Add PermissionRequest schema and API for LED sign access requests#1972
Add PermissionRequest schema and API for LED sign access requests#1972Embotic-Wayne wants to merge 12 commits intodevfrom
Conversation
Embotic-Wayne
commented
Dec 27, 2025
Embotic-Wayne
commented
- added mongodb schema for user id, type, and when its deleted (excluding duplicates)
- new api to create, read, and delete permission requests sent by members
- unit tests to validate their behavior
There was a problem hiding this comment.
we can remove this, we have the PermissionRequestSchema.index to take care of this
There was a problem hiding this comment.
i know they will be a 1 to 1 mapping, we will use the values when we create new data though
| enum: Object.keys(PermissionRequestTypes), | |
| enum: Object.values(PermissionRequestTypes), |
There was a problem hiding this comment.
instead of { unique: true } can it be
{
unique: true,
partialFilterExpression: { deletedAt: null }
}that way we dont index deleted records
There was a problem hiding this comment.
we can also return an empty 200, unless we want to do something with this data in the frontend after submitting
There was a problem hiding this comment.
we have CONFLICT instead of BAD_REQUEST
we can send that and no text back, since conflict implies something exists
There was a problem hiding this comment.
how about / returns everything, up to you
There was a problem hiding this comment.
can we consolidate both endpoints into one /
the endpoint can either take a parameter like userId, or nothing
if we didnt pass any filters in, return everything if the user is an officer or higher
if we passed in a user id, return the data if
- the user is less than an officer and its their own user id.
- the user is an officer or higher
There was a problem hiding this comment.
sorry how about this
if the user is not an officer, dont listen to any id they send them, and just use decoded.token._id.toString() as what to query for
There was a problem hiding this comment.
| return res.status(BAD_REQUEST).send({ error: 'Invalid type' }); | |
| return res.status(BAD_REQUEST).send({ error: `${type} is an invalid type, try ${Object.keys(PermissionRequestTypes)}` }); |
There was a problem hiding this comment.
lets do this like below, also before this, lets make sure _id is set, and if it isnt, use the decoded.token._id
let idToUse = _id;
if (decoded.token.accessLevel < membershipState.OFFICER) {
idToUse = decoded.token._id;
}
const query = {
_id: idToUse,
type,
deletedAt: null,
};
const request = await PermissionRequest.findOne({
userId: decoded.token._id,
type,
deletedAt: null,
});| }); | ||
| } | ||
|
|
||
| if (!request) return res.sendStatus(NOT_FOUND); |
There was a problem hiding this comment.
are we sure if no record if found, it returns null? lets add a unit test to /delete to ensure 404 is returned when we search for an _id that doesnt exist
There was a problem hiding this comment.
| router.get('/get', async (req, res) => { | |
| router.get('/', async (req, res) => { |
| if (!isOfficer) { | ||
| query.userId = decoded.token._id.toString(); | ||
| } else { | ||
| if (queryUserId) { | ||
| query.userId = queryUserId; | ||
| } | ||
| } |
There was a problem hiding this comment.
this should also work
| if (!isOfficer) { | |
| query.userId = decoded.token._id.toString(); | |
| } else { | |
| if (queryUserId) { | |
| query.userId = queryUserId; | |
| } | |
| } | |
| if (queryUserId) { | |
| query.userId = queryUserId; | |
| } | |
| if (!isOfficer) { | |
| query.userId = decoded.token._id.toString(); | |
| } |
4 participants
