@plusscommunities/pluss-maintenance-aws 2.0.3-auth.0 → 2.0.3

package/createJob.js

@@ -5,7 +5,7 @@ const { getBody } = require("@plusscommunities/pluss-core-aws/helper");
 const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/generateJsonResponse");
 const addMaintenanceJob = require("./db/maintenance/addMaintenanceJob");
 const validateSiteAccess = require("@plusscommunities/pluss-core-aws/helper/auth/validateSiteAccess");
-const getUserPreviewFromHeader = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromHeader");
+const getUserPreviewFromReq = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromReq");
 const publishActivity = require("@plusscommunities/pluss-core-aws/db/activity/publishActivity");
 const sendJobEmail = require("./sendJobEmail");
 const logAnalyticsActivity = require("@plusscommunities/pluss-core-aws/db/analytics/logAnalyticsActivity");
@@ -19,7 +19,7 @@ module.exports.createJob = (event, context, callback) => {
       if (!authorised) {
         return callback(
           null,
-          generateJsonResponse(422, { fail: true, error: "not authorised" })
+          generateJsonResponse(403, { fail: true, error: "not authorised" })
         );
       }
       if (
@@ -28,13 +28,13 @@ module.exports.createJob = (event, context, callback) => {
         _.isUndefined(data.room) ||
         _.isUndefined(data.description)
       ) {
-        console.error("insufficient input -- maintenance request", data.userID);
+        console.error("insufficient input", data.userID);
         return callback(
           null,
           generateJsonResponse(422, { error: "Insufficient input" })
         );
       }
-      const user = await getUserPreviewFromHeader(event.headers.authkey);
+      const user = await getUserPreviewFromReq(event);
 
       addMaintenanceJob(
         user.id,
@@ -85,6 +85,7 @@ module.exports.createJob = (event, context, callback) => {
           null,
           generateJsonResponse(200, {
             success: true,
+            id,
             searchResult: id,
           })
         );

package/deleteJob.js

@@ -5,8 +5,8 @@ const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/ge
 const deleteRef = require("@plusscommunities/pluss-core-aws/db/common/deleteRef");
 const getRef = require("@plusscommunities/pluss-core-aws/db/common/getRef");
 const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
-const getUserPreviewFromHeader = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromHeader");
 const publishActivity = require("@plusscommunities/pluss-core-aws/db/activity/publishActivity");
+const getUserPreviewFromReq = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromReq");
 
 module.exports.deleteJob = (event, context, callback) => {
   init(config);
@@ -25,7 +25,7 @@ module.exports.deleteJob = (event, context, callback) => {
       console.error("Authorization not valid");
       callback(
         null,
-        generateJsonResponse(422, {
+        generateJsonResponse(403, {
           error: {
             message: "Authorization not valid.",
           },
@@ -47,7 +47,7 @@ module.exports.deleteJob = (event, context, callback) => {
       }
       deleteRef("maintenance", "id", data.id)
         .then(() => {
-          getUserPreviewFromHeader(event.headers.authkey).then((user) => {
+          getUserPreviewFromReq(event).then((user) => {
             publishActivity("DeleteMaintenanceJob", data.site, data.id, user, {
               title: result.title,
               description: result.description,

package/editJob.js

@@ -2,14 +2,14 @@ const _ = require("lodash");
 const config = require("./config.json");
 const { init } = require("@plusscommunities/pluss-core-aws/config");
 const { getBody } = require("@plusscommunities/pluss-core-aws/helper");
-const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
 const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/generateJsonResponse");
 const sendJobEmail = require("./sendJobEmail");
 const getRef = require("@plusscommunities/pluss-core-aws/db/common/getRef");
 const publishActivity = require("@plusscommunities/pluss-core-aws/db/activity/publishActivity");
-const getUserPreviewFromHeader = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromHeader");
 const editMaintenanceJob = require("./db/maintenance/editMaintenanceJob");
 const { getConfig } = require("@plusscommunities/pluss-core-aws/config");
+const hasRequestPermission = require("./requests/helper/hasRequestPermission");
+const getUserPreviewFromReq = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromReq");
 
 module.exports.editJob = (event, context, callback) => {
   init(config);
@@ -24,55 +24,50 @@ module.exports.editJob = (event, context, callback) => {
 
   getRef("maintenance", "id", data.job.id)
     .then((prevData) => {
-      validateMasterAuth(event, "maintenanceTracking", prevData.site).then(
-        (authorised) => {
-          if (!authorised) {
-            console.error("Authorization not valid");
-            return callback(
-              null,
-              generateJsonResponse(422, {
-                error: { message: "not authorized." },
-              })
-            );
-          }
-          getUserPreviewFromHeader(event.headers.authkey).then((user) => {
-            editMaintenanceJob(data.job)
-              .then((result) => {
-                if (!getConfig().maintenanceInstantComplete) {
-                  sendJobEmail(data.job, true);
-                  publishActivity(
-                    "EditMaintenanceJob",
-                    data.site,
-                    data.job.id,
-                    user,
-                    { title: result.title, description: result.description }
-                  );
-                }
-
-                return callback(
-                  null,
-                  generateJsonResponse(200, {
-                    success: true,
-                    job: result,
-                  })
-                );
-              })
-              .catch((error) => {
-                console.log(error);
-                console.error(
-                  "Failed to edit maintenance node -->",
-                  data.job.id
-                );
-                return callback(
-                  null,
-                  generateJsonResponse(422, {
-                    error,
-                  })
-                );
-              });
-          });
+      hasRequestPermission(event, prevData).then((authorised) => {
+        if (!authorised) {
+          console.error("Authorization not valid");
+          return callback(
+            null,
+            generateJsonResponse(422, {
+              error: { message: "not authorized." },
+            })
+          );
         }
-      );
+        getUserPreviewFromReq(event).then((user) => {
+          editMaintenanceJob(data.job)
+            .then((result) => {
+              if (!getConfig().maintenanceInstantComplete) {
+                sendJobEmail(data.job, true);
+                publishActivity(
+                  "EditMaintenanceJob",
+                  data.site,
+                  data.job.id,
+                  user,
+                  { title: result.title, description: result.description }
+                );
+              }
+
+              return callback(
+                null,
+                generateJsonResponse(200, {
+                  success: true,
+                  job: result,
+                })
+              );
+            })
+            .catch((error) => {
+              console.log(error);
+              console.error("Failed to edit maintenance node -->", data.job.id);
+              return callback(
+                null,
+                generateJsonResponse(422, {
+                  error,
+                })
+              );
+            });
+        });
+      });
     })
     .catch((error) => {
       console.log("Fail on edit job authentication");

package/editJobStatus.js

@@ -5,12 +5,12 @@ const { init } = require("@plusscommunities/pluss-core-aws/config");
 const { getBody } = require("@plusscommunities/pluss-core-aws/helper");
 const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/generateJsonResponse");
 const getRef = require("@plusscommunities/pluss-core-aws/db/common/getRef");
-const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
-const getUserPreviewFromHeader = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromHeader");
+const getUserPreviewFromReq = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromReq");
 const publishActivity = require("@plusscommunities/pluss-core-aws/db/activity/publishActivity");
 const publishNotifications = require("@plusscommunities/pluss-core-aws/db/notifications/publishNotifications");
 const editMaintenanceJob = require("./db/maintenance/editMaintenanceJob");
 const logAnalyticsActivity = require("@plusscommunities/pluss-core-aws/db/analytics/logAnalyticsActivity");
+const hasRequestPermission = require("./requests/helper/hasRequestPermission");
 
 module.exports.editJobStatus = async (event, context, callback) => {
   init(config);
@@ -18,16 +18,12 @@ module.exports.editJobStatus = async (event, context, callback) => {
 
   try {
     const job = await getRef("maintenance", "id", data.id);
-    const authorised = await validateMasterAuth(
-      event,
-      "maintenanceTracking",
-      job.site || job.location
-    );
+    const authorised = await hasRequestPermission(event, job);
     if (!authorised) {
       console.error("Authorization not valid");
       return callback(
         null,
-        generateJsonResponse(422, {
+        generateJsonResponse(403, {
           error: {
             message: "Authorization not valid.",
           },
@@ -35,7 +31,7 @@ module.exports.editJobStatus = async (event, context, callback) => {
       );
     }
 
-    const user = await getUserPreviewFromHeader(event.headers.authkey);
+    const user = await getUserPreviewFromReq(event);
 
     // Update history
     if (!job.history) job.history = [];

package/editNote.js

@@ -4,12 +4,12 @@ const moment = require("moment");
 const config = require("./config.json");
 const { init } = require("@plusscommunities/pluss-core-aws/config");
 const { getBody } = require("@plusscommunities/pluss-core-aws/helper");
-const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
 const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/generateJsonResponse");
 const getRef = require("@plusscommunities/pluss-core-aws/db/common/getRef");
 const updateRef = require("@plusscommunities/pluss-core-aws/db/common/updateRef");
 const publishActivity = require("@plusscommunities/pluss-core-aws/db/activity/publishActivity");
-const getUserPreviewFromHeader = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromHeader");
+const getUserPreviewFromReq = require("@plusscommunities/pluss-core-aws/helper/getUserPreviewFromReq");
+const hasRequestPermission = require("./requests/helper/hasRequestPermission");
 
 module.exports.editNote = (event, context, callback) => {
   init(config);
@@ -51,18 +51,18 @@ module.exports.editNote = (event, context, callback) => {
   }
 
   getRef("maintenance", "id", data.id).then((job) => {
-    validateMasterAuth(event, "maintenanceTracking", job.site)
+    hasRequestPermission(event, job)
       .then((authorised) => {
         if (!authorised) {
           console.error("Authorization not valid");
           return callback(
             null,
-            generateJsonResponse(422, {
+            generateJsonResponse(403, {
               error: { message: "not authorized." },
             })
           );
         }
-        getUserPreviewFromHeader(event.headers.authkey).then((user) => {
+        getUserPreviewFromReq(event).then((user) => {
           let activityAction = "";
           switch (data.action) {
             case "AddNote":
@@ -91,7 +91,7 @@ module.exports.editNote = (event, context, callback) => {
               if (!note) {
                 return callback(
                   null,
-                  generateJsonResponse(422, {
+                  generateJsonResponse(404, {
                     error: { message: "Note not found" },
                   })
                 );

package/feature.config.js

@@ -1,4 +1,8 @@
-exports.permissions = ["maintenanceTracking", "maintenanceTypes"];
+exports.permissions = [
+  "maintenanceTracking",
+  "maintenanceAssignment",
+  "maintenanceTypes",
+];
 
 exports.entity = {
   key: "maintenancerequest",
@@ -120,51 +124,6 @@ exports.serverless = {
       path: "requests/note",
       method: "post",
     },
-    {
-      name: "addTicket",
-      file: "ticketing/addTicket",
-      function: "addTicket",
-      memorySize: 256,
-      timeout: 10,
-      path: "tickets/add",
-      method: "post",
-    },
-    {
-      name: "editTicketStatus",
-      file: "ticketing/editTicketStatus",
-      function: "editTicketStatus",
-      memorySize: 256,
-      timeout: 10,
-      path: "tickets/status",
-      method: "post",
-    },
-    {
-      name: "deleteTicket",
-      file: "ticketing/deleteTicket",
-      function: "deleteTicket",
-      memorySize: 256,
-      timeout: 10,
-      path: "tickets/delete",
-      method: "post",
-    },
-    {
-      name: "getTickets",
-      file: "ticketing/getTickets",
-      function: "getTickets",
-      memorySize: 256,
-      timeout: 10,
-      path: "tickets/get",
-      method: "get",
-    },
-    {
-      name: "getTicket",
-      file: "ticketing/getTicket",
-      function: "getTicket",
-      memorySize: 256,
-      timeout: 10,
-      path: "tickets/get/{id}",
-      method: "get",
-    },
     {
       name: "getData",
       file: "getData",
@@ -174,6 +133,15 @@ exports.serverless = {
       path: "get/{action}",
       method: "get",
     },
+    {
+      name: "updateData",
+      file: "updateData",
+      function: "updateData",
+      memorySize: 256,
+      timeout: 10,
+      path: "update/{action}",
+      method: "post",
+    },
   ],
   triggers: [
     {

package/getData.js

@@ -1,91 +1,9 @@
-const indexQuery = require("@plusscommunities/pluss-core-aws/db/common/indexQuery");
 const config = require("./config.json");
 const { init } = require("@plusscommunities/pluss-core-aws/config");
 const { log } = require("@plusscommunities/pluss-core-aws/helper");
-const getSessionUser = require("@plusscommunities/pluss-core-aws/helper/auth/getSessionUser");
-const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
-const validateSiteAccess = require("@plusscommunities/pluss-core-aws/helper/auth/validateSiteAccess");
 const generateJsonResponse = require("@plusscommunities/pluss-core-aws/helper/generateJsonResponse");
-
-const getRequests = async (event) => {
-  const qParams = event.queryStringParameters;
-  const logId = log("getRequests", "Params", qParams);
-
-  // insufficient input
-  if (!qParams.site) {
-    return { status: 422, data: { error: "Insufficient input" } };
-  }
-  log("getRequests", "SufficientInput", true, logId);
-
-  // no access to site
-  const valid = await validateSiteAccess(event, qParams.site);
-  log("getRequests", "valid", valid, logId);
-  if (!valid) {
-    return { status: 403, data: { error: "Not authorised" } };
-  }
-
-  // check auth level to determine whether to fetch all requests or only matching requests
-  const authorised = await validateMasterAuth(
-    event,
-    "maintenanceTracking",
-    qParams.site
-  );
-  log("getRequests", "authorised", authorised, logId);
-  const userId = authorised
-    ? null
-    : await getSessionUser(event.headers.authkey);
-
-  log("getRequests", "userId", userId, logId);
-
-  const query = userId
-    ? {
-        IndexName: "MaintenanceSiteUserIdIndex",
-        KeyConditionExpression: "site = :site AND userID = :userId",
-        ExpressionAttributeValues: {
-          ":site": qParams.site,
-          ":userId": userId,
-        },
-      }
-    : {
-        IndexName: "MaintenanceSiteIndex",
-        KeyConditionExpression: "site = :site",
-        ExpressionAttributeValues: {
-          ":site": qParams.site,
-        },
-      };
-  log("getRequests", "query", query, logId);
-
-  // check whether pagination is applied
-  if (qParams.lastKey) {
-    try {
-      query.ExclusiveStartKey = JSON.parse(qParams.lastKey);
-    } catch (e) {}
-  }
-
-  // get jobs
-  const result = await indexQuery("maintenance", query);
-  let jobs = result.Items;
-
-  log("getRequests", "LastEvaluatedKey", result.LastEvaluatedKey, logId);
-  log("getRequests", "JobsLength", jobs.length, logId);
-
-  // filter on status
-  if (qParams.status) {
-    jobs = jobs.filter((j) => qParams.status.includes(j.status));
-    log("getRequests", "FilteredOnStatus", jobs.length, logId);
-  }
-
-  // filter on type
-  if (qParams.type) {
-    jobs = jobs.filter((j) => qParams.type.includes(j.type));
-    log("getRequests", "FilteredOnType", jobs.length, logId);
-  }
-
-  // compile results
-  const results = { Items: jobs, LastKey: result.LastEvaluatedKey };
-  log("getRequests", "Done", true, logId);
-  return { status: 200, data: results };
-};
+const getAssignees = require("./requests/getAssignees");
+const getRequests = require("./requests/getRequests");
 
 module.exports.getData = async (event, context, callback) => {
   init(config);
@@ -98,17 +16,26 @@ module.exports.getData = async (event, context, callback) => {
     switch (action) {
       case "requests":
         response = await getRequests(event);
-        log(action, "ResponseLength", response.data.Items.length, logId);
+        if (response.status === 200) {
+          log(action, "ResponseLength", response.data.Items.length, logId);
+        }
+        break;
+      case "assignees":
+        response = await getAssignees(event);
+        if (response.status === 200) {
+          log(action, "ResponseLength", response.data.Users.length, logId);
+        }
         break;
       default:
         break;
     }
   } catch (err) {
-    log(action, "InternalError", err, logId);
+    log(action, "InternalError", err.toString(), logId);
     if (!response) {
       response = { status: 500, data: { error: "Internal Error" } };
     }
   }
+  log(action, "ResponseStatus", response.status, logId);
 
   return callback(null, generateJsonResponse(response.status, response.data));
 };

package/getJob.js

@@ -6,6 +6,7 @@ const getRef = require("@plusscommunities/pluss-core-aws/db/common/getRef");
 const indexQuery = require("@plusscommunities/pluss-core-aws/db/common/indexQuery");
 const validateMasterAuth = require("@plusscommunities/pluss-core-aws/helper/auth/validateMasterAuth");
 const getSessionUser = require("@plusscommunities/pluss-core-aws/helper/auth/getSessionUser");
+const isValidAssignee = require("./requests/helper/isValidAssignee");
 
 module.exports.getJob = async (event, context, callback) => {
   init(config);
@@ -43,22 +44,27 @@ module.exports.getJob = async (event, context, callback) => {
         "maintenanceTracking",
         result.site
       );
-      if (!authorised) {
+      const assignAuthorised = await isValidAssignee(
+        event,
+        result.site,
+        result.AssigneeId
+      );
+      if (!authorised && !assignAuthorised) {
         // Check if the job belongs to the user
         const userId = await getSessionUser(event.headers.authkey);
         if (userId !== result.userID) {
           console.error("Authorization not valid");
           return callback(
             null,
-            generateJsonResponse(422, {
-              error: { message: "not authorized." },
+            generateJsonResponse(403, {
+              error: { message: "not authorised." },
             })
           );
         }
       }
       return callback(null, generateJsonResponse(200, result));
     } catch (error) {
-      callback(null, generateJsonResponse(422, { fail: true, error }));
+      callback(null, generateJsonResponse(422, { fail: true }));
     }
   } catch (error1) {
     return callback(