Another pass

Author: david-rocca

src/controller/registry-user.controller/registry-user.controller.js

@@ -121,15 +121,33 @@ async function createUser (req, res, next) {
 }
 
 async function updateUser (req, res, next) {
-  try {
-    const userUUID = req.ctx.params.identifier
-    const userRepo = req.ctx.repositories.getBaseUserRepository()
-    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+  const session = await mongoose.startSession()
+  const userUUID = req.ctx.params.identifier
+  const userRepo = req.ctx.repositories.getBaseUserRepository()
+  const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+  const body = req.ctx.body
+  let result
 
-    await registryUserRepo.updateByUUID(userUUID, newUser)
-    const agt = setAggregateUserObj({ UUID: userUUID })
-    let result = await registryUserRepo.aggregate(agt)
-    result = result.length > 0 ? result[0] : null
+  try {
+    session.startTransaction()
+    try {
+      result = await userRepo.validateUser(body)
+      if (body?.role && typeof body?.role !== 'string') {
+        return res.status(400).json({ message: 'Parameters were invalid', details: [{ param: 'role', msg: 'Parameter must be a string' }] })
+      }
+      if (!result.isValid) {
+        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'User JSON schema validation FAILED.' }))
+        await session.abortTransaction()
+        return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
+      }
+      await userRepo.updateUserFull(userUUID, body, { session })
+      await session.commitTransaction()
+    } catch (error) {
+      await session.abortTransaction()
+      throw error
+    } finally {
+      await session.endSession()
+    }
 
     const payload = {
       action: 'update_registry_user',
@@ -190,29 +208,6 @@ async function deleteUser (req, res, next) {
   }
 }
 
-function setAggregateUserObj (query) {
-  return [
-    {
-      $match: query
-    },
-    {
-      $project: {
-        _id: false,
-        UUID: true,
-        user_id: true,
-        name: true,
-        org_affiliations: true,
-        cve_program_org_membership: true,
-        created: true,
-        created_by: true,
-        last_updated: true,
-        deactivation_date: true,
-        last_active: true
-      }
-    }
-  ]
-}
-
 module.exports = {
   ALL_USERS: getAllUsers,
   SINGLE_USER: getUser,

src/repositories/baseUserRepository.js

@@ -316,9 +316,58 @@ class BaseUserRepository extends BaseRepository {
     return deepRemoveEmpty(plainJavascriptRegistryUser)
   }
 
-  async updateUserFull () {
-    const baseOrgRepository = new BaseOrgRepository()
+  async updateUserFull (identifier, incomingUser, options = {}, isLegacyObject = false) {
     const legacyUserRepo = new UserRepository()
+
+    // Find registry user by UUID
+    const registryUser = await this.findUserByUUID(identifier, options)
+    if (!registryUser) {
+      throw new Error('Registry user not found')
+    }
+
+    // Find legacy user
+    const legacyUser = await legacyUserRepo.findOneByUUID(identifier)
+    if (!legacyUser) {
+      throw new Error('Legacy user not found')
+    }
+
+    let legacyObjectRaw
+    let registryObjectRaw
+
+    if (isLegacyObject) {
+      legacyObjectRaw = incomingUser
+      registryObjectRaw = this.convertRegistryToLegacy(incomingUser)
+    } else {
+      registryObjectRaw = incomingUser
+      legacyObjectRaw = this.convertRegistryToLegacy(incomingUser)
+    }
+
+    const updatedLegacyUser = _.merge(legacyUser, legacyObjectRaw)
+    const updatedRegistryUser = _.merge(registryUser, registryObjectRaw)
+
+    try {
+      await updatedLegacyUser.save({ options })
+      await updatedRegistryUser.save({ options })
+    } catch (error) {
+      throw new Error('Failed to update user')
+    }
+
+    if (isLegacyObject) {
+      const plain = updatedLegacyUser.toObject()
+      delete plain._id
+      delete plain.__v
+      delete plain.secret
+      return plain
+    }
+
+    // Retrieve updated registry user
+    const plainJsRegistryUser = updatedRegistryUser.toObject()
+    delete plainJsRegistryUser._id
+    delete plainJsRegistryUser.__v
+    delete plainJsRegistryUser.secret
+    delete plainJsRegistryUser.authority
+
+    return plainJsRegistryUser
   }
 
   async resetSecret (username, orgShortName, options = {}, isLegacyObject = false) {