UNPKG

openhim-core

Version:

The OpenHIM core application that provides logging and routing of http requests

openhim.org

jembi/openhim-core-js

139 lines (112 loc) 4.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Client = require('../model/clients').Client Q = require 'q' logger = require 'winston' authorisation = require './authorisation' utils = require '../utils' ### # Adds a client ### exports.addClient = () -> # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to addClient denied.", 'info' return clientData = this.request.body try client = new Client clientData result = yield Q.ninvoke client, 'save' logger.info "User #{this.authenticated.email} created client with id #{client.id}" this.body = 'Client successfully created' this.status = 201 catch e logger.error "Could not add a client via the API: #{e.message}" this.body = e.message this.status = 400 ### # Retrieves the details of a specific client ### exports.getClient = (clientId, property) -> projectionRestriction = null # if property - Setup client projection and bypass authorization if typeof property is 'string' if property is 'clientName' projectionRestriction = _id: 0 name: 1 else utils.logAndSetResponse this, 404, "The property (#{property}) you are trying to retrieve is not found.", 'info' return else # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to findClientById denied.", 'info' return clientId = unescape clientId try result = yield Client.findById(clientId, projectionRestriction).exec() if result is null utils.logAndSetResponse this, 404, "Client with id #{clientId} could not be found.", 'info' else this.body = result catch e logger.error "Could not find client by id #{clientId} via the API: #{e.message}" this.body = e.message this.status = 500 exports.findClientByDomain = (clientDomain) -> # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to findClientByDomain denied.", 'info' return clientDomain = unescape clientDomain try result = yield Client.findOne(clientDomain: clientDomain).exec() if result is null utils.logAndSetResponse this, 404, "Could not find client with clientDomain #{clientDomain}", 'info' else this.body = result catch e logger.error "Could not find client by client Domain #{clientDomain} via the API: #{e.message}" this.body = e.message this.status = 500 exports.updateClient = (clientId) -> # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to updateClient denied.", 'info' return clientId = unescape clientId clientData = this.request.body # Ignore _id if it exists, a user shouldn't be able to update the internal id delete clientData._id if clientData._id try yield Client.findByIdAndUpdate(clientId, clientData).exec() logger.info "User #{this.authenticated.email} updated client with id #{clientId}" this.body = 'Successfully updated client.' catch e logger.error "Could not update client by ID #{clientId} via the API: #{e.message}" this.body = e.message this.status = 500 exports.removeClient = (clientId) -> # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to removeClient denied.", 'info' return clientId = unescape clientId try yield Client.findByIdAndRemove(clientId).exec() this.body = "Successfully removed client with ID #{clientId}" logger.info "User #{this.authenticated.email} removed client with id #{clientId}" catch e logger.error "Could not remove client by ID #{clientId} via the API: #{e.message}" this.body = e.message this.status = 500 exports.getClients = () -> # Test if the user is authorised if not authorisation.inGroup 'admin', this.authenticated utils.logAndSetResponse this, 403, "User #{this.authenticated.email} is not an admin, API access to getClients denied.", 'info' return try this.body = yield Client.find().exec() catch e logger.error "Could not fetch all clients via the API: #{e.message}" this.message = e.message this.status = 500