feat(user): Stabilize partner administration

cli/index.js

@@ -1,7 +1,7 @@
 const { mongodb } = require('config');
 const mongoose = require('mongoose');
 
-const User = require('../server/users/models/user');
+const User = require('../server/users/models/user.model');
 
 mongoose.Promise = global.Promise;
 
@@ -17,7 +17,8 @@ mongoose.connect(`mongodb://${userPart}${mongodb.host}:${mongodb.port}/${mongodb
         'tech',
         'business',
         'hr',
-        'staff',
+        'com',
+        'finance',
         'board',
       ],
     });

docs/endpoint-users.md

@@ -36,12 +36,12 @@ Retrieve the whole collection of users. Accepts the following filter params:
 
 ## `POST /users`
 
-Creates a new user. Requires to specify at least one valid role in: tech, hr, staff, business and board.
-Also requires to have either hr or staff in logged user roles to perform request.
+Creates a new user. Requires to specify at least one valid role in: tech, hr, finance, com, business and board.
+Also requires to have either hr or board in logged user roles to perform request.
 
 #### Requires
 
-- Role: `rh` or `staff`
+- Role: `rh` or `board`
 - Scope: `users:create`
 
 #### Request payload
@@ -53,7 +53,7 @@ Also requires to have either hr or staff in logged user roles to perform request
   "email": String,              // required
   "fallbackEmail": String,
   "description": String,
-  "plainPassword": String       // required
+  "plainPassword": String,      // required
   "roles": [String]             // required
 }
 ```
@@ -101,11 +101,11 @@ Retrieve a user.
 ## `PUT /users/{id}`
 
 Updates a user. Connected user can edit himself.
-To edit user roles, connected user requires either hr or staff in his roles.
+To edit user roles, connected user requires either hr or board in his roles.
 
 #### Requires
 
-- Role: `rh` or `staff`
+- Role: `rh` or `board`
 - Scope: `users:modify` or `profile:modify` if self editing
 
 #### Request payload
@@ -117,18 +117,18 @@ To edit user roles, connected user requires either hr or staff in his roles.
   "email": String,
   "fallbackEmail": String,
   "description": String,
-  "roles": [String]         // requires hr/staff role
+  "roles": [String]         // requires hr/board role
 }
 ```
 
 ## `DELETE /users/{id}`
 
 Deletes an user.
-To delete a user, connected user requires either hr or staff in his roles.
+To delete a user, connected user requires either hr or board in his roles.
 
 #### Requires
 
-- Role: `rh` or `staff`
+- Role: `rh` or `board`
 - Scope: `users:delete`
 
 #### Request payload

server/dashboard/assets/css/dashboard.css

@@ -38,3 +38,7 @@
   z-index: 4;
   text-transform: capitalize;
 }
+
+.mdl-button--danger {
+  color: red;
+}

server/dashboard/layouts/default.hbs

@@ -39,7 +39,7 @@
         <span class="mdl-layout-title">LvConnect</span>
         <nav class="mdl-navigation">
           <a class="mdl-navigation__link" href="/dashboard">Overview</a>
-          <a class="mdl-navigation__link" href="/dashboard/users">Users</a>
+          <a class="mdl-navigation__link" href="/dashboard/users">Partners</a>
           <a class="mdl-navigation__link" href="/dashboard/apps">Applications</a>
         </nav>
       </div>

server/dashboard/middlewares/index.js

@@ -6,9 +6,11 @@ function hasRoleInList(roles) {
     method(request, reply) {
       const user = request.auth.credentials;
       const hasGivenRole = _.some(roles, role => _.includes(user.roles.some, role));
+      console.log('#######', hasGivenRole);
 
-      return (!hasGivenRole) ? reply.view('403') : reply(null, true);
+      return !hasGivenRole ? reply.view('403').takeover() : reply(null, true);
     },
+    assign: 'hasRole',
   };
 }
 

server/dashboard/routes/delete-app.js

@@ -5,20 +5,7 @@ module.exports = {
   handler(req, res) {
     const { Application } = req.server.plugins.oauth.models;
 
-    Application.findOne({ _id: req.params.id })
-      .remove()
-      .then(() => {
-        Application
-          .find()
-          .select('-appSecret')
-          .sort('appId')
-          .then((apps) => {
-            res.view('get-apps', {
-              pageTitle: 'Applications',
-              user: req.auth.credentials,
-              apps,
-            });
-          });
-      });
+    return Application.remove({ _id: req.params.id })
+      .then(() => res.redirect('/dashboard/apps'));
   },
 };

server/dashboard/routes/delete-user.js

@@ -0,0 +1,16 @@
+const { hasRoleInList } = require('../middlewares');
+
+module.exports = {
+  method: 'GET',
+  path: '/dashboard/users/{id}/delete',
+  config: {
+    pre: [hasRoleInList(['rh', 'board'])],
+    auth: 'session',
+  },
+  handler(req, res) {
+    const { User } = req.server.plugins.users.models;
+
+    return User.remove({ _id: req.params.id })
+      .then(() => res.redirect('/dashboard/users'));
+  },
+};

server/dashboard/routes/get-edit-user.js

@@ -5,7 +5,7 @@ module.exports = {
   method: 'GET',
   path: '/dashboard/users/{user}/edit',
   config: {
-    pre: [hasRoleInList(['rh', 'staff'])],
+    pre: [hasRoleInList(['rh', 'board'])],
     auth: 'session',
   },
   handler(req, res) {
@@ -16,10 +16,11 @@ module.exports = {
       .exec()
       .then((user) => {
         if (!user) return res.view('404');
-        return res.view('edit-user', {
+        return res.view('create-user', {
           pageTitle: 'Edit partner',
           userData: user,
           validRoles,
+          editMode: true,
         });
       })
       .catch(res);

server/dashboard/routes/get-user.js

@@ -13,7 +13,7 @@ module.exports = {
         return res.view('get-user', {
           pageTitle: `${user.firstName} ${user.lastName}`,
           userData: user,
-          adminRoles: ['rh', 'staff'],
+          adminRoles: ['rh', 'board'],
         });
       })
       .catch(res);

server/dashboard/routes/get-users.js

@@ -13,7 +13,7 @@ module.exports = {
         res.view('get-users', {
           pageTitle: 'Users list',
           users,
-          adminRoles: ['rh', 'staff'],
+          adminRoles: ['rh', 'board'],
         });
       });
   },

server/dashboard/routes/index.js

@@ -5,6 +5,7 @@ const getCreateUser = require('./get-create-user');
 const postCreateUser = require('./post-create-user');
 const getEditUser = require('./get-edit-user');
 const postEditUser = require('./post-edit-user');
+const deleteUser = require('./delete-user');
 const getAssets = require('./get-assets');
 const getApplications = require('./get-apps');
 const getCreateApplication = require('./get-create-app');
@@ -21,6 +22,7 @@ module.exports = [
   postCreateUser,
   getEditUser,
   postEditUser,
+  deleteUser,
   getAssets,
   getApplications,
   getCreateApplication,

server/dashboard/routes/post-create-user.js

@@ -7,7 +7,7 @@ module.exports = {
   method: 'POST',
   path: '/dashboard/users/create',
   config: {
-    pre: [hasRoleInList(['rh', 'staff'])],
+    pre: [hasRoleInList(['rh', 'board'])],
     auth: 'session',
     validate: {
       payload: Joi.object().keys({
@@ -24,10 +24,9 @@ module.exports = {
         plainPasswordCheck: Joi.string().required(),
       }),
       failAction: (req, res, src, error) => {
-        req.server.log('info', error);
         res.view('create-user', {
           pageTitle: 'Add new partner',
-          newUser: req.payload,
+          userData: req.payload,
           validRoles,
           error,
         });
@@ -57,10 +56,9 @@ module.exports = {
         res.redirect('/dashboard/users');
       })
       .catch((error) => {
-        req.server.log('error', error);
         res.view('create-user', {
           pageTitle: 'Add new partner',
-          newUser: body,
+          userData: body,
           validRoles,
           error,
         });

server/dashboard/routes/post-edit-app.js

@@ -17,13 +17,12 @@ module.exports = {
         req.server.log('info', error);
         const { Application } = req.server.plugins.oauth.models;
 
-        /* TODO: handle form errors */
-        Application.findOne({ _id: req.params.id })
+        Application.findById(req.params.id)
           .then((app) => {
             res.view('create-app', {
               pageTitle: 'Edit app',
               app,
-              errors: error,
+              error,
               editMode: true,
               validScopes: req.server.plugins.oauth.validScopes,
             });
@@ -34,23 +33,28 @@ module.exports = {
   handler(req, res) {
     const { Application } = req.server.plugins.oauth.models;
 
-    Application.findOne({ _id: req.params.id })
-      .then(app => Object.assign(app, {
-        name: req.payload.name,
-        description: req.payload.description,
-        allowedScopes: req.payload.allowedScopes,
-        redirectUris: [req.payload.redirectUri],
-      }).save().catch(() => res.view('create-app', {
-        pageTitle: 'Edit app',
-        user: req.auth.credentials,
-        app,
-        editMode: true,
-        validScopes: req.server.plugins.oauth.validScopes,
-      })))
-      .then(() => res.redirect('/dashboard/apps'))
-      .catch(() => res.view('get-apps', {
-        pageTitle: 'Applications',
-        user: req.auth.credentials,
-      }));
+    Application.findById(req.params.id)
+      .then((app) => {
+        if (!app) {
+          return res.redirect('/dashboard/apps');
+        }
+
+        return Object
+          .assign(app, {
+            name: req.payload.name,
+            description: req.payload.description,
+            allowedScopes: req.payload.allowedScopes,
+            redirectUris: [req.payload.redirectUri],
+          })
+          .save()
+          .then(() => res.redirect('/dashboard/apps'))
+          .catch(() => res.view('create-app', {
+            pageTitle: 'Edit app',
+            user: req.auth.credentials,
+            app,
+            editMode: true,
+            validScopes: req.server.plugins.oauth.validScopes,
+          }));
+      });
   },
 };

server/dashboard/routes/post-edit-user.js

@@ -6,27 +6,25 @@ module.exports = {
   method: 'POST',
   path: '/dashboard/users/{user}/edit',
   config: {
-    pre: [hasRoleInList(['rh', 'staff'])],
+    pre: [hasRoleInList(['rh', 'board'])],
     auth: 'session',
     validate: {
       payload: Joi.object({
         firstName: Joi.string().min(2).required(),
         lastName: Joi.string().min(2).required(),
-        fallbackEmail: Joi.string().email().required(),
         description: Joi.string().empty('').max(255),
         roles: Joi.array().items(Joi.string().valid(validRoles)).single().min(1)
           .required(),
         githubHandle: Joi.string().allow(''),
         trelloHandle: Joi.string().allow(''),
       }),
-      failAction: (req, res, src, error) => {
-        res.view('edit-user', {
-          pageTitle: 'Edit partner',
-          userData: req.payload,
-          validRoles,
-          error,
-        });
-      },
+      failAction: (req, res, src, error) => res.view('create-user', {
+        pageTitle: 'Edit partner',
+        userData: req.payload,
+        validRoles,
+        error,
+        editMode: true,
+      }),
     },
   },
   handler(req, res) {
@@ -45,7 +43,7 @@ module.exports = {
         if (savedUser.trelloHandle && savedUser.thirdParty.trello !== 'success') {
           trelloOrgUserLink({ user: savedUser });
         }
-        res.redirect(`/dashboard/users/${userId}`);
+        return res.redirect(`/dashboard/users/${userId}`);
       })
       .catch(res);
   },