded.data.uid || decoded.canElevate) {
if (err) { if (!decoded.canElevate) {
res.status(500).json({ message: 'Could not create user', err: err }); delete data.permission;
} }
if (result) {
res.status(200).json(result);
}
});
UserModel.createUser(UserEvents, user);
});
});
Router.route('/search/:find?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter(); UserEvents.once('updateUser', (err, result) => {
// Process parameters
var find = req.params.find ? decodeURIComponent(req.params.find) : false;
if (find) {
find = {
'userName': new RegExp(find, 'i'),
'name.last': new RegExp(find, 'i'),
'name.first': new RegExp(find, 'i'),
'email': new RegExp(find, 'i')
};
}
// Setup query object
var query = {
find: find || (req.query.find ? JSON.parse(decodeURIComponent(req.query.find)) : {}),
select: req.query.select ? decodeURIComponent(req.query.select) : null,
options: {
limit: req.query.limit ? parseInt(req.query.limit) : 0,
skip: req.query.ski ? parseInt(req.query.skip) : 0,
sort: req.query.sort ? JSON.parse(decodeURIComponent(req.query.sort)) : { 'userName': 1 }
}
};
UserEvents.once('getUsers', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error performing the user search', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.getUsers(UserEvents, query);
});
});
Router.route('/validate/:username?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var username = req.params.username || '';
if (username && username.length >= 4) {
UserEvents.once('isUserNameUnique', (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not validate username: ' + username, err: err }); res.status(500).json({message: 'Could not update user id ' + id, err: err});
} }
if (result) { if (result) {
@@ -162,109 +31,165 @@ Router.route('/validate/:username?')
} }
}); });
UserModel.isUserNameUnique(UserEvents, username); UserModel.updateUser(UserEvents, id, data);
} else { } else {
res.status(200).json({ unique: null, length: false }); res.status(403).json({ message: 'User not authorized to perform this action.' });
}
}
});
}
function updateUserSetting (req, res, next) {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var settingsId = req.params.settingsId;
var data = req.body;
UserEvents.once('updateUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not update setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUserSetting(UserEvents, userId, settingsId, data);
}
});
}
Router.route('/')
.post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var user = req.body;
UserEvents.once('createUser', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUser(UserEvents, user);
}
});
});
Router.route('/search/:find?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
// Process parameters
var find = req.params.find ? decodeURIComponent(req.params.find) : false;
if (find) {
find = {
'userName': new RegExp(find, 'i'),
'name.last': new RegExp(find, 'i'),
'name.first': new RegExp(find, 'i'),
'email': new RegExp(find, 'i')
};
}
// Setup query object
var query = {
find: find || (req.query.find ? JSON.parse(decodeURIComponent(req.query.find)) : {}),
select: req.query.select ? decodeURIComponent(req.query.select) : null,
options: {
limit: req.query.limit ? parseInt(req.query.limit) : 0,
skip: req.query.ski ? parseInt(req.query.skip) : 0,
sort: req.query.sort ? JSON.parse(decodeURIComponent(req.query.sort)) : { 'userName': 1 }
}
};
UserEvents.once('getUsers', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error performing the user search', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.getUsers(UserEvents, query);
}
});
});
Router.route('/validate/:username?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var username = req.params.username || '';
if (username && username.length >= 4) {
UserEvents.once('isUserNameUnique', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not validate username: ' + username, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.isUserNameUnique(UserEvents, username);
} else {
res.status(200).json({ unique: null, length: false });
}
} }
}); });
}); });
Router.route('/force-password-reset/:id') Router.route('/force-password-reset/:id')
.post( (req, res, next) => { .post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
var UserEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id; var UserEvents = new EventEmitter();
var id = req.params.id;
UserEvents.once('forcePasswordReset', (err, result) => { UserEvents.once('forcePasswordReset', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not force password reset for the user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.forcePasswordReset(UserEvents, id);
});
});
Router.route('/:id/settings/:key?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id;
var key = req.params.key || false;
var method = key ? 'getUserSetting' : 'getUserSettings';
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get setting' + (key ? ' key:' + key : 's') + ' for user ' + (id ? id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id, key);
});
});
Router.route('/:userId/settings/:settingsId?')
.patch( updateUserSetting )
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var data = req.body;
UserEvents.once('createUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUserSetting(UserEvents, userId, data);
});
})
.put( updateUserSetting );
Router.route('/:id?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), ['viewPublicDetails', 'manageUsers'], (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err });
return;
}
var UserEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getUser' : 'getUsers';
if ((id === decoded.data.uid && method === 'getUser') || decoded.canElevate) {
UserEvents.once(method, (err, result) => {
if (err) { if (err) {
res.status(500).json({ message: 'Could not get user' + (id ? '' : 's'), err: err }); res.status(500).json({ message: 'Could not force password reset for the user', err: err });
} }
if (result) { if (result) {
@@ -272,40 +197,131 @@ Router.route('/:id?')
} }
}); });
UserModel[method](UserEvents, id || false, !decoded.canElevate); UserModel.forcePasswordReset(UserEvents, id);
} else { }
res.status(403).json({ message: 'User not authorized to perform this action.' }); });
});
Router.route('/:id/settings/:key?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id;
var key = req.params.key || false;
var method = key ? 'getUserSetting' : 'getUserSettings';
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get setting' + (key ? ' key:' + key : 's') + ' for user ' + (id ? id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id, key);
}
});
});
Router.route('/:userId/settings/:settingsId?')
.patch( updateUserSetting )
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var data = req.body;
UserEvents.once('createUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUserSetting(UserEvents, userId, data);
}
});
})
.put( updateUserSetting );
Router.route('/:id?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getUser' : 'getUsers';
if ((id === decoded.data.uid && method === 'getUser') || decoded.canElevate) {
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get user' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id || false, !decoded.canElevate);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
} }
}); });
}) })
.put( updateUser ) .put( updateUser )
.patch( updateUser ) .patch( updateUser )
.delete( (req, res, next) => { .delete( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageUsers', (err, decoded) => { Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err) { if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err }); res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return; return;
} }
var UserEvents = new EventEmitter(); if (decoded && decoded.hasPermission) {
var id = req.params.id; var UserEvents = new EventEmitter();
var id = req.params.id;
if (id === decoded.data.uid) { if (id === decoded.data.uid) {
res.status(403).json({ message: 'You cannot delete yourself. Surely it isn\'t that bad?!' }); res.status(403).json({ message: 'You cannot delete yourself. Surely it isn\'t that bad?!' });
return; return;
}
UserEvents.once('deleteUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete user id ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
UserModel.deleteUser(UserEvents, id);
} }
UserEvents.once('deleteUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete user id ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
UserModel.deleteUser(UserEvents, id);
}); });
}); });