Code issues

andela-nmartin · andela-nmartin · commit b22f367d2e6b · 2015-12-08T18:08:01.000+03:00
diff --git a/server.js b/server.js
@@ -10,7 +10,8 @@ var app = express();
 var http = require('http').Server(app);
 var io = require('socket.io')(http);
 
-// connect to Mongo when the app initializes
+// connect to Mongo when the app initializes and 
+// drop the db before seeding
 mongoose.connect(config.database, function(err) {
   if (err) {
     console.log(err);
@@ -38,12 +39,11 @@ app.use(morgan('dev'));
 
 app.use(express.static(__dirname + '/public'));
 
-var api = require('./server/routes/api')(app, express, io);
+var api = require('./server/routes/index')(app, express, io);
 app.use('/api', api);
 
 app.get('*', function(req, res) {
   res.send('System Under Construction...');
-  // res.sendFile(__dirname + '/public/views/index.html');
 });
 
 http.listen(config.port, function(err) {
diff --git a/server/controllers/documents.js b/server/controllers/documents.js
@@ -1,14 +1,14 @@
  (function() {
    'use strict';
    // get the required models and db connection
-   var User = require('../models/users'),
-     moment = require('moment'),
-     Document = require('../models/documents');
+   var moment = require('moment'),
+     Document = require('../models/documents'),
+     User = require('../models/users');
 
    module.exports = {
      // get document by id
      getDocument: function(req, res) {
-       var id = req.param('id');
+       var id = req.params.id;
        Document.find({
          _id: id
        }, function(err, documents) {
@@ -19,6 +19,7 @@
          res.send(documents);
        });
      },
+
      // to get the mongo cluster of all the documents stored
      getAllDocuments: function(req, res) {
        Document.find({}, function(err, documents) {
@@ -29,6 +30,7 @@
          res.json(documents);
        });
      },
+
      createDocument: function(req, res) {
        var document = new Document({
          ownerId: req.decoded._id,
@@ -40,33 +42,31 @@
            res.send(err);
            return;
          }
-         res.json({
-           success: true,
-           message: 'Document has been created!'
-         });
+         res.send(document);
        });
      },
+
      // update document by id
      updateDocument: function(req, res) {
-       var id = req.param('id');
+       var id = req.params.id;
        Document.findById(req.params.id).exec(function(err, document) {
          if (err) {
            res.status(500).send({
              message: 'There was a problem deleting your document.'
            });
          } else {
-           if (document === null) {
+           if (!document) {
              res.send({
                message: 'No document found.'
              });
            } else {
              if (req.decoded._id !== document.ownerId && req.decoded.role === 'User') {
-               //send 403 status and forbidden message
+               // send 403 status and forbidden message
                res.status(403).send({
                  message: 'Forbidden to update this document.'
                });
              } else {
-               //delete or update
+               // delete or update
                Document.findOneAndUpdate({
                    _id: id
                  }, {
@@ -93,34 +93,34 @@
          }
        });
      },
+
      // delete document by id
      deleteDocument: function(req, res) {
-       var id = req.param('id');
        Document.findById(req.params.id).exec(function(err, document) {
          if (err) {
            res.status(500).send({
              message: 'There was a problem deleting your document.'
            });
          } else {
-           if (document === null) {
+           if (!document) {
              res.send({
                message: 'No document found.'
              });
            } else {
              if (req.decoded._id !== document.ownerId && req.decoded.role === 'User') {
-               //send 403 status and forbidden message
+               // send 403 status and forbidden message
                res.status(403).send({
                  message: 'Forbidden to delete this document.'
                });
              } else {
-               //delete or update
+               // delete or update
                Document.findOneAndRemove({
                  _id: req.params.id
                }).exec(function(err, documents) {
                  if (err) {
                    return err;
                  } else {
-                   res.json(200, {
+                   res.status(200).json({
                      message: documents
                    });
                  }
@@ -130,6 +130,7 @@
          }
        });
      },
+
      // to get the mongo cluster of all the documents filtered by 'User' role
      getAllDocumentsByRoleUser: function(req, res) {
        Document.find({})
@@ -150,15 +151,14 @@
                }
              });
            for (var i = 0; i < filtered.length; i++) {
-             if (filtered[i] === undefined) {
+             if (!filtered[i]) {
                filtered.splice(i, 1);
              }
            }
            res.json(filtered);
          });
      },
 
-
      // to get the mongo cluster of all the documents filtered by 'Administrator' role
      getAllDocumentsByRoleAdministrator: function(req, res) {
        Document.find({})
@@ -179,14 +179,14 @@
                }
              });
            for (var i = 0; i < filtered.length; i++) {
-             if (filtered[i] === undefined) {
+             if (!filtered[i]) {
                filtered.splice(i, 1);
              }
            }
-           console.log(filtered);
            res.json(filtered);
          });
      },
+
      // to get the mongo cluster of all the documents filtered by date
      getAllDocumentsByDate: function(req, res) {
        Document.find({
@@ -203,6 +203,19 @@
            }
            res.json(documents);
          });
+     },
+
+     getAllDocumentsParticularUser: function(req, res) {
+       var id = req.param('id');
+       User.find({
+         ownerId: id
+       }, function(err, documents) {
+         if (err) {
+           res.send(err);
+           return;
+         }
+         res.json(documents);
+       });
      }
    };
  })();
diff --git a/server/controllers/roles.js b/server/controllers/roles.js
@@ -14,6 +14,7 @@
         res.json(roles);
       });
     },
+
     // creates a role in the db
     createRole: function(req, res) {
       var role = new Role({
diff --git a/server/controllers/users.js b/server/controllers/users.js
@@ -35,10 +35,7 @@
         if (err) {
           res.send(err);
         }
-        //
         // add the role to the user before being saved
-        //
-        console.log(JSON.stringify(roles));
         user.role = roles[0].title;
         // assign a token to the created user
         var token = createToken(user);
@@ -48,7 +45,6 @@
             res.send(err);
             return;
           }
-          console.log(user);
           res.json({
             success: true,
             message: 'User has been created!',
@@ -62,7 +58,7 @@
     login: function(req, res) {
       User.findOne({
         username: req.body.username
-      }).select('name username password').exec(function(err, user) {
+      }).exec(function(err, user) {
         if (err) {
           throw err;
         }
@@ -77,9 +73,9 @@
               message: 'Invalid Password'
             });
           } else {
-            ///// token
+            // token
+            delete user.password;
             var token = createToken(user);
-
             res.json({
               id: user._id,
               success: true,
@@ -90,13 +86,15 @@
         }
       });
     },
+
     // logout function
     logout: function(req, res) {
       delete req.headers['x-access-token'];
       return res.status(200).json({
         'message': 'User has been successfully logged out'
       });
     },
+
     // to get the mongo cluster of all the users stored on the db
     getAllUsers: function(req, res) {
       User.find({}, function(err, users) {
@@ -107,9 +105,10 @@
         res.json(users);
       });
     },
+
     // get user by id
     getUser: function(req, res) {
-      var id = req.param('id');
+      var id = req.params.id;
       User.find({
         _id: id
       }, function(err, users) {
@@ -120,6 +119,7 @@
         res.json(users);
       });
     },
+
     // to get the mongo cluster of all the user roles
     getAllUsersRoles: function(req, res) {
       User.find({
@@ -132,6 +132,7 @@
         res.json(users);
       });
     },
+
     // to get the mongo cluster of all the user roles
     getAllAdminRoles: function(req, res) {
       User.find({
@@ -144,9 +145,10 @@
         res.json(users);
       });
     },
+
     // update user by id
     updateUser: function(req, res) {
-      var id = req.param('id');
+      var id = req.params.id;
       // update function
       var updateMe = function(id) {
         User.findOneAndUpdate({
@@ -173,7 +175,7 @@
           if (err) {
             res.send(err);
             return;
-          } else if (users === null) {
+          } else if (!users) {
             res.send({
               message: 'Not Authorised to update this user.'
             });
@@ -196,35 +198,37 @@
         updateMe(id7.trim());
       }
     },
+
     // delete user by id
     deleteUser: function(req, res) {
       // delete function
       var deleteMe = function(id) {
         User.findOneAndRemove({
             _id: id
           },
-          function(err, users) {
+          function(err, user) {
             if (err) {
               res.json(401, {
                 message: err
               });
               return;
             } else {
               res.json(200, {
-                message: users
+                message: user
               });
             }
           });
       };
-      if (req.decoded.role === 'Administrator' && req.param('id')) {
-        var id = req.param('id');
+      if (req.decoded.role === 'Administrator') {
+        var id = req.params.id;
         deleteMe(id.trim());
-      } else if (req.param('id')) {
+      } else if (req.decoded._id === req.params.id) {
         var id1 = req.decoded._id;
         deleteMe(id1.trim());
-      } else if (req.decoded.role === 'Administrator' && !req.param('id')) {
-        var id2 = req.decoded._id;
-        deleteMe(id2.trim());
+      } else {
+        res.json(403, {
+          message: 'Not allowed to delete this user.'
+        });
       }
     }
   };
diff --git a/server/models/documents.js b/server/models/documents.js
@@ -1,6 +1,5 @@
 // require needed modules
 var mongoose = require('mongoose'),
-  User = require('./users'),
   Schema = mongoose.Schema;
 
 // create a schema
diff --git a/server/models/roles.js b/server/models/roles.js
@@ -10,8 +10,8 @@ var RolesSchema = new Schema({
   },
   title: {
     type: String,
-    enum: ['Administrator', 'User', 'Standard'],
-    default: 'Standard',
+    enum: ['Administrator', 'User'],
+    default: 'User',
     unique: true
   }
 
diff --git a/server/models/users.js b/server/models/users.js
@@ -19,8 +19,7 @@ var UserSchema = new Schema({
   email: String,
   password: {
     type: String,
-    required: true,
-    select: false
+    required: true
   },
   role: {
     type: String,
diff --git a/tests/documents.spec.js b/tests/documents.spec.js
diff --git a/tests/roles.spec.js b/tests/roles.spec.js
diff --git a/tests/users.spec.js b/tests/users.spec.js
