OneCommunityGlobal · one-community · Jun 29, 2024 · Jul 11, 2023 · Mar 27, 2024 · Mar 27, 2024
diff --git a/package-lock.json b/package-lock.json
diff --git a/requirements/logincontroller/getUser-usecase.md b/requirements/logincontroller/getUser-usecase.md
@@ -0,0 +1,9 @@
+Check mark: ✅
+Cross Mark: ❌
+
+# GetUser 
+
+> ## Positive case
+
+1. ❌ Receives a POST request in the **/api/userProfile** route
+2. ✅ Returns **200**, with the requestor body
diff --git a/requirements/logincontroller/login-usecase.md b/requirements/logincontroller/login-usecase.md
@@ -0,0 +1,21 @@
+Check mark: ✅
+Cross Mark: ❌
+
+# login 
+
+> ## Positive case
+
+1. ❌ Receives a POST request in the **/api/userProfile** route
+2. ✅  Returns 200, if the user is a new user and there is a password match
+3. ✅  Returns 200, if the user already exists and the password is a match
+
+## Negative case
+
+1. ✅ Returns error 400 if there is no email or password
+2. ✅ Returns error 403 if there is no user
+3. ✅ Returns error 403 if the user exists but is not active
+4. ✅ Returns error 403 if the password is not a match and if the user already exists - in progress
+
+## Edge case
+
+1. ✅ Returns the error if the try block fails - in progress
diff --git a/src/controllers/badgeController.js b/src/controllers/badgeController.js
@@ -13,12 +13,21 @@ const badgeController = function (Badge) {
   const cache = cacheClosure();
 
   const getAllBadges = async function (req, res) {
-    console.log(req.body.requestor);
-    if (!(await helper.hasPermission(req.body.requestor, 'seeBadges'))) {
-      console.log('in if statement');
+    console.log(req.body.requestor);  // Retain logging from development branch for debugging
+
+    // Check if the user has any of the following permissions
+    if (
+      !(await helper.hasPermission(req.body.requestor, 'seeBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'assignBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'createBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'updateBadges')) &&
+      !(await helper.hasPermission(req.body.requestor, 'deleteBadges'))
+    ) {
+      console.log('in if statement');  // Retain logging from development branch for debugging
       res.status(403).send('You are not authorized to view all badge data.');
       return;
     }
+
     // Add cache to reduce database query and optimize performance
     if (cache.hasCache('allBadges')) {
       res.status(200).send(cache.getCache('allBadges'));

diff --git a/src/controllers/logincontroller.js b/src/controllers/logincontroller.js
@@ -23,7 +23,10 @@ const logincontroller = function () {
       if (!user) {
         res.status(403).send({ message: 'Username not found.' });
       } else if (user.isActive === false) {
-        res.status(403).send({ message: 'Sorry, this account is no longer active. If you feel this is in error, please contact your Manager and/or Administrator.' });
+        res.status(403).send({
+          message:
+            'Sorry, this account is no longer active. If you feel this is in error, please contact your Manager and/or Administrator.',
+        });
       } else {
         let isPasswordMatch = false;
         let isNewUser = false;
@@ -34,42 +37,42 @@ const logincontroller = function () {
         isPasswordMatch = await bcrypt.compare(_password, user.password);
 
         if (!isPasswordMatch && user.resetPwd !== '') {
-          isPasswordMatch = (_password === user.resetPwd);
+          isPasswordMatch = _password === user.resetPwd;
           isNewUser = true;
         }
 
-      if (isNewUser && isPasswordMatch) {
-        const result = {
-          new: true,
-          userId: user._id,
-        };
-        res.status(200).send(result);
-      } else if (isPasswordMatch && !isNewUser) {
-        const jwtPayload = {
-          userid: user._id,
-          role: user.role,
-          permissions: user.permissions,
-          access: {
-            canAccessBMPortal: false,
-          },
-          email: user.email,
-          expiryTimestamp: moment().add(config.TOKEN.Lifetime, config.TOKEN.Units),
-        };
+        if (isNewUser && isPasswordMatch) {
+          const result = {
+            new: true,
+            userId: user._id,
+          };
+          res.status(200).send(result);
+        } else if (isPasswordMatch && !isNewUser) {
+          const jwtPayload = {
+            userid: user._id,
+            role: user.role,
+            permissions: user.permissions,
+            access: {
+              canAccessBMPortal: false,
+            },
+            email: user.email,
+            expiryTimestamp: moment().add(config.TOKEN.Lifetime, config.TOKEN.Units),
+          };
 
-        const token = jwt.sign(jwtPayload, JWT_SECRET);
+          const token = jwt.sign(jwtPayload, JWT_SECRET);
 
-        res.status(200).send({ token });
-      } else {
-        res.status(403).send({
-          message: 'Invalid password.',
-        });
-      }
+          res.status(200).send({ token });
+        } else {
+          res.status(403).send({
+            message: 'Invalid password.',
+          });
+        }
       }
-        } catch (err) {
-    console.log(err);
-    res.json(err);
-  }
-};
+    } catch (err) {
+      console.log(err);
+      res.json(err);
+    }
+  };
 
   const getUser = function (req, res) {
     const { requestor } = req.body;
@@ -78,7 +81,6 @@ const logincontroller = function () {
   };
 
   return {
-
     login,
     getUser,
   };