ojn03/feat-updateUser (#12)

chromium-52 · kimharr24 · chromium-52 · commit 2c17a6bd2c58 · 2023-10-31T14:47:11.000+09:00
* feat: completed updateUser endpoint resolves #5 * style: used strict comparison operators and modified error messages * added error handling for objectID * feat: added input validation to UpdateUserDTO * fix: applied suggestions from PR review * fix: added domain specific URL validators for DTO * fix: converted ObjectId primary column to numbers and finalized PR suggestions * fix: strict equality and https restricted protocol --------- Co-authored-by: Harrison Kim <kim.harr@northeastern.edu>
diff --git a/apps/backend/src/users/types.ts b/apps/backend/src/users/types.ts
@@ -1,4 +1,33 @@
+// TODO: Probably want these types to be available to both the frontend and backend in a "common" folder
 export enum Status {
-  ADMIN = 'ADMIN',
-  STANDARD = 'STANDARD',
+  MEMBER = 'Member',
+  RECRUITER = 'Recruiter',
+  ADMIN = 'Admin',
+  ALUMNI = 'Alumni',
+  APPLICANT = 'Applicant',
+}
+
+export enum Team {
+  SFTT = 'Speak For The Trees',
+  CONSTELLATION = 'Constellation',
+  JPAL = 'J-PAL',
+  BREAKTIME = 'Breaktime',
+  GI = 'Green Infrastructure',
+  CI = 'Core Infrastructure',
+  EBOARD = 'E-Board',
+}
+
+export enum Role {
+  DIRECTOR_OF_ENGINEERING = 'Director of Engineering',
+  DIRECTOR_OF_PRODUCT = 'Director of Product',
+  DIRECTOR_OF_FINANCE = 'Director of Finance',
+  DIRECTOR_OF_MARKETING = 'Director of Marketing',
+  DIRECTOR_OF_RECRUITMENT = 'Director of Recruitment',
+  DIRECTOR_OF_OPERATIONS = 'Director of Operations',
+  DIRECTOR_OF_EVENTS = 'Director of Events',
+  DIRECTOR_OF_DESIGN = 'Director of Design',
+  PRODUCT_MANAGER = 'Product Manager',
+  PRODUCT_DESIGNER = 'Product Designer',
+  TECH_LEAD = 'Technical Lead',
+  DEVELOPER = 'Developer',
 }
diff --git a/apps/backend/src/users/update-user.dto.ts b/apps/backend/src/users/update-user.dto.ts
@@ -0,0 +1,50 @@
+import { Status, Role, Team } from './types';
+import {
+  IsEmail,
+  IsOptional,
+  IsEnum,
+  IsArray,
+  ArrayMinSize,
+  ArrayUnique,
+  IsUrl,
+} from 'class-validator';
+
+export class UpdateUserDTO {
+  @IsOptional()
+  @IsEnum(Status)
+  status?: Status;
+
+  @IsOptional()
+  @IsEmail()
+  email?: string;
+
+  @IsOptional()
+  profilePicture?: string;
+
+  @IsOptional()
+  @IsUrl({
+    protocols: ['https'],
+    require_protocol: true,
+    host_whitelist: ['www.linkedin.com'],
+  })
+  linkedin?: string;
+
+  @IsOptional()
+  @IsUrl({
+    protocols: ['https'],
+    require_protocol: true,
+    host_whitelist: ['github.com'],
+  })
+  github?: string;
+
+  @IsOptional()
+  @IsEnum(Team)
+  team?: Team;
+
+  @IsOptional()
+  @IsArray()
+  @ArrayMinSize(1)
+  @ArrayUnique()
+  @IsEnum(Role, { each: true })
+  role?: Role[];
+}
diff --git a/apps/backend/src/users/user.entity.ts b/apps/backend/src/users/user.entity.ts
@@ -1,14 +1,13 @@
-import { Entity, Column, ObjectIdColumn, ObjectId } from 'typeorm';
-
-import type { Status } from './types';
+import { Entity, Column } from 'typeorm';
+import { Status, Role, Team } from './types';
 
 @Entity()
 export class User {
-  @ObjectIdColumn()
-  _id: ObjectId;
+  // @ObjectIdColumn()
+  // _id: ObjectId;
 
   @Column({ primary: true })
-  id: number;
+  userId: number;
 
   @Column()
   status: Status;
@@ -21,4 +20,19 @@ export class User {
 
   @Column()
   email: string;
+
+  @Column()
+  profilePicture: string | null;
+
+  @Column()
+  linkedin: string | null;
+
+  @Column()
+  github: string | null;
+
+  @Column()
+  team: Team | null;
+
+  @Column()
+  role: Role[] | null;
 }
diff --git a/apps/backend/src/users/users.controller.ts b/apps/backend/src/users/users.controller.ts
@@ -1,16 +1,19 @@
 import {
+  Body,
   Controller,
   Delete,
   Get,
   Param,
   ParseIntPipe,
   UseGuards,
   UseInterceptors,
+  Patch,
 } from '@nestjs/common';
 import { UsersService } from './users.service';
 import { AuthGuard } from '@nestjs/passport';
 import { User } from './user.entity';
 import { CurrentUserInterceptor } from '../interceptors/current-user.interceptor';
+import { UpdateUserDTO } from './update-user.dto';
 
 @Controller('users')
 @UseInterceptors(CurrentUserInterceptor)
@@ -27,4 +30,12 @@ export class UsersController {
   removeUser(@Param('id') id: string) {
     return this.usersService.remove(parseInt(id));
   }
+
+  @Patch(':userId')
+  async updateUser(
+    @Body() updateUserDTO: UpdateUserDTO,
+    @Param('userId', ParseIntPipe) userId: number,
+  ): Promise<User> {
+    return this.usersService.updateUser(updateUserDTO, userId);
+  }
 }
diff --git a/apps/backend/src/users/users.service.ts b/apps/backend/src/users/users.service.ts
@@ -1,37 +1,118 @@
-import { Injectable, NotFoundException } from '@nestjs/common';
+import {
+  Injectable,
+  BadRequestException,
+  UnauthorizedException,
+  NotFoundException,
+} from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-
+import { MongoRepository } from 'typeorm';
 import { User } from './user.entity';
+import { UpdateUserDTO } from './update-user.dto';
 import { Status } from './types';
+import { getCurrentUser } from './utils';
 
 @Injectable()
 export class UsersService {
-  constructor(@InjectRepository(User) private repo: Repository<User>) {}
+  constructor(
+    @InjectRepository(User)
+    private usersRepository: MongoRepository<User>,
+  ) {}
 
   async create(email: string, firstName: string, lastName: string) {
-    const userId = (await this.repo.count()) + 1;
-    const user = this.repo.create({
-      id: userId,
-      status: Status.STANDARD,
+    const userId = (await this.usersRepository.count()) + 1;
+    const user = this.usersRepository.create({
+      userId,
+      status: Status.MEMBER,
       firstName,
       lastName,
       email,
     });
 
-    return this.repo.save(user);
+    return this.usersRepository.save(user);
   }
 
-  findOne(id: number) {
-    if (!id) {
-      return null;
+  async findAll(getAllMembers: boolean): Promise<User[]> {
+    if (!getAllMembers) return [];
+
+    const currentUser = getCurrentUser();
+
+    if (currentUser.status === Status.APPLICANT) {
+      throw new UnauthorizedException();
     }
 
-    return this.repo.findOneBy({ id });
+    const users: User[] = await this.usersRepository.find({
+      where: {
+        status: { $not: { $eq: Status.APPLICANT } },
+      },
+    });
+
+    return users;
+  }
+
+  async findOne(userId: number) {
+    const user = await this.usersRepository.findOneBy({ userId });
+
+    if (!user) {
+      throw new BadRequestException('User not found');
+    }
+
+    const currentUser = getCurrentUser();
+
+    const currentStatus = currentUser.status;
+    const targetStatus = user.status;
+    switch (currentStatus) {
+      //admin can access all users
+      case Status.ADMIN:
+        break;
+      //recruiter can access applicant, and themselves
+      case Status.RECRUITER:
+        if (targetStatus == Status.APPLICANT) {
+          break;
+        } else if (currentUser.userId !== user.userId) {
+          throw new BadRequestException('User not found');
+        }
+        break;
+      //everyone else can only access themselves
+      default:
+        if (currentUser.userId !== user.userId) {
+          throw new BadRequestException('User not found');
+        }
+    }
+
+    return user;
+  }
+
+  async updateUser(
+    updateUserDTO: UpdateUserDTO,
+    userId: number,
+  ): Promise<User> {
+    const user: User = await this.usersRepository.findOne({
+      where: {
+        userId: { $eq: userId },
+      },
+    });
+
+    if (!user) {
+      throw new BadRequestException(`User ${userId} not found.`);
+    }
+
+    const currentUser = getCurrentUser();
+
+    if (currentUser.status !== Status.ADMIN && userId !== currentUser.userId) {
+      throw new UnauthorizedException();
+    }
+
+    await this.usersRepository.update({ userId }, updateUserDTO);
+    return await this.usersRepository.findOne({
+      where: {
+        userId: { $eq: userId },
+      },
+    });
   }
 
+  /* TODO merge these methods with the above methods */
   find(email: string) {
-    return this.repo.find({ where: { email } });
+    return this.usersRepository.find({ where: { email } });
   }
 
   async update(id: number, attrs: Partial<User>) {
@@ -43,7 +124,7 @@ export class UsersService {
 
     Object.assign(user, attrs);
 
-    return this.repo.save(user);
+    return this.usersRepository.save(user);
   }
 
   async remove(id: number) {
@@ -53,6 +134,7 @@ export class UsersService {
       throw new NotFoundException('User not found');
     }
 
-    return this.repo.remove(user);
+    return this.usersRepository.remove(user);
   }
+  /* TODO merge these methods with the above methods */
 }
diff --git a/apps/backend/src/users/utils.ts b/apps/backend/src/users/utils.ts
@@ -0,0 +1,15 @@
+import { Status } from './types';
+import { User } from './user.entity';
+
+export const getCurrentUser = (): User => ({
+  userId: 999,
+  status: Status.ADMIN,
+  firstName: 'jimmy',
+  lastName: 'jimmy2',
+  email: 'jimmy.jimmy2@mail.com',
+  profilePicture: null,
+  linkedin: null,
+  github: null,
+  team: null,
+  role: null,
+});
