summaryrefslogblamecommitdiffstats
path: root/server/api/users.js
blob: 1a724ac4742cfb46e3229eda6e78c5642edac0b9 (plain) (tree)
1
2
3
4
5
6
7
                     
                          
                                                         


                                                   
                                                                          


















                                                                                       



                                 

                         
   


















                                                                               
 






                                               
                                         

  
































                                                                                                                                                              

                                                                               
 
                              
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
var authentication = require(path.join(__appdir, 'lib', 'authentication'))

// ############################################################################
// ###########################  GET requests  #################################

/*
 * @return: Returns a list of all users in the database and their given roles.
 */
router.getAsync('', async (req, res) => {
  const users = await db.user.findAll({ include: ['roles'], order: [['name', 'ASC']] })
  res.status(200).send(users)
})

/*
 * @return: Returns information about a specific user.
 */
router.getAsync('/:id', async (req, res) => {
  const id = req.params.id === 'current' ? req.user.id : req.params.id
  const user = await db.user.findOne({ where: { id } })
  if (user) {
    // Remove the hased password.
    let u = user.dataValues
    delete u.password
    res.status(200).send(u)
  } else {
    res.status(404).end()
  }
})

// ############################################################################
// ##########################  POST requests  #################################

router.postAsync('/:id/roles', async (req, res) => {
  const id = req.params.id === 'current' ? req.user.id : req.params.id
  const user = await db.user.findOne({ where: { id } })
  if (user) {
    if (req.query.delete !== undefined && req.query.delete !== 'false') {
      await user.removeRoles(req.body.ids)
    } else {
      await user.addRoles(req.body.ids)
    }
    res.status(200).end()
  } else {
    res.status(404).end()
  }
})

// Post request for creating new user accounts.
router.post('/', (req, res) => {
  authentication.signup(req, res)
})

// Post request for changing the password.
router.post('/:id/password', (req, res) => {
  authentication.changePassword(req, res)
})

// Post request for chaning the user info. (name, email)
router.post('/:id', (req, res) => {
  if (req.params.id !== 'current') {
    // Check if the user has the permission for chaning those userdata. Else return.
    return res.status(500).end()
  }
  const id = req.params.id === 'current' ? req.user.id : req.params.id

  let email = req.body.email
  if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
  db.user.findOne({ where: { id } }).then(user => {
    user.update({
      name: req.body.name,
      email
    }).then(() => {
      res.send(200)
    })
  })
})

router.delete('/:id/', (req, res) => {
  // Check if the user has the permission for chaning those userdata. Else return.
  if (req.params.id !== 'current') {
    return res.status(500).end()
  }
  const id = req.params.id === 'current' ? req.user.id : req.params.id

  // Every user can delete his own account.
  db.user.destroy({ where: { id } }).then(() => {
    res.status(200).end()
  })
})

// ############################################################################
// ############################################################################

module.exports.router = router