GEWIS / sudosos-backend / 22688682576

/**

 *  SudoSOS back-end API service.

 *  Copyright (C) 2026 Study association GEWIS

 *

 *  This program is free software: you can redistribute it and/or modify

 *  it under the terms of the GNU Affero General Public License as published

 *  by the Free Software Foundation, either version 3 of the License, or

 *  (at your option) any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU Affero General Public License for more details.

 *

 *  You should have received a copy of the GNU Affero General Public License

 *  along with this program.  If not, see <https://www.gnu.org/licenses/>.

 *

 *  @license

 */

/**

 * This is the module page of user-controller.

 *

 * @module users

 */

import { Response } from 'express';

import Policy from './policy';

import { RequestWithToken } from '../middleware/token-middleware';

import BaseUserRequest, {

  AddRoleRequest,

  CreateUserRequest,

  PatchUserTypeRequest,

  UpdateUserRequest,

} from './request/user-request';

import TokenHandler from '../authentication/token-handler';

import UpdatePinRequest from './request/update-pin-request';

  asUserResponse,

  parseGetFinancialMutationsFilters,

  parseGetUsersFilters,

  UserFilterParameters,

} from '../service/user-service';

import { AcceptTosRequest } from './request/accept-tos-request';

import UpdateLocalRequest from './request/update-local-request';

import UpdateNfcRequest from './request/update-nfc-request';

import UpdateKeyResponse from './response/update-key-response';

import { WaiveFinesRequest } from './request/debtor-request';

import { PatchUserSettingsRequest } from './request/user-request';

  /**

   * Reference to the token handler of the application.

   */

  private tokenHandler: TokenHandler;

  /**

   * Create a new user controller instance.

   * @param options - The options passed to the base controller.

   * @param tokenHandler

   */

  public constructor(

    options: BaseControllerOptions,

    tokenHandler: TokenHandler,

  ) {

  }

  /**

   * @inheritDoc

   */

  public getPolicy(): Policy {

      '/': {

        GET: {

            req.token.roles, 'get', 'all', 'User', ['id', 'firstName', 'lastName'],

          ),

          handler: this.getAllUsers.bind(this),

        },

        POST: {

          body: { modelName: 'CreateUserRequest' },

            req.token.roles, 'create', 'all', 'User', ['*'],

          ),

          handler: this.createUser.bind(this),

        },

      },

      '/usertype/:userType': {

        GET: {

            req.token.roles, 'get', 'all', 'User', ['id', 'firstName', 'lastName'],

          ),

          handler: this.getAllUsersOfUserType.bind(this),

        },

      },

      '/acceptTos': {

        POST: {

            req.token.roles, 'acceptToS', 'own', 'User', ['*'],

          ),

          handler: this.acceptToS.bind(this),

          body: { modelName: 'AcceptTosRequest' },

          restrictions: { acceptedTOS: false },

        },

      },

      '/nfc/:nfcCode': {

        GET: {

            req.token.roles, 'get', 'all', 'User', ['id', 'firstName', 'lastName'],

          ),

          handler: this.findUserNfc.bind(this),

        },

      },

      '/:id(\\d+)/authenticator/pin': {

        PUT: {

          body: { modelName: 'UpdatePinRequest' },

            req.token.roles, 'update', UserController.getRelation(req), 'Authenticator', ['pin'],

          ),

          handler: this.updateUserPin.bind(this),

        },

      },

      '/:id(\\d+)/authenticator/nfc': {

        PUT: {

          body: { modelName: 'UpdateNfcRequest' },

            req.token.roles, 'update', UserController.getRelation(req), 'Authenticator', ['nfcCode'],

          ),

          handler: this.updateUserNfc.bind(this),

        },

        DELETE: {

            req.token.roles, 'delete', UserController.getRelation(req), 'Authenticator', [],

          ),

          handler: this.deleteUserNfc.bind(this),

        },

      },

      '/:id(\\d+)/authenticator/key': {

        POST: {

            req.token.roles, 'update', UserController.getRelation(req), 'Authenticator', ['key'],

          ),

          handler: this.updateUserKey.bind(this),

        },

        DELETE: {

            req.token.roles, 'update', UserController.getRelation(req), 'Authenticator', ['key'],

          ),

          handler: this.deleteUserKey.bind(this),

        },

      },

      '/:id(\\d+)/authenticator/local': {

        PUT: {

          body: { modelName: 'UpdateLocalRequest' },

            req.token.roles, 'update', UserController.getRelation(req), 'Authenticator', ['password'],

          ),

          handler: this.updateUserLocalPassword.bind(this),

        },

      },

      '/:id(\\d+)': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'User', ['id', 'firstName', 'lastName'],

          ),

          handler: this.getIndividualUser.bind(this),

        },

        DELETE: {

            req.token.roles, 'delete', UserController.getRelation(req), 'User', ['*'],

          ),

          handler: this.deleteUser.bind(this),

        },

        PATCH: {

          body: { modelName: 'UpdateUserRequest' },

            req.token.roles, 'update', UserController.getRelation(req), 'User', UserController.getAttributes(req),

          ),

          handler: this.updateUser.bind(this),

        },

      },

      '/:id(\\d+)/members': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'User', ['id', 'firstName', 'lastName'],

          ),

          handler: this.getOrganMembers.bind(this),

        },

      },

      '/:id(\\d+)/products': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Product', ['*'],

          ),

          handler: this.getUsersProducts.bind(this),

        },

      },

      '/:id(\\d+)/roles': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Roles', ['*'],

          ),

          handler: this.getUserRoles.bind(this),

        },

        POST: {

            req.token.roles, 'create', UserController.getRelation(req), 'Roles', ['*'],

          ),

          handler: this.addUserRole.bind(this),

        },

      },

      '/:id(\\d+)/roles/:roleId(\\d+)': {

        DELETE: {

            req.token.roles, 'delete', UserController.getRelation(req), 'Roles', ['*'],

          ),

          handler: this.deleteUserRole.bind(this),

        },

      },

      '/:id(\\d+)/containers': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Container', ['*'],

          ),

          handler: this.getUsersContainers.bind(this),

        },

      },

      '/:id(\\d+)/pointsofsale': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'PointOfSale', ['*'],

          ),

          handler: this.getUsersPointsOfSale.bind(this),

        },

      },

      '/:id(\\d+)/transactions': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersTransactions.bind(this),

        },

      },

      '/:id(\\d+)/transactions/sales/report': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersSalesReport.bind(this),

        },

      },

      '/:id(\\d+)/transactions/sales/report/pdf': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersSalesReportPdf.bind(this),

        },

      },

      '/:id(\\d+)/transactions/purchases/report': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersPurchasesReport.bind(this),

        },

      },

      '/:id(\\d+)/transactions/purchases/report/pdf': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersPurchaseReportPdf.bind(this),

        },

      },

      '/:id(\\d+)/transactions/report': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersTransactionsReport.bind(this),

        },

      },

      '/:id(\\d+)/transfers': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transfer', ['*'],

          ),

          handler: this.getUsersTransfers.bind(this),

        },

      },

      '/:id(\\d+)/financialmutations': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transfer', ['*'],

          ) && this.roleManager.can(

            req.token.roles, 'get', UserController.getRelation(req), 'Transaction', ['*'],

          ),

          handler: this.getUsersFinancialMutations.bind(this),

        },

      },

      '/:id(\\d+)/deposits': {

        GET: {

            req.token.roles, 'get', UserController.getRelation(req), 'Transfer', ['*'],

          ),

          handler: this.getUsersProcessingDeposits.bind(this),

        },

      },

      '/:id(\\d+)/fines/waive': {

        POST: {

          handler: this.waiveUserFines.bind(this),

          body: { modelName: 'WaiveFinesRequest', allowBlankTarget: true },

        },

      },

      '/:id(\\d+)/wrapped': {

        GET: {

          handler: this.getUserWrapped.bind(this),

        },

        POST: {

          handler: this.computedWrapped.bind(this),

        },

      },

      '/:id(\\d+)/settings': {

        GET: {

          handler: this.getUserSettings.bind(this),

        },

        PATCH: {

          handler: this.patchUserSettings.bind(this),

          body: { modelName: 'PatchUserSettingsRequest', allowExtraProperties: false },

        },

      },

      '/:id(\\d+)/usertype': {

        PATCH: {

          handler: this.patchUserType.bind(this),

          body: { modelName: 'PatchUserTypeRequest', allowExtraProperties: false },

        },

      },

    };

  }

  /**

   * Function to determine which credentials are needed to GET

   *    'all' if user is not connected to User

   *    'organ' if user is connected to User via organ

   *    'own' if user is connected to User

   * @param req

   * @return whether User is connected to used token

   */

  static getRelation(req: RequestWithToken): string {

  }

  static getAttributes(req: RequestWithToken): string[] {

      }

    }

  }

  /**

   * Returns whether the token in the request is allowed to see the email field

   * of a User with the given relation (own/organ/all).

   */

  private async canSeeEmail(req: RequestWithToken, relation: string): Promise<boolean> {

  }

  /**

   * GET /users

   * @summary Get a list of all users

   * @operationId getAllUsers

   * @tags users - Operations of user controller

   * @security JWT

   * @param {integer} take.query - How many users the endpoint should return

   * @param {integer} skip.query - How many users should be skipped (for pagination)

   * @param {string} search.query - Filter based on first name, last name, nickname & email

   * @param {boolean} active.query - Filter based if the user is active

   * @param {boolean} ofAge.query - Filter based if the user is 18+

   * @param {integer} id.query - Filter based on user ID

   * @param {string} type.query - enum:MEMBER,ORGAN,VOUCHER,LOCAL_USER,LOCAL_ADMIN,INVOICE,AUTOMATIC_INVOICE - Filter based on user type.

   * @return {PaginatedUserResponse} 200 - A list of all users

   */

  public async getAllUsers(req: RequestWithToken, res: Response): Promise<void> {

    let take;

    let skip;

    let filters: UserFilterParameters;

    } catch (e) {

    }

      }

        _pagination: { take, skip, count },

        records,

      });

    } catch (error) {

    }

  }

  /**

   * GET /users/usertype/{userType}

   * @summary Get all users of user type

   * @operationId getAllUsersOfUserType

   * @tags users - Operations of user controller

   * @param {string} userType.path.required - The userType of the requested users

   * @security JWT

   * @param {integer} take.query - How many users the endpoint should return

   * @param {integer} skip.query - How many users should be skipped (for pagination)

   * @return {PaginatedUserResponse} 200 - A list of all users

   * @return {string} 404 - Nonexistent usertype

   */

  public async getAllUsersOfUserType(req: RequestWithToken, res: Response): Promise<void> {

    // If it does not exist, return a 404 error

    }

    } catch (error) {

    }

  }

  /**

   * PUT /users/{id}/authenticator/pin

   * @summary Put an users pin code

   * @operationId updateUserPin

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @param {UpdatePinRequest} request.body.required -

   *    The PIN code to update to

   * @security JWT

   * @return 204 - Update success

   * @return {string} 400 - Validation Error

   * @return {string} 404 - Nonexistent user id

   */

  public async updateUserPin(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

        updatePinRequest.pin.toString(), PinAuthenticator);

    } catch (error) {

    }

  }

  /**

   * PUT /users/{id}/authenticator/nfc

   * @summary Put a users NFC code

   * @operationId updateUserNfc

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @param {UpdateNfcRequest} request.body.required -

   *    The NFC code to update to

   * @security JWT

   * @return 204 - Update success

   * @return {string} 400 - Validation Error

   * @return {string} 404 - Nonexistent user id

   */

  public async updateUserNfc(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

        updateNfcRequest.nfcCode.toString(), NfcAuthenticator);

    } catch (error) {

    }

  }

  /**

   * DELETE /users/{id}/authenticator/nfc

   * @summary Delete a nfc code

   * @operationId deleteUserNfc

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @security JWT

   * @return 200 - Delete nfc success

   * @return {string} 400 - Validation Error

   * @return {string} 403 - Nonexistent user nfc

   * @return {string} 404 - Nonexistent user id

   */

  public async deleteUserNfc(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

    } catch (error) {

    }

  }

  /**

   * POST /users/{id}/authenticator/key

   * @summary POST an users update to new key code

   * @operationId updateUserKey

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @security JWT

   * @return {UpdateKeyResponse} 200 - The new key

   * @return {string} 400 - Validation Error

   * @return {string} 404 - Nonexistent user id

   */

  public async updateUserKey(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

        generatedKey, KeyAuthenticator);

    } catch (error) {

    }

  }

  /**

   * Delete /users/{id}/authenticator/key

   * @summary Delete a users key code

   * @operationId deleteUserKey

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @security JWT

   * @return  200 - Deletion succesfull

   * @return {string} 400 - Validation Error

   * @return {string} 404 - Nonexistent user id

   */

  public async deleteUserKey(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

    } catch (error) {

    }

  }

  /**

   * PUT /users/{id}/authenticator/local

   * @summary Put a user's local password

   * @operationId updateUserLocalPassword

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @param {UpdateLocalRequest} request.body.required -

   *    The password update

   * @security JWT

   * @return 204 - Update success

   * @return {string} 400 - Validation Error

   * @return {string} 404 - Nonexistent user id

   */

  public async updateUserLocalPassword(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

        updateLocalRequest.password, LocalAuthenticator);

    } catch (error) {

    }

  }

  /**

   * GET /users/{id}/members

   * @summary Get an organs members

   * @operationId getOrganMembers

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @param {integer} take.query - How many members the endpoint should return

   * @param {integer} skip.query - How many members should be skipped (for pagination)

   * @security JWT

   * @return {PaginatedUserResponse} 200 - All members of the organ

   * @return {string} 404 - Nonexistent user id

   * @return {string} 400 - User is not an organ

   */

  public async getOrganMembers(req: RequestWithToken, res: Response): Promise<void> {

    let take;

    let skip;

    } catch (e) {

    }

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

      }

        _pagination: { take, skip, count },

        records,

      });

    } catch (error) {

    }

  }

  /**

   * GET /users/{id}

   * @summary Get an individual user

   * @operationId getIndividualUser

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - userID

   * @security JWT

   * @return {UserResponse} 200 - Individual user

   * @return {string} 404 - Nonexistent user id

   */

  public async getIndividualUser(req: RequestWithToken, res: Response): Promise<void> {

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

      }

    } catch (error) {

    }

  }

  /**

   * POST /users

   * @summary Create a new user

   * @operationId createUser

   * @tags users - Operations of user controller

   * @param {CreateUserRequest} request.body.required -

   * The user which should be created

   * @security JWT

   * @return {UserResponse} 200 - New user

   * @return {string} 400 - Bad request

   */

  // eslint-disable-next-line class-methods-use-this

  public async createUser(req: RequestWithToken, res: Response): Promise<void> {

      }

    } catch (error) {

    }

  }

  /**

   * PATCH /users/{id}

   * @summary Update a user

   * @operationId updateUser

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @param {UpdateUserRequest} request.body.required - The user which should be updated

   * @security JWT

   * @return {UserResponse} 200 - New user

   * @return {string} 400 - Bad request

   */

  public async updateUser(req: RequestWithToken, res: Response): Promise<void> {

    }

    }

    }

    }

      // Get the user object if it exists

      // If it does not exist, return a 404 error

      }

        ...body,

      } as User;

    } catch (error) {

    }

  }

  /**

   * DELETE /users/{id}

   * @summary Delete a single user

   * @operationId deleteUser

   * @tags users - Operations of user controller

   * @param {integer} id.path.required - The id of the user

   * @security JWT

   * @return 204 - User successfully deleted

   * @return {string} 400 - Cannot delete yourself

   */

  public async deleteUser(req: RequestWithToken, res: Response): Promise<void> {