Added suspension mechanism.

2022-04-07 17:56:04 -05:00
parent 2e8ba9c5b1
commit eb4e4b2444
5 changed files with 107 additions and 40 deletions
--- a/sports-matcher/server/controllers/userController.js
+++ b/sports-matcher/server/controllers/userController.js
@@ -1,5 +1,6 @@
 import express from "express";
-import { requireAuthenticated } from "../middleware/authority.js";
+import validator from "validator";
+import { requireAdmin, requireAuthenticated } from "../middleware/authority.js";
 import { needDatabase } from "../middleware/database.js";
 import userModel from "../schemas/userModel.js";
 import User from "../schemas/userModel.js";
@@ -67,50 +68,85 @@ UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res)
    res.status(200).send(user);
 });

+
 UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
-    let user = null;
-    if (req.params.id) {
-        if (req.user.accessLevel > 2) {
-            user = await userModel.findById(req.params.id);
+    try {
+        let user = null;
+        if (req.params.id) {
+            if (req.user.accessLevel > 2) {
+                user = await userModel.findById(req.params.id);
+            } else {
+                res.status(401).send("Unauthorized.");
+                return;
+            }
        } else {
-            res.status(401).send("Unauthorized.");
+            user = req.user;
+        }
+        if (req.body._id) {
+            res.status(400).send("Cannot change user ID.");
            return;
        }
-    } else {
-        user = req.user;
-    }
-    if (req.body._id) {
-        res.status(400).send("Cannot change user ID.");
-        return;
-    }

-    if (req.body.createdMatches) {
-        res.status(400).send("Cannot directly change the list of created matches.");
-        return;
-    }
+        if (req.body.createdMatches) {
+            res.status(400).send("Cannot directly change the list of created matches.");
+            return;
+        }

-    if (req.body.password) {
-        res.status(400).send("Cannot directly change user password.");
-        return;
-    }
+        if (req.body.password) {
+            res.status(400).send("Cannot directly change user password.");
+            return;
+        }

-    if (req.body.participatingMatches) {
-        res.status(400).send("Cannot directly change the list of participating matches.");
-        return;
-    }
+        if (req.body.participatingMatches) {
+            res.status(400).send("Cannot directly change the list of participating matches.");
+            return;
+        }

-    if (req.body.joinDate) {
-        res.status(400).send("Cannot change the join date.");
-        return;
-    }
+        if (req.body.joinDate) {
+            res.status(400).send("Cannot change the join date.");
+            return;
+        }

-    if (req.body.accessLevel && req.user.accessLevel < 3) {
-        res.status(401).send("Unauthorized to change the access level of this user.");
-        return;
-    }
+        if (req.body.accessLevel && req.user.accessLevel < 3) {
+            res.status(401).send("Unauthorized to change the access level of this user.");
+            return;
+        }

-    await user.updateOne(req.body);
-    res.status(200).send("Updated.");
+        if (req.body.suspend && req.user.accessLevel < 3) {
+            res.status(401).send("Unauthorized to change the accounts disabled date. ");
+            return;
+        }
+
+        await user.updateOne(req.body);
+        res.status(200).send("Updated.");
+    } catch (error) {
+        console.error(error);
+        res.status(500).send("Internal server error");
+    }
+});
+
+UserController.get("/all/active", requireAdmin, async (req, res) => {
+    try {
+        if (req.user.accessLevel < 3) {
+            res.status(401).send("You do not have the required privileges.");
+            return;
+        }
+        let res = await userModel.find().where("suspend").lt(Date.now);
+        res.status(200).send({ all: res });
+    } catch (error) {
+        console.error(error);
+        res.status(500).send("Internal server error");
+    }
+});
+
+UserController.get("/all/suspended", requireAuthenticated, async (req, res) => {
+    try {
+        let res = await userModel.find().where("suspend").gte(Date.now);
+        res.status(200).send({ suspended: res });
+    } catch (error) {
+        console.error(error);
+        res.status(500).send("Internal server error");
+    }
 });

 /* TODO: Implement middleware for removing users.
@@ -136,13 +172,15 @@ UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, r

 UserController.post("/", needDatabase, async (req, res) => {
    try {
-        let createdUser = new User({
+        const data = {
            email: req.body.email,
            firstName: req.body.firstName,
            lastName: req.body.lastName,
            phone: req.body.phone,
            password: req.body.password,
-        });
+        };
+
+        let createdUser = new User(data);
        await createdUser.save();
        res.sendStatus(201);
        return;