Check parent/child relationship both ways (#238)

DanielBrierton · Wardormeur · commit b8216b78c5a9 · 2017-01-27T11:01:10.000Z
* Check parent/child relationship both ways
diff --git a/lib/users/is-parent-of.js b/lib/users/is-parent-of.js
@@ -12,7 +12,6 @@ function isParentOf (args, cb) {
   if(_.isUndefined(childrenId) && args.params.profile) childrenId = args.params.profile.userId;
   if(_.isUndefined(childrenId) && args.params.query) childrenId = args.params.query.userId;
   if(_.isUndefined(childrenId) && args.params.profileId) childrenProfileId = args.params.profileId;
-  var isParent = false;
   var getChildrenUserId = function (wfCb) {
     if (!childrenId && childrenProfileId) {
       seneca.act({role: 'cd-profiles', cmd: 'load', id: childrenProfileId}, function (err, profile) {
@@ -24,19 +23,37 @@ function isParentOf (args, cb) {
       wfCb();
     }
   };
+  // Checks relationship both ways - parent has child, and child has parent
   var checkChildrenBelongsToUser = function (wfCb) {
-    seneca.act({role: 'cd-profiles', cmd: 'load_user_profile', userId: userId},
-      function (err, user) {
-        if (err) {
-          seneca.log.error(seneca.customValidatorLogFormatter('cd-profiles', 'isParentOf', err, {userId: userId, childrenId: childrenId}));
-          return cb(null, {'allowed': false});
-        }
-        if (_.includes(user.children, childrenId )) isParent = true;
-        return cb(null, {'allowed': isParent});
-    });
+    async.parallel({
+      parentHasChild: function (done) {
+        seneca.act({role: 'cd-profiles', cmd: 'load_user_profile', userId: userId},
+          function (err, user) {
+            if (err) {
+              seneca.log.error(seneca.customValidatorLogFormatter('cd-profiles', 'isParentOf', err, {userId: userId, childrenId: childrenId}));
+              return done(null, false);
+            }
+            return done(null, _.includes(user.children, childrenId));
+        });
+      },
+      childHasParent: function (done) {
+        seneca.act({role: 'cd-profiles', cmd: 'load_user_profile', userId: childrenId},
+          function (err, user) {
+            if (err) {
+              seneca.log.error(seneca.customValidatorLogFormatter('cd-profiles', 'isParentOf', err, {userId: userId, childrenId: childrenId}));
+              return done(null, false);
+            }
+            return done(null, _.includes(user.parents, userId));
+        });
+      }
+    }, function (err, results) {
+      if (err) {
+        return cb(null, {'allowed': false});
+      }
+      return cb(null, {'allowed': results.parentHasChild && results.childHasParent});
+    })
   };
 
-  //  Could also check the opposite way, from child to Parent
   async.waterfall([
     getChildrenUserId,
     checkChildrenBelongsToUser
