From 6e7fa64c1e4d6b60fd61d55faac0332e5019e891 Mon Sep 17 00:00:00 2001 From: Eric Fithian Date: Mon, 27 Nov 2023 18:23:28 -0700 Subject: [PATCH 1/2] finished admin eventrequests, violations routes --- backend/controllers/AdminController.js | 123 +++++++++++++++++++++++++ backend/index.js | 2 + backend/routes/AdminRouter.js | 30 ++++++ 3 files changed, 155 insertions(+) create mode 100644 backend/controllers/AdminController.js create mode 100644 backend/routes/AdminRouter.js diff --git a/backend/controllers/AdminController.js b/backend/controllers/AdminController.js new file mode 100644 index 0000000..904f083 --- /dev/null +++ b/backend/controllers/AdminController.js @@ -0,0 +1,123 @@ +const express = require('express'); +const db = require('../database'); + +const getEventRequests = async (req, res, next) => { + try { + const requests = await db.manyOrNone( + 'SELECT * FROM EventRequests WHERE event_id = $1', + [req.params.eventId], + ); + + if (requests.length) { + res.locals.data = requests; + next(); + } else { + res.status(404).json({message: 'No requests found for this event.'}); + } + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +}; + +const getAllEventRequests = async (req, res, next) => { + try { + const requests = await db.manyOrNone( + 'SELECT * FROM EventRequests', + ); + + if (requests.length) { + res.locals.data = requests; + next(); + } else { + res.status(404).json({message: 'No requests found for this event.'}); + } + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +const getViolations = async (req, res, next) => { + try { + const violations = await db.manyOrNone( + 'SELECT * FROM VendorViolations WHERE vendor_id = $1', + [req.params.vendorId], + ); + + if (violations.length) { + res.locals.data = violations; + next(); + } else { + res.status(404).json({message: 'No violations found for this vendor.'}); + } + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +const getAllViolations = async (req, res, next) => { + try { + const violations = await db.manyOrNone('SELECT * FROM VendorViolations'); + + if (violations.length) { + res.locals.data = violations; + next(); + } else { + res.status(404).json({message: 'No violations found.'}); + } + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +const createVendorViolation = async (req, res, next) => { + try { + await db.none( + 'INSERT INTO VendorViolations (vendor_id) VALUES ($1)', + [req.params.vendorId], + ); + next(); + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +const deleteVendorViolation = async (req, res, next) => { + try { + await db.none( + 'DELETE FROM VendorViolations WHERE violation_id = $1', + [req.params.violationId], + ); + next(); + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +const processEventRequest = async (req, res, next) => { + try { + await db.none( + 'UPDATE EventRequests SET approved = $1 WHERE request_id = $2', + [req.body.approved, req.params.requestId], + ); + next(); + } catch (err) { + console.error(err); + res.status(500).json({error: 'Internal Server Error'}); + } +} + +module.exports = { + getEventRequests, + getAllEventRequests, + getViolations, + getAllViolations, + createVendorViolation, + deleteVendorViolation, + processEventRequest, +}; \ No newline at end of file diff --git a/backend/index.js b/backend/index.js index 0d18039..5c566d5 100644 --- a/backend/index.js +++ b/backend/index.js @@ -18,8 +18,10 @@ app.use(express.json()); // Import router objects and direct the app to use them const VendorRouter = require('./routes/VendorRouter'); +const AdminRouter = require('./routes/AdminRouter'); app.use('/vendors', VendorRouter); +app.use('/admins', AdminRouter); app.get('/', (req, res) => { res.status(202).send('Hello World!'); diff --git a/backend/routes/AdminRouter.js b/backend/routes/AdminRouter.js new file mode 100644 index 0000000..3aadf1d --- /dev/null +++ b/backend/routes/AdminRouter.js @@ -0,0 +1,30 @@ +const express = require('express'); +const router = express.Router(); + +const { + getEventRequests, + getAllEventRequests, + getViolations, + getAllViolations, + createVendorViolation, + deleteVendorViolation, + processEventRequest, +} = require('../controllers/AdminController'); + +const sendSuccessResponse = require('../middleware/successResponse'); + +router.get('/events/requests/:eventId', getEventRequests, sendSuccessResponse); + +router.get('/events/requests', getAllEventRequests, sendSuccessResponse); + +router.get('/violations/:vendorId', getViolations, sendSuccessResponse); + +router.get('/violations', getAllViolations, sendSuccessResponse); + +router.put('events/requests/:requestId', processEventRequest, sendSuccessResponse); + +router.post('/violations/:vendorId', createVendorViolation, sendSuccessResponse); + +router.delete('/violations/:violationId', deleteVendorViolation, sendSuccessResponse); + +module.exports = router; \ No newline at end of file From fd4919cd55d699f4bfe7a17b04696a2aba7edee9 Mon Sep 17 00:00:00 2001 From: nh602 Date: Wed, 31 Jan 2024 05:21:09 +0000 Subject: [PATCH 2/2] Added route protection in admin router. --- backend/routes/AdminRouter.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/backend/routes/AdminRouter.js b/backend/routes/AdminRouter.js index 1a5168a..eb1d174 100644 --- a/backend/routes/AdminRouter.js +++ b/backend/routes/AdminRouter.js @@ -23,19 +23,19 @@ const { const sendSuccessResponse = require('../middleware/successResponse'); -router.get('/events/requests/:eventId', getEventRequests, sendSuccessResponse); +router.get('/events/requests/:eventId', verify('admin'), getEventRequests, sendSuccessResponse); -router.get('/events/requests', getAllEventRequests, sendSuccessResponse); +router.get('/events/requests', verify('admin'), getAllEventRequests, sendSuccessResponse); -router.get('/violations/:vendorId', getViolations, sendSuccessResponse); +router.get('/violations/:vendorId', verify('admin'), getViolations, sendSuccessResponse); -router.get('/violations', getAllViolations, sendSuccessResponse); +router.get('/violations', verify('admin'), getAllViolations, sendSuccessResponse); -router.put('events/requests/:requestId', processEventRequest, sendSuccessResponse); +router.put('events/requests/:requestId', verify('admin'), processEventRequest, sendSuccessResponse); -router.post('/violations/:vendorId', createVendorViolation, sendSuccessResponse); +router.post('/violations/:vendorId', verify('admin'), createVendorViolation, sendSuccessResponse); -router.delete('/violations/:violationId', deleteVendorViolation, sendSuccessResponse); +router.delete('/violations/:violationId', verify('admin'), deleteVendorViolation, sendSuccessResponse); router.post('/login', getAdminByEmail, signAdminToken, (req, res) => { res.status(200).json({status: 'success'});