codeuino · devesh-verma · Jun 14, 2020 · Jun 4, 2020 · Jun 12, 2020
diff --git a/app/controllers/comment.js b/app/controllers/comment.js
@@ -1,6 +1,7 @@
 const HANDLER = require('../utils/response-helper')
 const HttpStatus = require('http-status-codes')
 const CommentModel = require('../models/Comment')
+const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
 
 module.exports = {
@@ -22,14 +23,13 @@ module.exports = {
   // DELETE COMMENT
   delete: async (req, res, next) => {
     const { id } = req.params
-    const userId = req.user.id.toString()
     try {
       const comment = await CommentModel.findById(id)
       if (!comment) {
         return res.status(HttpStatus.NOT_FOUND).json({ error: 'No comment exist' })
       }
       // Add rights for admins and moderators as well (TODO)
-      if (JSON.stringify(comment.userId) !== JSON.stringify(userId)) {
+      if (!permission.check(req, res, comment.userId)) {
         return res.status(HttpStatus.FORBIDDEN).json({ message: 'Bad delete request' })
       }
       await CommentModel.findByIdAndRemove(id)
@@ -42,7 +42,6 @@ module.exports = {
   // UPDATE COMMENT
   update: async (req, res, next) => {
     const { id } = req.params
-    const userId = req.user.id.toString()
     const updates = Object.keys(req.body)
     const valid = ['content']
     const isValidOperation = updates.every((update) => {
@@ -57,7 +56,7 @@ module.exports = {
         return res.status(HttpStatus.NOT_FOUND).json({ error: 'No comment exist' })
       }
       // also add admin or moderator control (TODO)
-      if (JSON.stringify(comment.userId) !== JSON.stringify(userId)) {
+      if (!permission.check(req, res, comment.userId)) {
         return res.status(HttpStatus.BAD_REQUEST).json({ error: 'Wrong update' })
       }
       updates.forEach(update => {

diff --git a/app/controllers/event.js b/app/controllers/event.js
@@ -1,6 +1,7 @@
 const Event = require('../models/Event')
 const HANDLER = require('../utils/response-helper')
 const HttpStatus = require('http-status-codes')
+const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
 
 module.exports = {
@@ -23,6 +24,7 @@ module.exports = {
       if (!event) {
         return res.status(HttpStatus.BAD_REQUEST).json({ message: 'No post exists' })
       }
+      // check for permission (TODO AFTER PREVIOUS PR MERGED)
       updates.forEach(update => {
         event[update] = req.body[update]
       })
@@ -114,8 +116,11 @@ module.exports = {
       if (!deleteEvent) {
         return res.status(HttpStatus.NOT_FOUND).json({ message: 'No Event exists' })
       }
-      await Event.findByIdAndRemove(id)
-      res.status(HttpStatus.OK).json({ deleteEvent: deleteEvent, message: 'Deleted the event' })
+      if (permission.check(req, res, deleteEvent.createdBy)) {
+        await Event.findByIdAndRemove(id)
+        return res.status(HttpStatus.OK).json({ deleteEvent: deleteEvent, message: 'Deleted the event' })
+      }
+      return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'Not permitted!' })
     } catch (error) {
       HANDLER.handleError(res, error)
     }

diff --git a/app/controllers/organization.js b/app/controllers/organization.js
@@ -2,6 +2,10 @@ const Organization = require('../models/Organisation')
 const HANDLER = require('../utils/response-helper')
 const HttpStatus = require('http-status-codes')
 const helper = require('../utils/uploader')
+const User = require('../models/User')
+const Project = require('../models/Project')
+const Event = require('../models/Event')
+const permission = require('../utils/permission')
 
 module.exports = {
   createOrganization: async (req, res, next) => {
@@ -20,7 +24,7 @@ module.exports = {
   updateOrgDetails: async (req, res, next) => {
     const { id } = req.params
     const updates = Object.keys(req.body)
-    const allowedUpdates = ['name', 'description', 'contactInfo', 'image', 'adminInfo', 'moderatorInfo']
+    const allowedUpdates = ['name', 'description', 'contactInfo', 'image', 'imgUrl', 'adminInfo', 'moderatorInfo']
     const isValidOperation = updates.every((update) => {
       return allowedUpdates.includes(update)
     })
@@ -30,6 +34,10 @@ module.exports = {
     }
     try {
       const org = await Organization.findById(id)
+      // check for permission (ONLY ADMINS CAN UPDATE)
+      if (!permission.check(req, res)) {
+        return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'You don\'t have the permission' })
+      }
       updates.forEach(update => {
         org[update] = req.body[update]
       })
@@ -46,11 +54,11 @@ module.exports = {
   getOrgDetailsById: async (req, res, next) => {
     const { id } = req.params
     try {
-      const orgData = await Organization
-        .findById(id)
+      const orgData = await Organization.findById(id)
         .populate('adminInfo', ['name.firstName', 'name.lastName', 'email', 'isAdmin'])
         .populate('moderatorInfo', ['name.firstName', 'name.lastName', 'email', 'isAdmin'])
         .sort({ createdAt: -1 })
+        .lean()
         .exec()
       if (!orgData) {
         return res.status(HttpStatus.NOT_FOUND).json({ error: 'No such organization exists!' })
@@ -68,7 +76,11 @@ module.exports = {
       if (!org) {
         return res.status(HttpStatus.NOT_FOUND).json({ error: 'No such organization exists!' })
       }
-      res.status(HttpStatus.OK).json({ organization: org })
+      // check for permission
+      if (!permission.check(req, res)) {
+        return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'You don\'t have the permission!' })
+      }
+      return res.status(HttpStatus.OK).json({ organization: org })
     } catch (error) {
       HANDLER.handleError(res, error)
     }
@@ -83,7 +95,7 @@ module.exports = {
       }
       org.isArchived = true
       await org.save()
-      res.status(HttpStatus.OK).json({ organization: org })
+      return res.status(HttpStatus.OK).json({ organization: org })
     } catch (error) {
       HANDLER.handleError(res, error)
     }
@@ -157,5 +169,51 @@ module.exports = {
     } catch (error) {
       HANDLER.handleError(res, error)
     }
+  },
+  getOrgOverView: async (req, res, next) => {
+    const orgOverView = {}
+    try {
+      const org = await Organization.find({})
+      if (!org) {
+        return res.status(HttpStatus.NOT_FOUND).json({ msg: 'No org exists!' })
+      }
+      orgOverView.admins = org[0].adminInfo.length
+      orgOverView.members = await User.find({}).lean().count()
+      orgOverView.projects = await Project.find({}).lean().count()
+      orgOverView.events = await Event.find({}).lean().count()
+      return res.status(HttpStatus.OK).json({ orgOverView })
+    } catch (error) {
+      HANDLER.handleError(res, error)
+    }
+  },
+  // SEARCH FUNCTIONALITY
+  getMembers: async (req, res, next) => {
+    try {
+      const { search } = req.query
+      if (search) {
+        const regex = search.split(' ')
+        const member = await User.find({ $or: [{ 'name.firstName': regex }, { 'name.lastName': regex }] })
+          .select('name email isAdmin info.about.designation')
+          .lean()
+          .sort({ createdAt: -1 })
+          .exec()
+        if (!member) {
+          return res.status(HttpStatus.OK).json({ msg: 'Member not found!' })
+        }
+        return res.status(HttpStatus.OK).json({ member })
+      } else {
+        const members = await User.find({})
+          .select('name email isAdmin info.about.designation')
+          .lean()
+          .sort({ createdAt: -1 })
+          .exec()
+        if (members.length === 0) {
+          return res.status(HttpStatus.OK).json({ msg: 'No members joined yet!' })
+        }
+        return res.status(HttpStatus.OK).json({ members })
+      }
+    } catch (error) {
+      HANDLER.handleError(res, error)
+    }
   }
 }
diff --git a/app/controllers/post.js b/app/controllers/post.js
@@ -3,6 +3,7 @@ const UserModel = require('../models/User')
 const HANDLER = require('../utils/response-helper')
 const HttpStatus = require('http-status-codes')
 const imgUploadHelper = require('../utils/uploader')
+const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
 
 module.exports = {
@@ -25,15 +26,13 @@ module.exports = {
   // DELETE POST
   delete: async (req, res, next) => {
     const { id } = req.params
-    const userId = req.user.id.toString()
     try {
       const post = await PostModel.findById(id)
       if (!post) {
         return res.status(HttpStatus.NOT_FOUND).json({ message: 'No post exists' })
       }
-      // TODO ADD ADMIN RIGHTS AS WELL
-      if (JSON.stringify(userId) !== JSON.stringify(post.userId)) {
-        return res.status(HttpStatus.FORBIDDEN).json({ message: 'Bad delete request' })
+      if (!permission.check(req, res, post.userId)) {
+        return res.status(HttpStatus.BAD_REQUEST).json({ message: 'Bad delete request' })
       }
       await PostModel.findByIdAndRemove(id)
       res.status(HttpStatus.OK).json({ post: post, msg: 'Deleted!' })
@@ -47,7 +46,6 @@ module.exports = {
     const { id } = req.params
     const updates = Object.keys(req.body)
     const allowedUpdates = ['content', 'imgUrl']
-    const userId = req.user.id.toString()
     const isValidOperation = updates.every((update) => {
       return allowedUpdates.includes(update)
     })
@@ -60,7 +58,7 @@ module.exports = {
       if (!post) {
         return res.status(HttpStatus.BAD_REQUEST).json({ message: 'No post exists' })
       }
-      if (JSON.stringify(userId) !== JSON.stringify(post.userId)) {
+      if (!permission.check(req, res, post.userId)) {
         return res.status(HttpStatus.FORBIDDEN).json({ message: 'Bad update request' })
       }
       updates.forEach(update => {

diff --git a/app/controllers/project.js b/app/controllers/project.js
@@ -2,6 +2,7 @@ const Project = require('../models/Project')
 const HANDLER = require('../utils/response-helper')
 const HttpStatus = require('http-status-codes')
 const helper = require('../utils/paginate')
+const permission = require('../utils/permission')
 
 module.exports = {
   createProject: async (req, res, next) => {
@@ -83,10 +84,11 @@ module.exports = {
         return res.status(HttpStatus.NOT_FOUND).json({ msg: 'No such project exits!' })
       }
       // check if admin or user who created this project
-      if (project.createdBy === req.user._id.toString() || req.user.isAdmin === true) {
+      if (permission.check(req, res, project.createdBy)) {
         await Project.findByIdAndRemove(id)
         return res.status(HttpStatus.OK).json({ msg: 'Project deleted!' })
       }
+      return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'Not permitted!' })
     } catch (error) {
       HANDLER.handleError(res, error)
     }