summaryrefslogblamecommitdiffstats
path: root/server/api/users.js
blob: c5eb8222e73816adc31d4bbaec8b40f4eed22596 (plain) (tree)
1
2
3
4
5
6
7
                     
                          
                                                         


                                                   
                                                                          








                                                                                       





                            









                                                                      



                                 

                         
   




                                                                               
                                          
                                                    


                                                                 












                                                                         
 
                                               








                                                                           










                                                        


                           



                                            




                                                                                                                                                                                                               

  



















                                                                                                                                                              
                                      












                                                                                  

                                                                               
 
                              
/* global __appdir */
var path = require('path')
var db = require(path.join(__appdir, 'lib', 'sequelize'))
var express = require('express')
const { decorateApp } = require('@awaitjs/express')
var router = decorateApp(express.Router())
var authentication = require(path.join(__appdir, 'lib', 'authentication'))

// ############################################################################
// ###########################  GET requests  #################################

/*
 * @return: Returns a list of all users in the database and their given roles.
 */
router.getAsync('', async (req, res) => {
  const users = await db.user.findAll({ include: ['roles'], order: [['name', 'ASC']] })

  // Remove passwords
  await users.forEach(x => {
    x = x.dataValues
    delete x.password
  })
  res.status(200).send(users)
})

/*
 * @return: Returns information about a specific user.
 */
router.getAsync('/:id', async (req, res) => {
  const id = req.params.id === 'current' ? req.user.id : req.params.id
  const user = await db.user.findOne({ where: { id } })
  if (user) {
    // Remove the hased password.
    let u = user.dataValues
    delete u.password
    res.status(200).send(u)
  } else {
    res.status(404).end()
  }
})

// ############################################################################
// ##########################  POST requests  #################################

// Post request for adding roles to users.
router.postAsync('/:id/roles', async (req, res) => {
  if (!await req.user.hasPermission('permissions.grantrevoke')) {
    res.status(403).end()
  }
  const id = req.params.id === 'current' ? req.user.id : req.params.id
  const user = await db.user.findOne({ where: { id } })
  if (user) {
    if (req.query.delete !== undefined && req.query.delete !== 'false') {
      await user.removeRoles(req.body.ids)
    } else {
      await user.addRoles(req.body.ids)
    }
    res.status(200).end()
  } else {
    res.status(404).end()
  }
})

// Post request for creating new user accounts.
router.postAsync(['/', '/:id'], async (req, res) => {
  if (req.query.delete !== undefined && req.query.delete !== 'false') {
    const count = await db.user.destroy({ where: { id: req.body.ids } })
    res.status(200).send({ count })
  } else {
    if (req.params.id === undefined) return authentication.signup(req, res)
    else {
      let user
      user = await db.user.findOne({ where: { id: req.params.id } })
      if (user) {
        await user.update({
          username: req.body.username,
          name: req.body.name,
          email: req.body.email
        })

        if (req.body.password) {
          return authentication.changePassword(req, res)
        }
      }
      res.status(200).end()
    }
  }
})

// Post request for changing the password.
router.post('/:id/password', (req, res) => {
  // Check if passwords are set.
  if (req.body.passwordCurrent && req.body.password) {
    if (req.body.passwordCurrent === req.body.password) return res.status(500).send({ auth: false, status: 'PASSWORD_ERROR', error_message: 'The provided password must be different than the old password.' })
    return authentication.changePassword(req, res)
  } else res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This service requires the current and the new password.' })
})

// Post request for chaning the user info. (name, email)
router.post('/:id', (req, res) => {
  if (req.params.id !== 'current') {
    // Check if the user has the permission for chaning those userdata. Else return.
    return res.status(500).end()
  }
  const id = req.params.id === 'current' ? req.user.id : req.params.id

  let email = req.body.email
  if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
  db.user.findOne({ where: { id } }).then(user => {
    user.update({
      name: req.body.name,
      email
    }).then(() => {
      res.send(200)
    })
  })
})

// Function for deleting a single user
router.delete('/:id/', (req, res) => {
  // Check if the user has the permission for chaning those userdata. Else return.
  if (req.params.id !== 'current') {
    return res.status(500).end()
  }
  const id = req.params.id === 'current' ? req.user.id : req.params.id

  // Every user can delete his own account.
  db.user.destroy({ where: { id } }).then(() => {
    res.status(200).end()
  })
})

// ############################################################################
// ############################################################################

module.exports.router = router