1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112 | 1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
| Visualizer = require('../model/visualizer').Visualizer
authorisation = require './authorisation'
Q = require 'q'
utils = require '../utils'
logger = require 'winston'
# Endpoint that returns all visualizers
exports.getVisualizers = ->
# Must be admin
if not authorisation.inGroup 'admin', this.authenticated
return utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getVisualizers denied.", 'info'
try
this.body = yield Visualizer.find().exec()
catch err
utils.logAndSetResponse this, 500, "Could not fetch visualizers via the API: #{err}", 'error'
# Endpoint that returns specific visualizer by visualizerId
exports.getVisualizer = (visualizerId) ->
# Must be admin
if not authorisation.inGroup 'admin', this.authenticated
return utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getVisualizer denied.", 'info'
visualizerId = unescape visualizerId
try
result = yield Visualizer.findById(visualizerId).exec()
if not result
this.body = "Visualizer with _id #{visualizerId} could not be found."
this.status = 404
else
this.body = result
catch err
utils.logAndSetResponse this, 500, "Could not fetch visualizer via the API: #{err}", 'error'
# Endpoint to add new visualizer
exports.addVisualizer = ->
# Must be admin user
if not authorisation.inGroup 'admin', this.authenticated
return utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to addVisualizer denied.", 'info'
visualizerData = this.request.body
if not visualizerData
return utils.logAndSetResponse this, 404, "Cannot Add Visualizer, no request object", 'info'
try
visualizer = new Visualizer visualizerData
result = yield Q.ninvoke visualizer, 'save'
this.body = 'Visualizer successfully created'
this.status = 201
logger.info 'User %s created visualizer with id %s', this.authenticated.email, visualizer.id
catch err
utils.logAndSetResponse this, 500, "Could not add visualizer via the API: #{err}", 'error'
# Endpoint to update specific visualizer by visualizerId
exports.updateVisualizer = (visualizerId) ->
# Must be admin
if not authorisation.inGroup 'admin', this.authenticated
return utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to updateVisualizer denied.", 'info'
visualizerData = this.request.body
if not visualizerData
return utils.logAndSetResponse this, 404, "Cannot Update Visualizer with _id #{visualizerId}, no request object", 'info'
visualizerId = unescape visualizerId
# Ignore _id if it exists, a user shouldn't be able to update the internal id
delete visualizerData._id if visualizerData._id
try
result = yield Visualizer.findByIdAndUpdate(visualizerId, visualizerData).exec()
if not result
return utils.logAndSetResponse this, 404, "Cannot Update Visualizer with _id #{visualizerId}, does not exist", 'info'
this.body = "Successfully updated visualizer with _id #{visualizerId}"
logger.info "User #{this.authenticated.email} updated visualizer with _id #{visualizerId}"
catch e
utils.logAndSetResponse this, 500, "Could not update visualizer with _id #{visualizerId} via the API #{e}", 'error'
# Endpoint to remove specific visualizer by visualizerId
exports.removeVisualizer = (visualizerId) ->
# Must be admin
if not authorisation.inGroup 'admin', this.authenticated
return utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to removeVisualizer denied.", 'info'
visualizerId = unescape visualizerId
try
v = yield Visualizer.findByIdAndRemove(visualizerId).exec()
if not v
return utils.logAndSetResponse this, 404, "Could not find visualizer with _id #{visualizerId}", 'info'
this.body = "Successfully removed visualizer with _id #{visualizerId}"
logger.info "User #{this.authenticated.email} removed visualizer with _id #{visualizerId}"
catch e
utils.logAndSetResponse this, 500, "Could not remove visualizer with _id #{visualizerId} via the API #{e}", 'error'
|