Merge pull request #1562 from CVEProject/cb_1543_1544_registry_update_delete

Resolves #1543, #1544 - Refactored registry org update and delete endpoints to use base org repo

Author: david-rocca

src/controller/registry-org.controller/index.js

@@ -1,11 +1,9 @@
 const express = require('express')
 const router = express.Router()
 const mw = require('../../middleware/middleware')
-const errorMsgs = require('../../middleware/errorMessages')
-const { body, param, query } = require('express-validator')
+const { param, query } = require('express-validator')
 const controller = require('./registry-org.controller')
-const { parseGetParams, parsePostParams, parseDeleteParams, parseError, isOrgRole } = require('./registry-org.middleware')
-const { toUpperCaseArray, toLowerCaseArray, isFlatStringArray } = require('../../middleware/middleware')
+const { parseGetParams, parsePostParams, parseDeleteParams, parseError } = require('./registry-org.middleware')
 const getConstants = require('../../constants').getConstants
 const CONSTANTS = getConstants()
 
@@ -300,49 +298,17 @@ router.put('/registryOrg/:shortname',
     }
   }
   */
+  mw.useRegistry(),
   mw.validateUser,
   mw.onlySecretariat,
   param(['shortname']).isString().trim(),
-  body(['short_name']).isString().trim().notEmpty().isLength({ min: CONSTANTS.MIN_SHORTNAME_LENGTH, max: CONSTANTS.MAX_SHORTNAME_LENGTH }),
-  body(['long_name']).isString().trim().notEmpty(),
-  body(['cve_program_org_function']).isString().trim().default('CNA'),
-  body(['root_or_tlr']).default(false).isBoolean(),
-  body(['oversees']).default([]).isArray(),
-  body(
-    [
-      'charter_or_scope',
-      'disclosure_policy',
-      'product_list',
-      'reports_to',
-      'contact_info.poc',
-      'contact_info.poc_email',
-      'contact_info.poc_phone',
-      'contact_info.org_email',
-      'contact_info.website'
-    ])
-    .default('')
-    .isString(),
-  body(['authority.active_roles']).optional()
-    .custom(isFlatStringArray)
-    .customSanitizer(toUpperCaseArray)
-    .custom(isOrgRole),
-  body(['soft_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA),
-  body(['hard_quota']).optional().not().isArray().isInt({ min: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_min, max: CONSTANTS.MONGOOSE_VALIDATION.Org_policies_id_quota_max }).withMessage(errorMsgs.ID_QUOTA),
-  body(['contact_info.additional_contact_users']).optional()
-    .custom(isFlatStringArray),
-  body(['contact_info.admins']).optional()
-    .custom(isFlatStringArray),
-  body(['aliases']).optional()
-    .custom(isFlatStringArray)
-    .customSanitizer(toLowerCaseArray),
-  // TO-DO: validate users here once implemented
   parseError,
   parsePostParams,
-  parseGetParams,
   controller.UPDATE_ORG
 )
 
-router.delete('/registryOrg/:identifier',
+router.delete(
+  '/registryOrg/:identifier',
   /*
   #swagger.tags = ['Registry Organization']
   #swagger.operationId = 'deleteRegistryOrg'
@@ -413,17 +379,15 @@ router.delete('/registryOrg/:identifier',
     }
   }
   */
+  mw.useRegistry(),
   mw.validateUser,
-  // TODO: permissions
   mw.onlySecretariat,
   param(['identifier']).isString().trim(),
   parseError,
   parseDeleteParams,
   controller.DELETE_ORG
 )
 
-console.log(controller.USER_ALL)
-
 router.get('/registryOrg/:shortname/users',
   /*
   #swagger.tags = ['Registry User']

src/controller/registry-org.controller/registry-org.controller.js

@@ -1,7 +1,6 @@
 const mongoose = require('mongoose')
 const logger = require('../../middleware/logger')
 const { getConstants } = require('../../constants')
-const RegistryOrg = require('../../model/registry-org')
 const errors = require('./error')
 const error = new errors.RegistryOrgControllerError()
 const validateUUID = require('uuid').validate
@@ -196,96 +195,60 @@ async function createOrg (req, res, next) {
  */
 async function updateOrg (req, res, next) {
   try {
+    const session = await mongoose.startSession()
     const shortName = req.ctx.params.shortname
-    const userRepo = req.ctx.repositories.getRegistryUserRepository()
-    const registryOrgRepo = req.ctx.repositories.getRegistryOrgRepository()
+    const repo = req.ctx.repositories.getBaseOrgRepository()
+    const body = req.ctx.body
+    let updatedOrg
 
-    const org = await registryOrgRepo.findOneByShortName(shortName)
-    if (!org) {
-      logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization could not be updated in MongoDB because it does not exist.' })
-      return res.status(404).json(error.orgDnePathParam(shortName))
-    }
+    try {
+      session.startTransaction()
+      const org = await repo.findOneByShortName(shortName)
+      if (!org) {
+        logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization could not be updated because it does not exist.' })
+        await session.abortTransaction()
+        return res.status(404).json(error.orgDnePathParam(shortName))
+      }
 
-    const orgUUID = await registryOrgRepo.getOrgUUID(shortName)
-
-    const newOrg = new RegistryOrg()
-    newOrg.contact_info = { ...org.contact_info }
-
-    for (const k in req.ctx.query) {
-      const key = k.toLowerCase()
-
-      if (key === 'long_name') {
-        newOrg.long_name = req.ctx.query.long_name
-      } else if (key === 'short_name') {
-        newOrg.short_name = req.ctx.query.short_name
-      } else if (key === 'aliases') {
-        // TODO: handle aliases
-      } else if (key === 'cve_program_org_function') {
-        newOrg.cve_program_org_function = req.ctx.query.cve_program_org_function
-        // TODO: validate against enum?
-      } else if (key === 'authority') {
-        // TODO: handle active_roles
-      } else if (key === 'reports_to') {
-        // TODO: validate org
-      } else if (key === 'oversees') {
-        // TODO: validate orgs
-      } else if (key === 'root_or_tlr') {
-        newOrg.root_or_tlr = req.ctx.query.root_or_tlr
-      } else if (key === 'users') {
-        // TODO: validate users
-      } else if (key === 'charter_or_scope') {
-        newOrg.charter_or_scope = req.ctx.query.charter_or_scope
-      } else if (key === 'disclosure_policy') {
-        newOrg.disclosure_policy = req.ctx.query.disclosure_policy
-      } else if (key === 'product_list') {
-        newOrg.product_list = req.ctx.query.product_list
-      } else if (key === 'soft_quota') {
-        newOrg.soft_quota = req.ctx.query.soft_quota
-      } else if (key === 'hard_quota') {
-        newOrg.hard_quota = req.ctx.query.hard_quota
-      } else if (key === 'contact_info.additional_contact_users') {
-        // TODO: validate users
-      } else if (key === 'contact_info.poc') {
-        newOrg.contact_info.poc = req.ctx.query['contact_info.poc']
-      } else if (key === 'contact_info.poc_email') {
-        newOrg.contact_info.poc_email = req.ctx.query['contact_info.poc_email']
-      } else if (key === 'contact_info.poc_phone') {
-        newOrg.contact_info.poc_phone = req.ctx.query['contact_info.poc_phone']
-      } else if (key === 'contact_info.admins') {
-        // TODO: validate admins
-      } else if (key === 'contact_info.org_email') {
-        newOrg.contact_info.org_email = req.ctx.query['contact_info.org_email']
-      } else if (key === 'contact_info.website') {
-        newOrg.contact_info.website = req.ctx.query['contact_info.website']
+      const result = repo.validateOrg(body, { session })
+      if (!result.isValid) {
+        logger.error(JSON.stringify({ uuid: req.ctx.uuid, message: 'CVE JSON schema validation FAILED.' }))
+        await session.abortTransaction()
+        return res.status(400).json({ message: 'Parameters were invalid', errors: result.errors })
       }
+
+      // Check for duplicate short_name
+      if (body?.short_name !== shortName && await repo.orgExists(body?.short_name, { session })) {
+        logger.info({
+          uuid: req.ctx.uuid,
+          message: `${shortName} organization could not be updated because new short name ${body?.short_name} already exists.`
+        })
+        await session.abortTransaction()
+        return res.status(400).json(error.duplicateShortname(body?.short_name))
+      }
+
+      updatedOrg = await repo.updateOrgFull(shortName, body, { session })
+      await session.commitTransaction()
+    } catch (updateErr) {
+      await session.abortTransaction()
+      throw updateErr
+    } finally {
+      await session.endSession()
     }
 
-    await registryOrgRepo.updateByUUID(orgUUID, newOrg)
-    const agt = setAggregateOrgObj({ UUID: orgUUID })
-    let result = await registryOrgRepo.aggregate(agt)
-    result = result.length > 0 ? result[0] : null
+    const responseMessage = {
+      message: `${body?.short_name} organization was successfully updated.`,
+      updated: updatedOrg
+    }
 
     const payload = {
       action: 'update_registry_org',
-      change: result.short_name + ' was successfully updated.',
+      change: body?.short_name + ' was successfully updated.',
       req_UUID: req.ctx.uuid,
-      org_UUID: await registryOrgRepo.getOrgUUID(req.ctx.org),
-      user: result
+      org_UUID: await repo.getOrgUUID(req.ctx.org),
+      org: updatedOrg
     }
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
     logger.info(JSON.stringify(payload))
-
-    let msgStr = ''
-    if (Object.keys(req.ctx.query).length > 0) {
-      msgStr = result.short_name + ' was successfully updated.'
-    } else {
-      msgStr = 'No updates were specified for ' + result.short_name + '.'
-    }
-    const responseMessage = {
-      message: msgStr,
-      updated: result
-    }
-
     return res.status(200).json(responseMessage)
   } catch (err) {
     next(err)
@@ -306,28 +269,39 @@ async function updateOrg (req, res, next) {
  */
 async function deleteOrg (req, res, next) {
   try {
-    const userRepo = req.ctx.repositories.getUserRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const registryOrgRepo = req.ctx.repositories.getRegistryOrgRepository()
-    const orgUUID = req.ctx.params.identifier
+    const session = await mongoose.startSession()
+    const repo = req.ctx.repositories.getBaseOrgRepository()
+    const shortName = req.ctx.params.identifier
 
-    const org = await registryOrgRepo.findOneByUUID(orgUUID)
+    try {
+      session.startTransaction()
+      const org = await repo.findOneByShortName(shortName)
+      if (!org) {
+        logger.info({ uuid: req.ctx.uuid, message: shortName + ' organization could not be deleted because it does not exist.' })
+        await session.abortTransaction()
+        return res.status(404).json(error.orgDnePathParam(shortName))
+      }
+
+      await repo.deleteOrg(shortName, { session })
+      await session.commitTransaction()
+    } catch (deleteErr) {
+      await session.abortTransaction()
+      throw deleteErr
+    } finally {
+      await session.endSession()
+    }
 
-    await registryOrgRepo.deleteByUUID(orgUUID)
+    const responseMessage = {
+      message: `${shortName} organization was successfully deleted.`
+    }
 
     const payload = {
       action: 'delete_registry_org',
-      change: org.short_name + ' was successfully deleted.',
+      change: shortName + ' was successfully deleted.',
       req_UUID: req.ctx.uuid,
-      org_UUID: await orgRepo.getOrgUUID(req.ctx.org)
+      org_UUID: await repo.getOrgUUID(req.ctx.org)
     }
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
     logger.info(JSON.stringify(payload))
-
-    const responseMessage = {
-      message: org.short_name + ' was successfully deleted.'
-    }
-
     return res.status(200).json(responseMessage)
   } catch (err) {
     next(err)
@@ -489,38 +463,6 @@ async function createUserByOrg (req, res, next) {
   }
 }
 
-function setAggregateOrgObj (query) {
-  return [
-    {
-      $match: query
-    },
-    {
-      $project: {
-        _id: false,
-        UUID: true,
-        long_name: true,
-        short_name: true,
-        aliases: true,
-        cve_program_org_function: true,
-        authority: true,
-        reports_to: true,
-        oversees: true,
-        root_or_tlr: true,
-        users: true,
-        charter_or_scope: true,
-        disclosure_policy: true,
-        product_list: true,
-        soft_quota: true,
-        hard_quota: true,
-        contact_info: true,
-        in_use: true,
-        created: true,
-        last_updated: true
-      }
-    }
-  ]
-}
-
 module.exports = {
   ALL_ORGS: getAllOrgs,
   SINGLE_ORG: getOrg,