diff --git a/src/controllers/bmdashboard/bmNewLessonController.js b/src/controllers/bmdashboard/bmNewLessonController.js deleted file mode 100644 index 049c79222..000000000 --- a/src/controllers/bmdashboard/bmNewLessonController.js +++ /dev/null @@ -1,27 +0,0 @@ -const mongoose = require('mongoose'); - -const bmNewLessonController = function (BuildingNewLesson) { - const bmGetLessonList = async (req, res) => { - try { - BuildingNewLesson - .find() - .populate() - .then(result => res.status(200).send(result)) - .catch(error => res.status(500).send(error)); - } catch (err) { - res.json(err); - } - }; - const bmPostLessonList = async (req, res) => { - try { - const newLesson = BuildingNewLesson.create(req.body) - .then(result => res.status(201).send(result)) - .catch(error => res.status(500).send(error)); - } catch (err) { - res.json(err); - } - }; - return { bmPostLessonList, bmGetLessonList }; -}; - -module.exports = bmNewLessonController; diff --git a/src/controllers/userProfileController.js b/src/controllers/userProfileController.js index 52da2c3c1..c86d4c139 100644 --- a/src/controllers/userProfileController.js +++ b/src/controllers/userProfileController.js @@ -2,7 +2,7 @@ const moment = require('moment-timezone'); const mongoose = require('mongoose'); const bcrypt = require('bcryptjs'); -const fetch = require('node-fetch'); +const fetch = require("node-fetch"); const moment_ = require('moment'); const jwt = require('jsonwebtoken'); @@ -111,6 +111,7 @@ const userProfileController = function (UserProfile) { }; const postUserProfile = async function (req, res) { + if (!await hasPermission(req.body.requestor, 'postUserProfile')) { res.status(403).send('You are not authorized to create new users'); return; @@ -141,12 +142,12 @@ const userProfileController = function (UserProfile) { // In dev environment, if newly created user is Owner or Administrator, make fetch request to Beta login route with actualEmail and actual Password if (process.env.dbName === 'hgnData_dev') { if (req.body.role === 'Owner' || req.body.role === 'Administrator') { - const email = req.body.actualEmail; - const password = req.body.actualPassword; - const url = 'https://hgn-rest-beta.azurewebsites.net/api/'; + const email = req.body.actualEmail + const password = req.body.actualPassword + const url = "https://hgn-rest-beta.azurewebsites.net/api/" try { // Log in to Beta login route using provided credentials - const response = await fetch(`${url}login`, { + const response = await fetch(url + 'login', { method: 'POST', headers: { 'Content-Type': 'application/json', @@ -275,6 +276,14 @@ const userProfileController = function (UserProfile) { return; } + const canEditTeamCode = req.body.requestor.role === 'Owner' + || req.body.requestor.role === 'Administrator' + || req.body.requestor.permissions?.frontPermissions.includes('editTeamCode'); + + if (!canEditTeamCode) { + res.status(403).send('You are not authorized to edit team code.'); + return; + } if (req.body.role === 'Owner' && !await hasPermission(req.body.requestor, 'addDeleteEditOwners')) { res.status(403).send('You are not authorized to update this user'); @@ -298,15 +307,6 @@ const userProfileController = function (UserProfile) { } } - const canEditTeamCode = req.body.requestor.role === 'Owner' - || req.body.requestor.role === 'Administrator' - || req.body.requestor.permissions?.frontPermissions.includes('editTeamCode'); - - if (!canEditTeamCode && record.teamCode !== req.body.teamCode) { - res.status(403).send('You are not authorized to edit team code.'); - return; - } - const originalinfringements = record.infringements ? record.infringements : []; @@ -890,7 +890,7 @@ const userProfileController = function (UserProfile) { const currentRefreshToken = jwt.sign(jwtPayload, JWT_SECRET); res.status(200).send({ refreshToken: currentRefreshToken }); }; - + return { postUserProfile, getUserProfiles, diff --git a/src/models/bmdashboard/buildingInventoryItem.js b/src/models/bmdashboard/buildingInventoryItem.js index ba89fa026..fdcfde3dd 100644 --- a/src/models/bmdashboard/buildingInventoryItem.js +++ b/src/models/bmdashboard/buildingInventoryItem.js @@ -17,6 +17,7 @@ const smallItemBaseSchema = mongoose.Schema({ // TODO: can stockAvailable default be a function? stockAvailable: { type: Number, default: 0 }, // available = bought - (used + wasted/destroyed) purchaseRecord: [{ + _id: false, // do not add _id field to subdocument date: { type: Date, default: Date.now() }, requestedBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, quantity: { type: Number, required: true, default: 1 }, // default 1 for tool or equipment purchases @@ -25,6 +26,7 @@ const smallItemBaseSchema = mongoose.Schema({ status: { type: String, default: 'Pending', enum: ['Approved', 'Pending', 'Rejected'] }, }], updateRecord: [{ + _id: false, date: { type: Date, required: true }, createdBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, quantityUsed: { type: Number, required: true }, @@ -47,6 +49,7 @@ const largeItemBaseSchema = mongoose.Schema({ rentalDueDate: { type: Date, required: () => this.purchaseStatus === 'Rental' }, imageUrl: String, purchaseRecord: [{ + _id: false, // do not add _id field to subdocument date: { type: Date, default: Date.now() }, requestedBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, priority: { type: String, enum: ['Low', 'Medium', 'High'], required: true }, @@ -55,11 +58,13 @@ const largeItemBaseSchema = mongoose.Schema({ status: { type: String, default: 'Pending', enum: ['Approved', 'Pending', 'Rejected'] }, }], updateRecord: [{ // track tool condition updates + _id: false, date: { type: Date, default: Date.now() }, createdBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, condition: { type: String, enum: ['Good', 'Needs Repair', 'Out of Order'] }, }], logRecord: [{ // track tool daily check in/out and responsible user + _id: false, date: { type: Date, default: Date.now() }, createdBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, responsibleUser: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, diff --git a/src/models/bmdashboard/buildingMaterial.js b/src/models/bmdashboard/buildingMaterial.js index 5dae11ee3..bc86884ed 100644 --- a/src/models/bmdashboard/buildingMaterial.js +++ b/src/models/bmdashboard/buildingMaterial.js @@ -10,6 +10,7 @@ const buildingMaterial = new Schema({ stockWasted: { type: Number, default: 0 }, // total amount of item wasted/ruined/lost in the project stockAvailable: { type: Number, default: 0 }, // bought - (used + wasted) purchaseRecord: [{ + _id: false, // do not add _id field to subdocument date: { type: Date, default: Date.now() }, requestedBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, quantity: { type: Number, required: true }, @@ -18,6 +19,7 @@ const buildingMaterial = new Schema({ status: { type: String, default: 'Pending', enum: ['Approved', 'Pending', 'Rejected'] }, }], updateRecord: [{ + _id: false, date: { type: Date, required: true }, createdBy: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile' }, quantityUsed: { type: Number, required: true }, diff --git a/src/models/bmdashboard/buildingNewLesson.js b/src/models/bmdashboard/buildingNewLesson.js deleted file mode 100644 index 21bf77fc6..000000000 --- a/src/models/bmdashboard/buildingNewLesson.js +++ /dev/null @@ -1,14 +0,0 @@ -const mongoose = require('mongoose'); - -const { Schema } = mongoose; - -const buildingNewLesson = new Schema({ - title: { type: String, required: true, maxLength: 20 }, - content: { type: String, required: true, maxLength: 500 }, - date: { type: Date, required: true, default: Date.now() }, - author: { type: mongoose.SchemaTypes.ObjectId, ref: 'userProfile', required: true }, - tags: [{ type: String, required: true, maxLength: 10 }], - relatedProject: { type: mongoose.SchemaTypes.ObjectId, ref: 'buildingProject', required: true }, -}); - -module.exports = mongoose.model('buildingNewLesson', buildingNewLesson, 'buildingNewLessons'); diff --git a/src/routes/bmdashboard/bmNewLessonRouter.js b/src/routes/bmdashboard/bmNewLessonRouter.js deleted file mode 100644 index b1cf3fb85..000000000 --- a/src/routes/bmdashboard/bmNewLessonRouter.js +++ /dev/null @@ -1,15 +0,0 @@ -const express = require('express'); - -const routes = function (buildingNewLesson) { - const NewLessonRouter = express.Router(); - const controller = require('../../controllers/bmdashboard/bmNewLessonController')(buildingNewLesson); - - // having GET request just for testing: - NewLessonRouter.route('/lessons') - .get(controller.bmGetLessonList); - - NewLessonRouter.route('/lessons/new') - .post(controller.bmPostLessonList); - return NewLessonRouter; -}; -module.exports = routes; diff --git a/src/startup/routes.js b/src/startup/routes.js index 4701a9f61..492e455cd 100644 --- a/src/startup/routes.js +++ b/src/startup/routes.js @@ -24,7 +24,6 @@ const mouseoverText = require('../models/mouseoverText'); // const inventoryItemMaterial = require('../models/inventoryItemMaterial'); const mapLocations = require('../models/mapLocation'); const buildingProject = require('../models/bmdashboard/buildingProject'); -const buildingNewLesson = require('../models/bmdashboard/buildingNewLesson'); // const buildingMaterial = require('../models/bmdashboard/buildingMaterial'); const { invTypeBase, @@ -79,7 +78,6 @@ const mapLocationRouter = require('../routes/mapLocationsRouter')(mapLocations); const bmLoginRouter = require('../routes/bmdashboard/bmLoginRouter')(); const bmMaterialsRouter = require('../routes/bmdashboard/bmMaterialsRouter')(buildingMaterial); const bmProjectRouter = require('../routes/bmdashboard/bmProjectRouter')(buildingProject); -const bmNewLessonRouter = require('../routes/bmdashboard/bmNewLessonRouter')(buildingNewLesson); const bmConsumablesRouter = require('../routes/bmdashboard/bmConsumablesRouter')(buildingConsumable); const bmInventoryTypeRouter = require('../routes/bmdashboard/bmInventoryTypeRouter')(invTypeBase, materialType, consumableType, reusableType, toolType, equipmentType); const bmToolRouter = require('../routes/bmdashboard/bmToolRouter')(buildingTool); @@ -118,8 +116,7 @@ module.exports = function (app) { app.use('/api/bm', bmLoginRouter); app.use('/api/bm', bmMaterialsRouter); app.use('/api/bm', bmProjectRouter); - app.use('/api/bm', bmNewLessonRouter); app.use('/api/bm', bmInventoryTypeRouter); app.use('/api/bm', bmToolRouter); app.use('/api/bm', bmConsumablesRouter); -}; +}; \ No newline at end of file