completed permissions (for now) and added caching to vatsim requests

vatger · May 20, 2024 · 8c4e5a4 · 8c4e5a4
1 parent dd70f1a
commit 8c4e5a4
Show file tree

Hide file tree

Showing 49 changed files with 1,448 additions and 1,185 deletions.
diff --git a/backend/db/seeders/20221121101837-PermissionSeeder.ts b/backend/db/seeders/20221121101837-PermissionSeeder.ts
@@ -5,6 +5,11 @@ const allPerms = [
     "mentor.acc.manage.own",
 
     "mentor.view",
+    "users.list",
+    "users.view",
+
+    "notes.view",
+    "notes.create",
 
     "lm.view",
     "lm.action_requirements.view",
@@ -19,13 +24,16 @@ const allPerms = [
     "lm.endorsement_groups.create",
 
     "lm.training_types.view",
+    "lm.training_types.create",
+    "lm.training_types.edit",
 
     "atd.view",
+    "atd.override", // Overrides some permissions and allows user with this perm to see everything, irrespective of mentor group (for example)
     "atd.solo.delete",
     "atd.examiner.view",
     "atd.fast_track.view",
     "atd.atsim.view",
-    "atd.training_stations.view",
+    "atd.training_stations.sync",
 
     "atd.log_template.view",
     "atd.log_template.edit",

diff --git a/backend/src/Router.ts b/backend/src/Router.ts
@@ -99,7 +99,6 @@ router.use(
         r.use(
             "/course",
             routerGroup((r: Router) => {
-                r.get("/my", UserCourseController.getMyCourses);
                 r.get("/active", UserCourseController.getActiveCourses);
                 r.get("/available", UserCourseController.getAvailableCourses);
                 r.get("/completed", UserCourseController.getCompletedCourses);
@@ -181,15 +180,13 @@ router.use(
             routerGroup((r: Router) => {
                 r.get("/data", UserInformationAdminController.getUserDataByID);
                 r.get("/data/basic", UserInformationAdminController.getBasicUserDataByID);
-                r.get("/data/sensitive", UserInformationAdminController.getSensitiveUserDataByID);
 
                 r.post("/note", UserNoteAdminController.createUserNote);
                 r.get("/notes", UserNoteAdminController.getGeneralUserNotes);
                 r.get("/notes/course", UserNoteAdminController.getNotesByCourseID);
 
                 r.get("/", UserAdminController.getAll);
                 r.get("/min", UserAdminController.getAllUsersMinimalData);
-                r.get("/sensitive", UserAdminController.getAllSensitive);
 
                 r.post("/enrol", UserCourseAdminController.enrolUser);
 
@@ -366,8 +363,6 @@ router.use(
             "/training-station",
             routerGroup((r: Router) => {
                 r.get("/", TrainingStationAdminController.getAll);
-                r.get("/:id", TrainingStationAdminController.getByID);
-
                 r.post("/sync", TrainingStationAdminController.syncStations);
             })
         );

diff --git a/backend/src/controllers/permission/PermissionAdminController.ts b/backend/src/controllers/permission/PermissionAdminController.ts
@@ -37,7 +37,7 @@ async function create(request: Request, response: Response, next: NextFunction)
 
         const body = request.body as { name: string };
         Validator.validate(body, {
-            name: [ValidationTypeEnum.NON_NULL]
+            name: [ValidationTypeEnum.NON_NULL],
         });
 
         const [perm, created] = await Permission.findOrCreate({
@@ -68,12 +68,12 @@ async function destroy(request: Request, response: Response, next: NextFunction)
         const user: User = response.locals.user;
         PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit");
 
-        const body = request.body as {perm_id: string};
+        const body = request.body as { perm_id: string };
         Validator.validate(body, {
-            perm_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            perm_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
-        const res = await Permission.destroy({
+        await Permission.destroy({
             where: {
                 id: body.perm_id,
             },

diff --git a/backend/src/controllers/permission/RoleAdminController.ts b/backend/src/controllers/permission/RoleAdminController.ts
@@ -20,7 +20,7 @@ async function getAll(_request: Request, response: Response, next: NextFunction)
 
         const roles = await Role.findAll();
         response.send(roles);
-    } catch(e) {
+    } catch (e) {
         next(e);
     }
 }
@@ -207,12 +207,12 @@ async function addPermission(request: Request, response: Response, next: NextFun
     try {
         const user: User = response.locals.user;
         const params = request.params;
-        const body = request.body as {permission_id?: string};
+        const body = request.body as { permission_id?: string };
 
         PermissionHelper.checkUserHasPermission(user, "tech.role_management.edit", true);
 
         Validator.validate(body, {
-            permission_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            permission_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
         const res = await RoleHasPermissions.create({

diff --git a/backend/src/controllers/solo/SoloAdminController.ts b/backend/src/controllers/solo/SoloAdminController.ts
@@ -6,10 +6,7 @@ import { User } from "../../models/User";
 import { EndorsementGroupsBelongsToUsers } from "../../models/through/EndorsementGroupsBelongsToUsers";
 import { TrainingSession } from "../../models/TrainingSession";
 import PermissionHelper from "../../utility/helper/PermissionHelper";
-import {
-    createSolo as vateudCreateSolo,
-    removeSolo as vateudRemoveSolo
-} from "../../libraries/vateud/VateudCoreLibrary";
+import { createSolo as vateudCreateSolo, removeSolo as vateudRemoveSolo } from "../../libraries/vateud/VateudCoreLibrary";
 import { EndorsementGroup } from "../../models/EndorsementGroup";
 import Validator, { ValidationTypeEnum } from "../../utility/Validator";
 import { sequelize } from "../../core/Sequelize";
@@ -43,31 +40,37 @@ async function createSolo(request: Request, response: Response, next: NextFuncti
             solo_duration: [ValidationTypeEnum.NON_NULL],
             solo_start: [ValidationTypeEnum.NON_NULL],
             trainee_id: [ValidationTypeEnum.NON_NULL],
-            endorsement_group_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            endorsement_group_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
         const startDate = dayjs.utc(body.solo_start);
         const endDate = startDate.add(Number(body.solo_duration), "days");
 
-        const solo = await UserSolo.create({
-            user_id: body.trainee_id,
-            created_by: user.id,
-            solo_used: Number(body.solo_duration),
-            extension_count: 0,
-            current_solo_start: startDate.toDate(),
-            current_solo_end: endDate.toDate(),
-        }, {
-            transaction: transaction
-        });
+        const solo = await UserSolo.create(
+            {
+                user_id: body.trainee_id,
+                created_by: user.id,
+                solo_used: Number(body.solo_duration),
+                extension_count: 0,
+                current_solo_start: startDate.toDate(),
+                current_solo_end: endDate.toDate(),
+            },
+            {
+                transaction: transaction,
+            }
+        );
 
-        await EndorsementGroupsBelongsToUsers.create({
-            user_id: body.trainee_id,
-            created_by: user.id,
-            endorsement_group_id: Number(body.endorsement_group_id),
-            solo_id: solo.id,
-        }, {
-            transaction: transaction
-        });
+        await EndorsementGroupsBelongsToUsers.create(
+            {
+                user_id: body.trainee_id,
+                created_by: user.id,
+                endorsement_group_id: Number(body.endorsement_group_id),
+                solo_id: solo.id,
+            },
+            {
+                transaction: transaction,
+            }
+        );
 
         const endorsementGroup = await EndorsementGroup.findOne({
             where: {
@@ -109,7 +112,7 @@ async function updateSolo(request: Request, response: Response, next: NextFuncti
     try {
         const body = request.body as UpdateSoloRequestBody & { endorsement_group_id?: string };
         Validator.validate(body, {
-            endorsement_group_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            endorsement_group_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
         const currentSolo = await UserSolo.findOne({
@@ -129,40 +132,49 @@ async function updateSolo(request: Request, response: Response, next: NextFuncti
                 user_id: body.trainee_id,
                 solo_id: currentSolo.id,
             },
-            transaction: transaction
+            transaction: transaction,
         });
 
-        await EndorsementGroupsBelongsToUsers.create({
-            user_id: body.trainee_id,
-            endorsement_group_id: Number(body.endorsement_group_id),
-            solo_id: currentSolo.id,
-            created_by: response.locals.user.id,
-        }, {
-            transaction: transaction
-        });
+        await EndorsementGroupsBelongsToUsers.create(
+            {
+                user_id: body.trainee_id,
+                endorsement_group_id: Number(body.endorsement_group_id),
+                solo_id: currentSolo.id,
+                created_by: response.locals.user.id,
+            },
+            {
+                transaction: transaction,
+            }
+        );
 
         const newDuration = currentSolo.solo_used + Number(body.solo_duration);
 
         // If solo_start == NULL, then the solo is still active
         if (body.solo_start == null) {
-            await currentSolo.update({
-                created_by: response.locals.user.id,
-                solo_used: newDuration,
-                current_solo_end: dayjs.utc(currentSolo.current_solo_start).add(newDuration, "days").toDate(),
-            }, {
-                transaction: transaction
-            });
+            await currentSolo.update(
+                {
+                    created_by: response.locals.user.id,
+                    solo_used: newDuration,
+                    current_solo_end: dayjs.utc(currentSolo.current_solo_start).add(newDuration, "days").toDate(),
+                },
+                {
+                    transaction: transaction,
+                }
+            );
         } else {
             // If solo_start != NULL, then the solo is inactive and the new days have to be calculated (newDuration, for example, isn't correct! It's start_date + Number(body.solo_duration)
             // Else we'll add the entire solo duration to the length again :).
-            await currentSolo.update({
-                created_by: response.locals.user.id,
-                solo_used: newDuration,
-                current_solo_start: dayjs.utc(body.solo_start).toDate(),
-                current_solo_end: dayjs.utc(body.solo_start).add(Number(body.solo_duration), "days").toDate(),
-            }, {
-                transaction: transaction
-            });
+            await currentSolo.update(
+                {
+                    created_by: response.locals.user.id,
+                    solo_used: newDuration,
+                    current_solo_start: dayjs.utc(body.solo_start).toDate(),
+                    current_solo_end: dayjs.utc(body.solo_start).add(Number(body.solo_duration), "days").toDate(),
+                },
+                {
+                    transaction: transaction,
+                }
+            );
         }
 
         const returnUser = await User.findOne({
@@ -196,7 +208,7 @@ async function extendSolo(request: Request, response: Response, next: NextFuncti
     try {
         const body = request.body as { trainee_id: string };
         Validator.validate(body, {
-            trainee_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            trainee_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
         // Check the user has had a training in the last 20 days.
@@ -214,7 +226,7 @@ async function extendSolo(request: Request, response: Response, next: NextFuncti
 
         let cpt_planned = false;
         let training_last_20_days = false;
-        for (const trainingSession of (user?.training_sessions ?? [])) {
+        for (const trainingSession of user?.training_sessions ?? []) {
             if (
                 trainingSession.date != null &&
                 trainingSession.date > dayjs.utc().subtract(20, "days").startOf("day").toDate() &&
@@ -268,22 +280,22 @@ async function deleteSolo(request: Request, response: Response, next: NextFuncti
         const body = request.body as { trainee_id: string; solo_id: string };
         Validator.validate(body, {
             trainee_id: [ValidationTypeEnum.NON_NULL],
-            solo_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER]
+            solo_id: [ValidationTypeEnum.NON_NULL, ValidationTypeEnum.NUMBER],
         });
 
         const solo = await UserSolo.findOne({
             where: {
                 id: body.solo_id,
             },
-            transaction: transaction
+            transaction: transaction,
         });
 
         // 1. Delete all endorsements that are linked to the solo.
         await EndorsementGroupsBelongsToUsers.destroy({
             where: {
                 solo_id: body.solo_id,
             },
-            transaction: transaction
+            transaction: transaction,
         });
 
         // 2. Delete the VATEUD Core Solo
@@ -293,7 +305,7 @@ async function deleteSolo(request: Request, response: Response, next: NextFuncti
             where: {
                 id: body.solo_id,
             },
-            transaction: transaction
+            transaction: transaction,
         });
 
         const returnUser = await User.findOne({

diff --git a/backend/src/controllers/training-log/TrainingLogController.ts b/backend/src/controllers/training-log/TrainingLogController.ts
@@ -28,7 +28,7 @@ async function getByUUID(request: Request, response: Response, next: NextFunctio
             return;
         }
 
-        if (!await trainingLog.userCanRead(user)) {
+        if (!(await trainingLog.userCanRead(user))) {
             throw new ForbiddenException("You are not permitted to view this training log.");
         }
 

diff --git a/backend/src/controllers/training-request/TrainingRequestController.ts b/backend/src/controllers/training-request/TrainingRequestController.ts
@@ -72,7 +72,7 @@ async function destroy(request: Request, response: Response, next: NextFunction)
         const body = request.body as { uuid: string };
 
         Validator.validate(body, {
-            uuid: [ValidationTypeEnum.NON_NULL]
+            uuid: [ValidationTypeEnum.NON_NULL],
         });
 
         const trainingRequest: TrainingRequest | null = await TrainingRequest.findOne({
@@ -187,7 +187,7 @@ async function getByUUID(request: Request, response: Response, next: NextFunctio
             ],
         });
 
-        if (!await trainingRequest?.canUserView(user)) {
+        if (!(await trainingRequest?.canUserView(user))) {
             throw new ForbiddenException("You are not allowed to view this training request");
         }
 
@@ -220,7 +220,7 @@ async function confirmInterest(request: Request, response: Response, next: NextF
         const trainingRequest = await TrainingRequest.findOne({
             where: {
                 uuid: trainingRequestUUID,
-                user_id: user.id
+                user_id: user.id,
             },
         });