/* global __appdir */ var path = require('path') var db = require(path.join(__appdir, 'lib', 'sequelize')) var express = require('express') const { decorateApp } = require('@awaitjs/express') var router = decorateApp(express.Router()) var authentication = require(path.join(__appdir, 'lib', 'authentication')) // ############################################################################ // ########################### GET requests ################################# /* * @return: Returns a list of all users in the database and their given roles. */ router.getAsync('', async (req, res) => { const users = await db.user.findAll({ include: ['roles'], order: [['name', 'ASC']] }) // Remove passwords await users.forEach(x => { x = x.dataValues delete x.password }) res.status(200).send(users) }) /* * @return: Returns information about a specific user. */ router.getAsync('/:id', async (req, res) => { const id = req.params.id === 'current' ? req.user.id : req.params.id const user = await db.user.findOne({ where: { id } }) if (user) { // Remove the hased password. let u = user.dataValues delete u.password res.status(200).send(u) } else { res.status(404).end() } }) // ############################################################################ // ########################## POST requests ################################# // Post request for adding roles to users. router.postAsync('/:id/roles', async (req, res) => { if (!await req.user.hasPermission('permissions.grantrevoke')) { res.status(403).end() } const id = req.params.id === 'current' ? req.user.id : req.params.id const user = await db.user.findOne({ where: { id } }) if (user) { if (req.query.delete !== undefined && req.query.delete !== 'false') { await user.removeRoles(req.body.ids) } else { await user.addRoles(req.body.ids) } res.status(200).end() } else { res.status(404).end() } }) // Post request for creating new user accounts. router.postAsync(['/', '/:id'], async (req, res) => { if (req.query.delete !== undefined && req.query.delete !== 'false') { const count = await db.user.destroy({ where: { id: req.body.ids } }) res.status(200).send({ count }) } else { if (req.params.id === undefined) return authentication.signup(req, res) else { let user user = await db.user.findOne({ where: { id: req.params.id } }) if (user) await user.update(req.body) res.status(200).end() } } }) // Post request for changing the password. router.post('/:id/password', (req, res) => { authentication.changePassword(req, res) }) // Post request for chaning the user info. (name, email) router.post('/:id', (req, res) => { if (req.params.id !== 'current') { // Check if the user has the permission for chaning those userdata. Else return. return res.status(500).end() } const id = req.params.id === 'current' ? req.user.id : req.params.id let email = req.body.email if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' }) db.user.findOne({ where: { id } }).then(user => { user.update({ name: req.body.name, email }).then(() => { res.send(200) }) }) }) // Function for deleting a single user router.delete('/:id/', (req, res) => { // Check if the user has the permission for chaning those userdata. Else return. if (req.params.id !== 'current') { return res.status(500).end() } const id = req.params.id === 'current' ? req.user.id : req.params.id // Every user can delete his own account. db.user.destroy({ where: { id } }).then(() => { res.status(200).end() }) }) // ############################################################################ // ############################################################################ module.exports.router = router