added admin routes (#75)

server/api/controllers/AdminController.ts

@@ -0,0 +1,51 @@
+import {
+  ForbiddenError,
+  Get,
+  JsonController,
+  Params,
+  UseBefore,
+} from 'routing-controllers';
+import { Service } from 'typedi';
+import { AuthenticatedUser } from '../decorators/AuthenticatedUser';
+import { UserModel } from '../../models/UserModel';
+import {
+  GetFormResponse,
+  GetFormsResponse,
+} from '../../types/ApiResponses';
+import { UserAuthentication } from '../middleware/UserAuthentication';
+import { ResponseService } from '../../services/ResponseService';
+import { IdParam } from '../validators/GenericRequests';
+import PermissionsService from '../../services/PermissionsService';
+
+@JsonController('/admin')
+@Service()
+export class AdminController {
+  private responseService: ResponseService;
+
+  constructor(responseService: ResponseService) {
+    this.responseService = responseService;
+  }
+
+  @UseBefore(UserAuthentication)
+  @Get('/application/:id')
+  async getApplicationById(
+    @AuthenticatedUser() user: UserModel,
+    @Params() params: IdParam,
+  ): Promise<GetFormResponse> {
+    if (!PermissionsService.canViewAllApplications(user)) throw new ForbiddenError();
+
+    const response = await this.responseService.getApplicationById(params.id);
+    return { error: null, response: response };
+  }
+
+  @UseBefore(UserAuthentication)
+  @Get('/applications')
+  async getApplications(
+    @AuthenticatedUser() user: UserModel,
+  ): Promise<GetFormsResponse> {
+    if (!PermissionsService.canViewAllApplications(user)) throw new ForbiddenError();
+
+    const responses = await this.responseService.getAllApplications();
+    return { error: null, responses: responses };
+  }
+}

server/api/controllers/index.ts

@@ -1,4 +1,5 @@
+import { AdminController } from './AdminController';
 import { ResponseController } from './ResponseController';
 import { UserController } from './UserController';
 
-export const controllers = [UserController, ResponseController];
+export const controllers = [UserController, ResponseController, AdminController];

server/services/PermissionsService.ts

@@ -0,0 +1,9 @@
+import { Service } from 'typedi';
+import { UserModel } from '../models/UserModel';
+
+@Service()
+export default class PermissionsService {
+  public static canViewAllApplications(user: UserModel): boolean {
+    return user.isAdmin();
+  }
+}

server/services/ResponseService.ts

@@ -33,6 +33,14 @@ export class ResponseService {
     return response;
   }
 
+  private async getAllResponses(): Promise<ResponseModel[]> {
+    const responses = await this.transactionsManager.readOnly(
+      async (entityManager) =>
+        Repositories.response(entityManager).findAll(),
+    );
+    return responses;
+  }
+
   public async getUserResponseByUuid(
     user: UserModel,
     uuid: string,
@@ -55,6 +63,28 @@ export class ResponseService {
     return application;
   }
 
+  public async getApplicationById(uuid: string): Promise<ResponseModel> {
+    try {
+      const response = await this.transactionsManager.readOnly(
+        async (entityManager) =>
+          Repositories.response(entityManager).findByUuid(uuid),
+      );
+      if (!response || response.formType !== FormType.APPLICATION)
+        throw new NotFoundError('Application not found');
+      return response;
+    } catch (error) {
+      throw new NotFoundError('Application not found');
+    }
+  }
+
+  public async getAllApplications(): Promise<ResponseModel[]> {
+    const responses = await this.getAllResponses();
+    const applications = responses.filter(
+      (response) => response.formType === FormType.APPLICATION,
+    );
+    return applications;
+  }
+
   public async submitUserApplication(
     user: UserModel,
     application: Application,