1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139 | 1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
1x
| Client = require('../model/clients').Client
Q = require 'q'
logger = require 'winston'
authorisation = require './authorisation'
utils = require '../utils'
###
# Adds a client
###
exports.addClient = () ->
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to addClient denied.", 'info'
return
clientData = this.request.body
try
client = new Client clientData
result = yield Q.ninvoke client, 'save'
logger.info "User #{this.authenticated.email} created client with id #{client.id}"
this.body = 'Client successfully created'
this.status = 201
catch e
logger.error "Could not add a client via the API: #{e.message}"
this.body = e.message
this.status = 400
###
# Retrieves the details of a specific client
###
exports.getClient = (clientId, property) ->
projectionRestriction = null
# if property - Setup client projection and bypass authorization
if typeof property is 'string'
if property is 'clientName'
projectionRestriction =
_id: 0
name: 1
else
utils.logAndSetResponse this, 404, "The property (#{property}) you are trying to retrieve is not found.", 'info'
return
else
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to findClientById denied.", 'info'
return
clientId = unescape clientId
try
result = yield Client.findById(clientId, projectionRestriction).exec()
if result is null
utils.logAndSetResponse this, 404, "Client with id #{clientId} could not be found.", 'info'
else
this.body = result
catch e
logger.error "Could not find client by id #{clientId} via the API: #{e.message}"
this.body = e.message
this.status = 500
exports.findClientByDomain = (clientDomain) ->
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to findClientByDomain denied.", 'info'
return
clientDomain = unescape clientDomain
try
result = yield Client.findOne(clientDomain: clientDomain).exec()
if result is null
utils.logAndSetResponse this, 404, "Could not find client with clientDomain #{clientDomain}", 'info'
else
this.body = result
catch e
logger.error "Could not find client by client Domain #{clientDomain} via the API: #{e.message}"
this.body = e.message
this.status = 500
exports.updateClient = (clientId) ->
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to updateClient denied.", 'info'
return
clientId = unescape clientId
clientData = this.request.body
# Ignore _id if it exists, a user shouldn't be able to update the internal id
delete clientData._id if clientData._id
try
yield Client.findByIdAndUpdate(clientId, clientData).exec()
logger.info "User #{this.authenticated.email} updated client with id #{clientId}"
this.body = 'Successfully updated client.'
catch e
logger.error "Could not update client by ID #{clientId} via the API: #{e.message}"
this.body = e.message
this.status = 500
exports.removeClient = (clientId) ->
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to removeClient denied.", 'info'
return
clientId = unescape clientId
try
yield Client.findByIdAndRemove(clientId).exec()
this.body = "Successfully removed client with ID #{clientId}"
logger.info "User #{this.authenticated.email} removed client with id #{clientId}"
catch e
logger.error "Could not remove client by ID #{clientId} via the API: #{e.message}"
this.body = e.message
this.status = 500
exports.getClients = () ->
# Test if the user is authorised
if not authorisation.inGroup 'admin', this.authenticated
utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getClients denied.", 'info'
return
try
this.body = yield Client.find().exec()
catch e
logger.error "Could not fetch all clients via the API: #{e.message}"
this.message = e.message
this.status = 500
|