add validator of regex and authorization

OneCommunityGlobal · Oct 19, 2023 · 9a7bfb9 · 9a7bfb9
1 parent 0f5deed
commit 9a7bfb9
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 5 deletions.
diff --git a/src/controllers/teamController.js b/src/controllers/teamController.js
@@ -70,6 +70,15 @@ const teamcontroller = function (Team) {
         res.status(400).send('No valid records found');
         return;
       }
+
+      const canEditTeamCode = req.body.requestor.role === 'Owner'
+        || req.body.requestor.permissions?.frontPermissions.includes('editTeamCode');
+
+      if (!canEditTeamCode) {
+        res.status(403).send('You are not authorized to edit team code.');
+        return;
+      }
+
       record.teamName = req.body.teamName;
       record.isActive = req.body.isActive;
       record.teamCode = req.body.teamCode;
@@ -116,7 +125,7 @@ const teamcontroller = function (Team) {
         users.forEach((element) => {
           const { userId, operation } = element;
           // if user's profile is stored in cache, clear it so when you visit their profile page it will be up to date
-          if(cache.hasCache(`user-${userId}`)) cache.removeCache(`user-${userId}`);
+          if (cache.hasCache(`user-${userId}`)) cache.removeCache(`user-${userId}`);
 
           if (operation === 'Assign') {
             assignlist.push(userId);

diff --git a/src/models/team.js b/src/models/team.js
@@ -13,7 +13,18 @@ const team = new Schema({
       addDateTime: { type: Date, default: Date.now(), ref: 'userProfile' },
     },
   ],
-  teamCode: { type: 'String', default: '' },
+  teamCode: {
+    type: 'String',
+    default: '',
+    validate: {
+      validator(v) {
+        const teamCoderegex = /^([a-zA-Z]-[a-zA-Z]{3}|[a-zA-Z]{5})$/;
+        return teamCoderegex.test(v);
+      },
+      message:
+        'Please enter a code in the format of A-AAA or AAAAA',
+    },
+  },
 });
 
 module.exports = mongoose.model('team', team, 'teams');
diff --git a/src/models/userProfile.js b/src/models/userProfile.js
@@ -7,7 +7,7 @@ const bcrypt = require('bcryptjs');
 
 const SALT_ROUNDS = 10;
 const nextDay = new Date();
-nextDay.setDate(nextDay.getDate()+1);
+nextDay.setDate(nextDay.getDate() + 1);
 
 const userProfileSchema = new Schema({
   password: {
@@ -153,8 +153,19 @@ const userProfileSchema = new Schema({
   isVisible: { type: Boolean, default: false },
   weeklySummaryOption: { type: String },
   bioPosted: { type: String, default: 'default' },
-  isFirstTimelog: { type: Boolean, default: true},
-  teamCode: { type: String, default: '' },
+  isFirstTimelog: { type: Boolean, default: true },
+  teamCode: {
+    type: String,
+    default: '',
+    validate: {
+      validator(v) {
+        const teamCoderegex = /^([a-zA-Z]-[a-zA-Z]{3}|[a-zA-Z]{5})$/;
+        return teamCoderegex.test(v);
+      },
+      message:
+        'Please enter a code in the format of A-AAA or AAAAA',
+    },
+  },
   infoCollections: [
     {
  areaName: { type: String },