'use strict';
var merge = require('utils-merge'),
CoreUtilities,
CoreController,
appSettings,
mongoose,
logger,
Contenttype,
Collection,
Compilation,
pluralize = require('pluralize'),
capitalize = require('capitalize'),
Item,
User,
Account,
controllerOptions,
adminPath,
adminExtSettings;
var get_entity_modifications = function (entityname) {
var entity = entityname.toLowerCase(),
plural_entity = pluralize.plural(entity);
return {
name: entity, //item
plural_name: pluralize.plural(entity), //items
capitalized_name: capitalize(entity), //Item
capitalized_plural_name: capitalize(plural_entity) //Items
};
};
/**
* shows list of users page
* @param {object} req
* @param {object} res
* @return {object} reponds with an error page or sends user to authenicated in resource
*/
var get_index_page = function (options) {
var entity = get_entity_modifications(options.entity);
return function (req, res) {
var viewtemplate = {
viewname: 'p-admin/users/index',
themefileext: appSettings.templatefileextension,
extname: 'periodicjs.ext.asyncadmin'
},
viewdata = merge(req.controllerData, {
pagedata: {
title: '' + entity.capitalized_plural_name,
toplink: '» ' + entity.capitalized_plural_name,
extensions: CoreUtilities.getAdminMenu()
},
user: req.user,
entity: entity
});
CoreController.renderView(req, res, viewtemplate, viewdata);
};
};
/**
* shows user profile page
* @param {object} req
* @param {object} res
* @return {object} reponds with an error page or sends user to authenicated in resource
*/
var get_show_page = function (options) {
var entity = get_entity_modifications(options.entity);
return function (req, res) {
var allow_edit = false,
controllerDataObject = req.controllerData[entity.name],
username_display = controllerDataObject.username || controllerDataObject.email || controllerDataObject._id,
params = req.params,
ObjectToUse = (entity.name === 'account') ? Account : User;
if (params.id === req.user.username) {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: logged in user matches username');
allow_edit = true;
}
else if (req.user.usertype === 'admin') {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: ' + entity.name + ' is admin');
allow_edit = true;
}
else if (User.hasPrivilege(req.user, 750)) {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: has edit user privilege');
allow_edit = true;
}
else {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: no access');
}
if (allow_edit) {
var viewtemplate = {
viewname: 'p-admin/users/show',
themefileext: appSettings.templatefileextension,
extname: 'periodicjs.ext.asyncadmin'
},
viewdata = {
pagedata: {
title: entity.capitalized_name + ' profile (' + username_display + ')',
toplink: '» <a href="/' + adminPath + '/' + entity.plural_name + '" class="async-admin-ajax-link">' + entity.capitalized_plural_name + '</a> » ' + username_display,
// headerjs: ['/extensions/periodicjs.ext.admin/js/userprofile.min.js'],
extensions: CoreUtilities.getAdminMenu()
},
userprofile: controllerDataObject,
allow_edit: allow_edit,
user: req.user,
entity: entity
};
CoreController.renderView(req, res, viewtemplate, viewdata);
}
else {
res.status(401);
CoreController.handleDocumentQueryErrorResponse({
err: new Error('EXT-UAC760: You don\'t have access to modify content'),
res: res,
req: req
});
}
};
};
/**
* create a new user page
* @param {object} req
* @param {object} res
* @return {object} reponds with an error page or sends user to authenicated in resource
*/
var get_new_page = function (options) {
var entity = get_entity_modifications(options.entity);
return function (req, res) {
var allow_edit = false,
viewtemplate = {
viewname: 'p-admin/users/new',
themefileext: appSettings.templatefileextension,
extname: 'periodicjs.ext.asyncadmin'
},
ObjectToUse = (entity.name === 'account') ? Account : User,
viewdata = {
pagedata: {
title: 'Create User Account',
toplink: '» <a href="/' + adminPath + '/' + entity.plural_name + '" class="async-admin-ajax-link">' + entity.capitalized_plural_name + '</a> » Create a new user',
// headerjs: ['/extensions/periodicjs.ext.admin/js/userprofile.min.js'],
extensions: CoreUtilities.getAdminMenu()
},
userprofile: null,
allow_edit: allow_edit,
user: req.user,
entity: entity
};
if (req.user.usertype === 'admin') {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: user is admin');
allow_edit = true;
}
else if (ObjectToUse.hasPrivilege(req.user, 750)) {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: has edit user privilege');
allow_edit = true;
}
else {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: no access');
}
if (allow_edit) {
CoreController.renderView(req, res, viewtemplate, viewdata);
}
else {
res.status(401);
CoreController.handleDocumentQueryErrorResponse({
err: new Error('EXT-UAC750: You don\'t have access to create content'),
res: res,
req: req
});
}
}
};
/**
* make sure a user is authenticated, if not logged in, send them to login page and return them to original resource after login
* @param {object} req
* @param {object} res
* @return {Function} next() callback
*/
var get_edit_page = function (options) {
var entity = get_entity_modifications(options.entity);
return function (req, res) {
var allow_edit = false,
controllerDataObject = req.controllerData[entity.name],
username_display = controllerDataObject.username || controllerDataObject.email || controllerDataObject._id,
params = req.params;
if (params.id === req.user.username) {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: logged in user matches username');
allow_edit = true;
}
else if (req.user.usertype === 'admin') {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: user is admin');
allow_edit = true;
}
else if (User.hasPrivilege(req.user, 750)) {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: has edit user privilege');
allow_edit = true;
}
else {
logger.silly('asyncadmin - ' + entity.plural_name + '_show: no access');
}
if (allow_edit) {
var viewtemplate = {
viewname: 'p-admin/users/edit',
themefileext: appSettings.templatefileextension,
extname: 'periodicjs.ext.asyncadmin'
},
viewdata = {
pagedata: {
title: 'Edit ' + username_display,
toplink: '» <a href="/' + adminPath + '/' + entity.plural_name + '" class="async-admin-ajax-link">' + entity.capitalized_plural_name + '</a> » ' + username_display,
// headerjs: ['/extensions/periodicjs.ext.admin/js/userprofile.min.js'],
extensions: CoreUtilities.getAdminMenu()
},
userprofile: controllerDataObject,
allow_edit: allow_edit,
user: req.user,
entity: entity
};
CoreController.renderView(req, res, viewtemplate, viewdata);
}
else {
res.status(401);
CoreController.handleDocumentQueryErrorResponse({
err: new Error('EXT-UAC760: You don\'t have access to modify content'),
res: res,
req: req
});
}
};
};
//
/**
* admin controller
* @module authController
* @{@link https://github.com/typesettin/periodic}
* @author Yaw Joseph Etse
* @copyright Copyright (c) 2014 Typesettin. All rights reserved.
* @license MIT
* @requires module:periodicjs.core.utilities
* @requires module:periodicjs.core.controller
* @requires module:periodicjs.core.extensions
* @param {object} resources variable injection from current periodic instance with references to the active logger and mongo session
* @return {object}
*/
var controller = function (resources) {
logger = resources.logger;
mongoose = resources.mongoose;
appSettings = resources.settings;
CoreController = resources.core.controller;
CoreUtilities = resources.core.utilities;
Collection = mongoose.model('Collection');
Compilation = mongoose.model('Compilation');
Contenttype = mongoose.model('Contenttype');
Item = mongoose.model('Item');
User = mongoose.model('User');
controllerOptions = resources.app.controller.native.ControllerSettings;
// AppDBSetting = mongoose.model('Setting');
// var appenvironment = appSettings.application.environment;
adminExtSettings = resources.app.controller.extension.asyncadmin.adminExtSettings;
if (adminExtSettings.use_separate_accounts) {
Account = mongoose.model('Account');
}
adminPath = resources.app.locals.adminPath;
return {
users_index: get_index_page({
entity: 'user'
}),
accounts_index: get_index_page({
entity: 'account'
}),
users_edit: get_edit_page({
entity: 'user'
}),
accounts_edit: get_edit_page({
entity: 'account'
}),
users_show: get_show_page({
entity: 'user'
}),
accounts_show: get_show_page({
entity: 'account'
}),
users_new: get_new_page({
entity: 'user'
}),
accounts_new: get_new_page({
entity: 'account'
})
// usersearch: usersearch
};
};
module.exports = controller;