add confirmdeny (#69)

Author: d0w

app/config/swaggerconfig.js

@@ -225,7 +225,7 @@ const swaggerDefinition = {
           },
           "status": {
             "type": "string",
-            "enum": ["PENDING", "ACCEPTED", "WAITLISTED", "REJECTED"],
+            "enum": ["PENDING", "ACCEPTED", "WAITLISTED", "REJECTED", "CONFIRMED", "DECLINED"],
             "default": "PENDING",
             "description": "Current status of the application",
             "example": "PENDING"

app/constants/ApplicationStatus.js

@@ -3,6 +3,8 @@ const ApplicationStatus = {
   ACCEPTED: "ACCEPTED",
   REJECTED: "REJECTED",
   WAITLISTED: "WAITLISTED",
+  CONFIRMED: "CONFIRMED",
+  DECLINED: "DECLINED",
 }
 
 export default ApplicationStatus;

app/controllers/Application.controller.js

@@ -2,6 +2,7 @@ import prismaInstance from "../database/Prisma.js";
 import logger from "../utils/logger.js";
 import { uploadFileToAzure, deleteFileFromAzure, generateTemporaryUrl } from "../utils/azureStorage.js";
 import { transformApplicationData } from "../utils/formDataTransform.js";
+import ApplicationStatus from "../constants/ApplicationStatus.js";
 
 const prisma = prismaInstance;
 
@@ -221,6 +222,13 @@ export const updateApplication = async (req, res) => {
       });
     }
 
+    // have to check for status field since status can be updated only on certain conditions 
+    if (req.body.status) {
+      return res.status(400).json({
+        message: "Status field cannot be updated via this endpoint"
+      });
+    }
+
     const application = await prisma.application.findUnique({
       where: {
         id: req.params.id,
@@ -554,3 +562,71 @@ export const getResumeUrl = async (req, res) => {
     });
   }
 };
+
+export const confirmOrDenyApplication = async (req, res) => {
+  try {
+    if (!req.params.id) {
+      return res.status(400).json({
+        message: "Application id parameter is required"
+      });
+    }
+
+    const { status } = req.body;
+
+    if (!status || ![ApplicationStatus.CONFIRMED, ApplicationStatus.DECLINED].includes(status)) {
+      return res.status(400).json({
+        message: "Invalid status. Allowed values are 'CONFIRMED' or 'DECLINED'."
+      });
+    }
+
+    const application = await prisma.application.findUnique({
+      where: {
+        id: req.params.id,
+      }
+    });
+
+    if (!application) {
+      return res.status(404).json({
+        message: "Application not found"
+      });
+    }
+
+    // Authorization check - only the user who owns the application can update it
+    if (req.user.id !== application.userId) {
+      logger.warn(`Unauthorized attempt to update application status for id ${req.params.id}`);
+      return res.status(403).json({
+        message: "You are not authorized to update this application."
+      });
+    }
+
+
+    // Verify current status is "ACCEPTED"
+    if (application.status !== ApplicationStatus.ACCEPTED) {
+      return res.status(400).json({
+        message: "Application status must be 'ACCEPTED' to update to 'CONFIRMED' or 'DECLINED'."
+      });
+    }
+
+    const updatedApplication = await prisma.application.update({
+      where: {
+        id: req.params.id,
+      },
+      data: {
+        status: status,
+      }
+    });
+
+    logger.info(`Application status updated to '${status}' for application id ${req.params.id}`);
+    return res.status(200).json({
+      message: `Application status updated to '${status}' successfully.`,
+      application: updatedApplication,
+    });
+  } catch (error) {
+    logger.error('Error in confirmOrDenyApplication:', error);
+    return res.status(500).json({
+      message: "Something went wrong",
+      error: error.message,
+    });
+  }
+
+}

app/database/Prisma.js

@@ -61,7 +61,7 @@ const applicationSchema = z.object({
   whyBostonhacks: z.string().min(10, "Please provide a more detailed response"),
   applicationYear: z.number().int().min(2023).max(new Date().getFullYear() + 1),
   userId: z.string().uuid("Must be a valid user ID").readonly(),
-  status: StatusSchema.default(ApplicationStatus.PENDING).readonly(),
+  status: StatusSchema.default(ApplicationStatus.PENDING),
   resumeUrl: z.string("Resume URL must be valid").readonly(),
   authorizeMLHEmail: z.boolean().default(false),
 });
@@ -196,7 +196,6 @@ const applicationUpdateSchema = applicationSchema.omit({
   userId: true,
   applicationYear: true,
   id: true,
-  status: true
 }).partial().strict();
 const projectUpdateSchema = projectSchema.omit({
   id: true,

app/routes/Application.routes.js

@@ -5,6 +5,7 @@ import {
   updateApplication,
   getResumeUrl,
   deleteResume,
+  confirmOrDenyApplication
 } from "../controllers/Application.controller.js";
 import express from "express";
 import { verifyToken } from "../middleware/verifyToken.js";
@@ -353,4 +354,50 @@ router.get("/:id/resume/url", verifyToken, getResumeUrl);
  */
 router.delete("/:id/resume", verifyToken, deleteResume);
 
+
+/**
+ * @openapi
+ * 
+ * /application/{id}/confirmdeny:
+ *  put:
+ *      summary: Confirm or deny an application
+ *      description: Update the status of an application to either "CONFIRMED" or "DECLINED" only if the current status is "ACCEPTED". This is the only way a user can change their application status.
+ *      tags: [Application]
+ *      parameters:
+ *          - $ref: "#/components/parameters/access_token"
+ *          - in: path
+ *            name: id
+ *            description: Application id
+ *            required: true
+ *      requestBody:
+ *          required: true
+ *          content:
+ *              application/json:
+ *                  schema:
+ *                      type: object
+ *                      properties:
+ *                          status:
+ *                              type: string
+ *                              enum: [CONFIRMED, DECLINED]
+ *                              description: New status for the application
+ *      responses:
+ *          200:
+ *              description: Application successfully updated
+ *              content: 
+ *                  application/json:
+ *                      schema:
+ *                          $ref: "#/components/schemas/Application"
+ *          400:
+ *              description: Invalid input or application status not "ACCEPTED"
+ *          401:
+ *              $ref: "#/components/responses/401unauthorized"
+ *          403:
+ *              $ref: "#/components/responses/403forbidden"
+ *          404:
+ *              description: Application not found
+ *          500:
+ *              $ref: "#/components/responses/500internalservererror"
+ */
+router.put("/:id/confirmdeny", verifyToken, confirmOrDenyApplication);
+
 export default router;

prisma/migrations/20250911234212_app_confirmation/migration.sql

@@ -0,0 +1,10 @@
+-- AlterEnum
+-- This migration adds more than one value to an enum.
+-- With PostgreSQL versions 11 and earlier, this is not possible
+-- in a single migration. This can be worked around by creating
+-- multiple migrations, each migration adding only one value to
+-- the enum.
+
+
+ALTER TYPE "Status" ADD VALUE 'CONFIRMED';
+ALTER TYPE "Status" ADD VALUE 'DECLINED';

prisma/schema.prisma

@@ -139,6 +139,8 @@ enum Status {
   ACCEPTED
   WAITLISTED
   REJECTED
+  CONFIRMED
+  DECLINED
 }
 
 enum AuthProvider {