fix addOrganizationAdmin + code cleanup + db enhancement

2025-02-21 08:50:52 +01:00 · 2023-10-18 09:23:52 +02:00 · 2023-10-18 09:23:52 +02:00 · 414b99a462
commit 414b99a462
parent e004ba58e9
3 changed files with 37 additions and 25 deletions
--- a/backend/apis/nodejs/api.js
+++ b/backend/apis/nodejs/api.js
@ -20,7 +20,7 @@ app.use(express.json()); // Middleware which parses JSON for POST requests
 app.post('/blinkapi/register', api_controller.registerPerson); // Register a Person
 app.post('/blinkapi/login', api_controller.login); // Login
 app.get('/blinkapi/person/:id', api_controller.verifyToken, api_controller.getPerson); // Obtain Person's details
-app.delete('/blinkapi/person/:id', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person
+app.delete('/blinkapi/person/delete', api_controller.verifyToken, api_controller.deletePerson); // Delete a Person
 app.post('/blinkapi/organization', api_controller.verifyToken, api_controller.createOrganization); // Create organization
 app.delete('/blinkapi/organization/:id', api_controller.verifyToken, api_controller.deleteOrganization); // Delete organization
 app.post('/blinkapi/organization/post', api_controller.verifyToken, api_controller.createOrganizationPost); // Create a organization's post
--- a/backend/apis/nodejs/api_controller.js
+++ b/backend/apis/nodejs/api_controller.js
@ -109,20 +109,17 @@ async function getPerson(req, res){
        return res.status(200).send(user);
      }
    }
-    return res.status(403).json({error: "Forbidden"});
+    return res.status(404).json({error: "Not found"});
  }
  catch (error) {
-    console.log("Error logging in:" + error);
+    console.log("Error while getting person: " + error);
    return res.status(500).json({error : "Internal server error"});
  }
 }
 // GET
-async function deletePerson(req, res){
+async function deletePerson(req, res) {
-  if(req.params.id != req.jwt.person_id){
+  // A user can only delete themselves
    return res.status(403).json({error: "Forbidden"});
  }
  try {
    await knex('Person')
      .where({id : req.jwt.person_id})
@ -132,7 +129,6 @@ async function deletePerson(req, res){
    console.log("Error deleting a Person: " + error);
    return res.status(500).json({error : "Internal server error"});
  }
 }
 // POST
@ -205,6 +201,7 @@ async function createOrganizationPost(req, res){
        .insert({
          organization_id: req.body.organization_id,
          content: req.body.content,
          original_author: req.jwt.person_id
        })
        .returning('*');
        return res.status(200).json(organizationPost[0]);
@ -252,24 +249,31 @@ async function deleteOrganizationPost(req, res){
 // POST
 async function addOrganizationAdmin(req, res){
-  // Check whether I am admin and if I'm not trying to make myself admin, if I already am
+
  // Ensure that the required fields are present before proceeding
  if (!req.body.organization_id || !req.body.person_id) {
    return res.status(400).json({ error : "Invalid request"});
  }  
  // Check whether I am admin and if I'm not trying to make myself admin
  if(await isPersonOrganizationAdmin(req.jwt.person_id, req.body.organization_id) 
-    && req.jwt.person_id != req.body.person_id){
+  && req.jwt.person_id != req.body.person_id){
-      // Check whether user exists
+    try {
-      const userToInsert = await knex('Person')
+      // We suppose that the database has Foreign Key constraints
-        .select('*')
+      await knex('OrganizationAdministrator')
-        .where({ id: req.body.person_id, enabled: true })
+      .insert({
-        .first();
+        id_person: req.body.person_id,
-      if(userToInsert){
+        id_organization: req.body.organization_id
-        await knex('OrganizationAdministrator')
+      });
-          .insert({
+      return res.status(200).json({success : true});
-            id_person: req.jwt.person_id,
+    } 
-            id_organization: req.body.organization_id
+    catch (error) {
-          });
+      console.error('Error while adding organization admin: ' + error);
-        return res.status(200).json({success : true});
+      // Foreign Key Constraint Violation
      if (error.code === '23503') {
        return res.status(404).json({ error : "Not found"});
      }
-    else {
+      res.status(500).json({error : "Internal server error"});
      return res.status(401).json({ error : "Forbidden"});
    }
  }
  else {
--- a/backend/sql/4-create_organization_post.sql
+++ b/backend/sql/4-create_organization_post.sql
@ -7,6 +7,14 @@ CREATE TABLE IF NOT EXISTS public."OrganizationPost"
    id SERIAL PRIMARY KEY,
    organization_id integer NOT NULL,
    content text COLLATE pg_catalog."default" NOT NULL,
    created_at timestamp without time zone DEFAULT now(),
    original_author integer NOT NULL,
    CONSTRAINT "OrganizationPost_pkey" PRIMARY KEY (id),
    CONSTRAINT "AuthorIdFK" FOREIGN KEY (original_author)
        REFERENCES public."Person" (id) MATCH SIMPLE
        ON UPDATE NO ACTION
        ON DELETE NO ACTION
        NOT VALID,
    CONSTRAINT "OrganizationIdFk" FOREIGN KEY (organization_id)
        REFERENCES public."Organization" (id) MATCH SIMPLE
        ON UPDATE CASCADE