| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515 |
- const loggerFactory = require('@alias/logger');
- const logger = loggerFactory('growi:routes:apiv3:user-group');
- const express = require('express');
- const router = express.Router();
- const { body } = require('express-validator/check');
- const { isEmail } = require('validator');
- const ErrorV3 = require('../../models/vo/error-apiv3');
- const PAGE_ITEMS = 50;
- const validator = {};
- /**
- * @swagger
- * tags:
- * name: Users
- */
- /**
- * @swagger
- *
- * components:
- * schemas:
- * User:
- * description: User
- * type: object
- * properties:
- * _id:
- * type: string
- * description: user ID
- * example: 5ae5fccfc5577b0004dbd8ab
- * lang:
- * type: string
- * description: language
- * example: 'en-US'
- * status:
- * type: integer
- * description: status
- * example: 0
- * admin:
- * type: boolean
- * description: whether the admin
- * example: false
- * email:
- * type: string
- * description: E-Mail address
- * example: alice@aaa.aaa
- * username:
- * type: string
- * description: username
- * example: alice
- * name:
- * type: string
- * description: full name
- * example: Alice
- * createdAt:
- * type: string
- * description: date created at
- * example: 2010-01-01T00:00:00.000Z
- */
- module.exports = (crowi) => {
- const loginRequiredStrictly = require('../../middleware/login-required')(crowi);
- const adminRequired = require('../../middleware/admin-required')(crowi);
- const csrf = require('../../middleware/csrf')(crowi);
- const {
- User,
- Page,
- ExternalAccount,
- } = crowi.models;
- const { ApiV3FormValidator } = crowi.middlewares;
- /**
- * @swagger
- *
- * paths:
- * /users:
- * get:
- * tags: [Users]
- * operationId: listUsers
- * summary: /users
- * description: Get users
- * responses:
- * 200:
- * description: users are fetched
- * content:
- * application/json:
- * schema:
- * properties:
- * paginateResult:
- * $ref: '#/components/schemas/PaginateResult'
- */
- router.get('/', loginRequiredStrictly, adminRequired, async(req, res) => {
- const page = parseInt(req.query.page) || 1;
- try {
- const paginateResult = await User.paginate(
- { status: { $ne: User.STATUS_DELETED } },
- {
- sort: { status: 1, username: 1, createdAt: 1 },
- page,
- limit: PAGE_ITEMS,
- },
- );
- return res.apiv3({ paginateResult });
- }
- catch (err) {
- const msg = 'Error occurred in fetching user group list';
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(msg, 'user-group-list-fetch-failed'), 500);
- }
- });
- validator.inviteEmail = [
- // isEmail prevents line breaks, so use isString
- body('shapedEmailList').custom((value) => {
- const array = value.filter((value) => { return isEmail(value) });
- if (array.length === 0) {
- throw new Error('At least one valid email address is required');
- }
- return array;
- }),
- ];
- /**
- * @swagger
- *
- * paths:
- * /users/invite:
- * post:
- * tags: [Users]
- * operationId: inviteUser
- * summary: /users/invite
- * description: Create new users and send Emails
- * parameters:
- * - name: shapedEmailList
- * in: query
- * description: Invitation emailList
- * schema:
- * type: object
- * - name: sendEmail
- * in: query
- * description: Whether to send mail
- * schema:
- * type: boolean
- * responses:
- * 200:
- * description: Inviting user success
- * content:
- * application/json:
- * schema:
- * properties:
- * createdUserList:
- * type: object
- * description: Users successfully created
- * existingEmailList:
- * type: object
- * description: Users email that already exists
- */
- router.post('/invite', loginRequiredStrictly, adminRequired, csrf, validator.inviteEmail, ApiV3FormValidator, async(req, res) => {
- try {
- const invitedUserList = await User.createUsersByInvitation(req.body.shapedEmailList, req.body.sendEmail);
- return res.apiv3({ invitedUserList });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/{id}/giveAdmin:
- * put:
- * tags: [Users]
- * operationId: giveAdminUser
- * summary: /users/{id}/giveAdmin
- * description: Give user admin
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of user for admin
- * schema:
- * type: string
- * responses:
- * 200:
- * description: Give user admin success
- * content:
- * application/json:
- * schema:
- * properties:
- * userData:
- * type: object
- * description: data of admin user
- */
- router.put('/:id/giveAdmin', loginRequiredStrictly, adminRequired, csrf, async(req, res) => {
- const { id } = req.params;
- try {
- const userData = await User.findById(id);
- await userData.makeAdmin();
- return res.apiv3({ userData });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/{id}/removeAdmin:
- * put:
- * tags: [Users]
- * operationId: removeAdminUser
- * summary: /users/{id}/removeAdmin
- * description: Remove user admin
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of user for removing admin
- * schema:
- * type: string
- * responses:
- * 200:
- * description: Remove user admin success
- * content:
- * application/json:
- * schema:
- * properties:
- * userData:
- * type: object
- * description: data of removed admin user
- */
- router.put('/:id/removeAdmin', loginRequiredStrictly, adminRequired, csrf, async(req, res) => {
- const { id } = req.params;
- try {
- const userData = await User.findById(id);
- await userData.removeFromAdmin();
- return res.apiv3({ userData });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/{id}/activate:
- * put:
- * tags: [Users]
- * operationId: activateUser
- * summary: /users/{id}/activate
- * description: Activate user
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of activate user
- * schema:
- * type: string
- * responses:
- * 200:
- * description: Activationg user success
- * content:
- * application/json:
- * schema:
- * properties:
- * userData:
- * type: object
- * description: data of activate user
- */
- router.put('/:id/activate', loginRequiredStrictly, adminRequired, csrf, async(req, res) => {
- // check user upper limit
- const isUserCountExceedsUpperLimit = await User.isUserCountExceedsUpperLimit();
- if (isUserCountExceedsUpperLimit) {
- const msg = 'Unable to activate because user has reached limit';
- logger.error('Error', msg);
- return res.apiv3Err(new ErrorV3(msg));
- }
- const { id } = req.params;
- try {
- const userData = await User.findById(id);
- await userData.statusActivate();
- return res.apiv3({ userData });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/{id}/deactivate:
- * put:
- * tags: [Users]
- * operationId: deactivateUser
- * summary: /users/{id}/deactivate
- * description: Deactivate user
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of deactivate user
- * schema:
- * type: string
- * responses:
- * 200:
- * description: Deactivationg user success
- * content:
- * application/json:
- * schema:
- * properties:
- * userData:
- * type: object
- * description: data of deactivate user
- */
- router.put('/:id/deactivate', loginRequiredStrictly, adminRequired, csrf, async(req, res) => {
- const { id } = req.params;
- try {
- const userData = await User.findById(id);
- await userData.statusSuspend();
- return res.apiv3({ userData });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/{id}/remove:
- * delete:
- * tags: [Users]
- * operationId: removeUser
- * summary: /users/{id}/remove
- * description: Delete user
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of delete user
- * schema:
- * type: string
- * responses:
- * 200:
- * description: Deleting user success
- * content:
- * application/json:
- * schema:
- * properties:
- * userData:
- * type: object
- * description: data of delete user
- */
- router.delete('/:id/remove', loginRequiredStrictly, adminRequired, csrf, async(req, res) => {
- const { id } = req.params;
- try {
- const userData = await User.findById(id);
- await userData.statusDelete();
- await ExternalAccount.remove({ user: userData });
- await Page.removeByPath(`/user/${userData.username}`);
- return res.apiv3({ userData });
- }
- catch (err) {
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(err));
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/external-accounts:
- * get:
- * tags: [Users]
- * operationId: listExternalAccountsUsers
- * summary: /users/external-accounts
- * description: Get external-account
- * responses:
- * 200:
- * description: external-account are fetched
- * content:
- * application/json:
- * schema:
- * properties:
- * paginateResult:
- * $ref: '#/components/schemas/PaginateResult'
- */
- router.get('/external-accounts/', loginRequiredStrictly, adminRequired, async(req, res) => {
- const page = parseInt(req.query.page) || 1;
- try {
- const paginateResult = await ExternalAccount.findAllWithPagination({ page });
- return res.apiv3({ paginateResult });
- }
- catch (err) {
- const msg = 'Error occurred in fetching external-account list ';
- logger.error(msg, err);
- return res.apiv3Err(new ErrorV3(msg + err.message, 'external-account-list-fetch-failed'), 500);
- }
- });
- const correctStatusList = ['registered', 'active', 'suspended', 'invited'];
- validator.statusList = [
- body('statusList').custom((value) => {
- const error = [];
- value.forEach((status) => {
- if (!correctStatusList.includes(status)) {
- error.push(status);
- }
- });
- return (error.length === 0);
- }),
- ];
- router.get('/selected-status-users/', validator.statusList, ApiV3FormValidator, async(req, res) => {
- const page = parseInt(req.query.page) || 1;
- const { statusList } = req.body;
- const statusNo = {
- registered: User.STATUS_REGISTERED,
- active: User.STATUS_ACTIVE,
- suspended: User.STATUS_SUSPENDED,
- invited: User.STATUS_INVITED,
- };
- const statusNoList = statusList.map(element => statusNo[element]);
- try {
- const paginateResult = await User.paginate(
- { status: { $in: statusNoList } },
- {
- sort: { status: 1, username: 1, createdAt: 1 },
- page,
- limit: PAGE_ITEMS,
- },
- );
- return res.apiv3({ paginateResult });
- }
- catch (err) {
- const msg = 'Error occurred in fetching user group list';
- logger.error('Error', err);
- return res.apiv3Err(new ErrorV3(msg, 'user-group-list-fetch-failed'), 500);
- }
- });
- /**
- * @swagger
- *
- * paths:
- * /users/external-accounts/{id}/remove:
- * delete:
- * tags: [Users]
- * operationId: removeExternalAccountUser
- * summary: /users/external-accounts/{id}/remove
- * description: Delete ExternalAccount
- * parameters:
- * - name: id
- * in: path
- * required: true
- * description: id of ExternalAccount
- * schema:
- * type: string
- * responses:
- * 200:
- * description: External Account is removed
- * content:
- * application/json:
- * schema:
- * properties:
- * externalAccount:
- * type: object
- * description: A result of `ExtenralAccount.findByIdAndRemove`
- */
- router.delete('/external-accounts/:id/remove', loginRequiredStrictly, adminRequired, ApiV3FormValidator, async(req, res) => {
- const { id } = req.params;
- try {
- const externalAccount = await ExternalAccount.findByIdAndRemove(id);
- return res.apiv3({ externalAccount });
- }
- catch (err) {
- const msg = 'Error occurred in deleting a external account ';
- logger.error(msg, err);
- return res.apiv3Err(new ErrorV3(msg + err.message, 'extenral-account-delete-failed'));
- }
- });
- return router;
- };
|
