1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
import {
requireMonitor,
requireUser,
requireRole
} from '#api/middlewares/index.js';
import { UserType } from '#db/schemas/index.js';
import {
RouteDescription,
RouteMethod,
RouteMethodList
} from '#api/RouteDescription.js';
import { getUserById } from '#db/dbAccess/index.js';
import { SafeNSoundError } from '#util/error.js';
/**
* @type {RouteDescription}
*/
export const getBudgetByUserRoute = {
path: '/user/:id/budget',
methods: {
get: new RouteMethod({
middlewares: [requireMonitor],
description: 'Get the budget for a monitored user',
async method(req, res) {
if (req.user.type !== UserType.ADMIN) {
if (!req.user.monitoredUsers.includes(req.params.id))
throw new SafeNSoundError({
errCode: 'UNAUTHORIZED',
message:
"You do not have permission to access this user's budget."
});
}
const user = await getUserById(req.params.id);
res.send({ balance: user.balance });
}
})
}
};
/**
* @type {RouteDescription}
*/
export const addBudgetByUserRoute = {
path: '/user/:id/budget/add',
methods: {
get: new RouteMethod({
description: 'Add budget to a monitored user',
middlewares: [requireMonitor],
async method(req, res) {
if (req.user.type !== UserType.ADMIN) {
if (!req.user.monitoredUsers.includes(req.params.id))
throw new SafeNSoundError({
errCode: 'UNAUTHORIZED',
message:
"You do not have permission to add budget to this user's account."
});
}
const user = await getUserById(req.params.id);
const amount = parseFloat(req.query.amount);
if (isNaN(amount) || amount <= 0) {
throw new SafeNSoundError({
errCode: 'INVALID_AMOUNT',
message: 'Invalid amount specified.'
});
}
user.balance += amount;
await user.save();
res.send({ balance: user.balance });
}
})
}
};
/**
* @type {RouteDescription}
*/
export const userBudgetRoute = {
path: '/budget/@me',
methods: {
get: new RouteMethod({
middlewares: [requireUser],
async method(req, res) {
res.send({ currentBalance: req.user.balance });
}
})
}
};
|
