Implement Advice

o-seliuchenko · o-seliuchenko · commit 8702946d1301 · 2025-11-16T11:51:15.000+02:00
diff --git a/src/controllers/faqController.ts b/src/controllers/faqController.ts
@@ -1,14 +1,89 @@
 import { Request, Response } from 'express';
 import Faq from '../models/faqsModel.js';
 import { asyncHandler } from '../utils/asyncHandler.js';
-import { sendSuccess, sendCreated, sendNotFound } from '../utils/apiResponses.js';
+import { sendSuccess, sendCreated, sendNotFound, sendBadRequest, sendPaginatedSuccess } from '../utils/apiResponses.js';
+import { validateFaq } from '../schemas/faqSchema.js';
+import { ROLE_PREFIXES, ROLES } from '../constants/roles.js';
 
-// @desc    Get all FAQs
+// @desc    Get all FAQs with optional filtering and pagination
 // @route   GET /api/faqs
 // @access  Private
 export const getFaqs = asyncHandler(async (req: Request, res: Response) => {
-  const faqs = await Faq.find().sort('SortPosition').lean();
-  return sendSuccess(res, faqs);
+  const {
+    location,
+    search,
+    page = 1,
+    limit = 10,
+    sortBy = 'DocumentModifiedDate',
+    sortOrder = 'desc'
+  } = req.query;
+
+  const query: any = {};
+  const conditions: any[] = [];
+
+  // Get user auth claims for role-based filtering
+  const requestingUserAuthClaims = req.user?.AuthClaims || [];
+  // const userId = req.user?._id;
+  
+  // Role-based filtering
+  const isSuperAdmin = requestingUserAuthClaims.includes(ROLES.SUPER_ADMIN);
+  const isVolunteerAdmin = requestingUserAuthClaims.includes(ROLES.VOLUNTEER_ADMIN);
+  const isCityAdmin = requestingUserAuthClaims.includes(ROLES.CITY_ADMIN);
+
+  // CityAdmin: only see organisations from their cities
+  if (isCityAdmin && !isSuperAdmin && !isVolunteerAdmin) {
+    const cityAdminLocations = requestingUserAuthClaims
+      .filter(claim => claim.startsWith(ROLE_PREFIXES.CITY_ADMIN_FOR))
+      .map(claim => claim.replace(ROLE_PREFIXES.CITY_ADMIN_FOR, ''));
+    
+    if (cityAdminLocations.length > 0) {
+      conditions.push({ LocationKey: { $in: cityAdminLocations } });
+    }
+  }
+
+  // Apply search filter - search by Title or Body
+  if (search && typeof search === 'string') {
+    const searchTerm = search.trim();
+    conditions.push({
+      $or: [
+        { Title: { $regex: searchTerm, $options: 'i' } },
+        { Body: { $regex: searchTerm, $options: 'i' } }
+      ]
+    });
+  }
+
+  // Apply location filter
+  if (location && typeof location === 'string') {
+    conditions.push({ LocationKey: location });
+  }
+
+  // Combine all conditions with AND logic
+  if (conditions.length > 0) {
+    query.$and = conditions;
+  }
+
+  // Pagination
+  const skip = (Number(page) - 1) * Number(limit);
+
+  // Sort options
+  const sortOptions: any = {};
+  sortOptions[sortBy as string] = sortOrder === 'desc' ? -1 : 1;
+
+  const faqs = await Faq.find(query)
+    .sort(sortOptions)
+    .skip(skip)
+    .limit(Number(limit))
+    .lean();
+
+  // Get total count using the same query
+  const total = await Faq.countDocuments(query);
+
+  return sendPaginatedSuccess(res, faqs, {
+    page: Number(page),
+    limit: Number(limit),
+    total,
+    pages: Math.ceil(total / Number(limit))
+  });
 });
 
 // @desc    Get single FAQ by ID
@@ -22,27 +97,66 @@ export const getFaqById = asyncHandler(async (req: Request, res: Response) => {
   return sendSuccess(res, faq);
 });
 
-
 // @desc    Create new FAQ
 // @route   POST /api/faqs
 // @access  Private
 export const createFaq = asyncHandler(async (req: Request, res: Response) => {
-  const faq = await Faq.create(req.body);
+  // Validate the request data
+  const validation = validateFaq(req.body);
+  
+  if (!validation.success) {
+    const errorMessages = validation.errors.map(err => err.message).join(', ');
+    return sendBadRequest(res, `Validation failed: ${errorMessages}`);
+  }
+
+  if (!validation.data) {
+    return sendBadRequest(res, 'Validation data is missing');
+  }
+
+  // Add system fields
+  const faqData = {
+    ...validation.data,
+    CreatedBy: req.user?._id || req.body?.CreatedBy,
+    DocumentCreationDate: new Date(),
+    DocumentModifiedDate: new Date(),
+  };
+
+  const faq = await Faq.create(faqData);
   return sendCreated(res, faq);
 });
 
 // @desc    Update FAQ
 // @route   PUT /api/faqs/:id
 // @access  Private
 export const updateFaq = asyncHandler(async (req: Request, res: Response) => {
+  // Check if FAQ exists
+  const existingFaq = await Faq.findById(req.params.id);
+  if (!existingFaq) {
+    return sendNotFound(res, 'FAQ not found');
+  }
+
+  // Validate the request data
+  const validation = validateFaq(req.body);
+  
+  if (!validation.success) {
+    const errorMessages = validation.errors.map(err => err.message).join(', ');
+    return sendBadRequest(res, `Validation failed: ${errorMessages}`);
+  }
+
+  if (!validation.data) {
+    return sendBadRequest(res, 'Validation data is missing');
+  }
+
+  // Update FAQ with validated data
   const faq = await Faq.findByIdAndUpdate(
-    req.params.id, 
-    req.body, 
+    req.params.id,
+    {
+      ...validation.data,
+      DocumentModifiedDate: new Date()
+    },
     { new: true, runValidators: true }
   );
-  if (!faq) {
-    return sendNotFound(res, 'FAQ not found');
-  }
+
   return sendSuccess(res, faq);
 });
 
diff --git a/src/middleware/authMiddleware.ts b/src/middleware/authMiddleware.ts
@@ -712,7 +712,7 @@ export const requireFaqAccess = asyncHandler(async (req: Request, res: Response,
   const userAuthClaims = req.user?.AuthClaims || [];
   
   // SuperAdmin global rule
-  if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
+  if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
 
   // Check if user is a CityAdmin
   if (!userAuthClaims.includes(ROLES.CITY_ADMIN)) {
@@ -730,9 +730,9 @@ export const requireFaqAccess = asyncHandler(async (req: Request, res: Response,
 
     const locationKey = faq.LocationKey;
     
-    // If LocationKey is 'general', any CityAdmin can access
+    // If LocationKey is 'general', only SuperAdmin and VolunteerAdmin can access
     if (locationKey === 'general') {
-      return next();
+      return sendForbidden(res, 'Access to general advice is restricted to SuperAdmin and VolunteerAdmin');
     }
 
     // For location-based access, check the locationKey
@@ -746,9 +746,16 @@ export const requireFaqAccess = asyncHandler(async (req: Request, res: Response,
   }
 
   if (req.body && req.method === HTTP_METHODS.POST) {
+    const locationKey = req.body.LocationKey;
+    
+    // If LocationKey is 'general', only SuperAdmin and VolunteerAdmin can create
+    if (locationKey === 'general') {
+      return sendForbidden(res, 'Creating general advice is restricted to SuperAdmin and VolunteerAdmin');
+    }
+    
     if (userAuthClaims.includes(ROLES.CITY_ADMIN)) {
       // Check if user has access to the specific location
-      const cityAdminClaim = `${ROLE_PREFIXES.CITY_ADMIN_FOR}${req.body.LocationKey}`;
+      const cityAdminClaim = `${ROLE_PREFIXES.CITY_ADMIN_FOR}${locationKey}`;
       if (userAuthClaims.includes(cityAdminClaim)) {
         return next();
       }
@@ -779,7 +786,7 @@ export const requireFaqLocationAccess = (req: Request, res: Response, next: Next
   const userAuthClaims = req.user?.AuthClaims || [];
   
   // SuperAdmin global rule
-  if (handleSuperAdminAccess(userAuthClaims)) { return next(); }
+  if (handleSuperAdminAccess(userAuthClaims) || handleVolunteerAdminAccess(userAuthClaims)) { return next(); }
 
   // Check if user is a CityAdmin
   if (!userAuthClaims.includes(ROLES.CITY_ADMIN)) {
@@ -789,14 +796,17 @@ export const requireFaqLocationAccess = (req: Request, res: Response, next: Next
   // For location-based access, check the location param
   const locationId = req.params.location;
 
-  // If LocationKey is 'general', any CityAdmin can access
-  if (locationId === 'general') {
-    return next();
-  }
-
   // For location-based access, check the locationId param
   const locations = extractLocationsFromQuery(req);
 
+  // If LocationKey is 'general', only SuperAdmin and VolunteerAdmin can access
+  if (locationId === 'general' || locations.includes('general')) {
+    if (userAuthClaims.includes(ROLES.SUPER_ADMIN) || userAuthClaims.includes(ROLES.VOLUNTEER_ADMIN)) {
+      return next();
+    }
+    return sendForbidden(res, 'Access to general advice is restricted to SuperAdmin and VolunteerAdmin');
+  }
+
   if (validateCityAdminLocationsAccess(userAuthClaims, locations, res)) {
     return; // Access denied, response already sent
   }
diff --git a/src/models/faqsModel.ts b/src/models/faqsModel.ts
@@ -29,10 +29,13 @@ const faqSchema = new Schema<IFaq>({
   SortPosition: {
     type: Number,
     required: true,
-  },
-  Tags: [String]
+  }
 }, { collection: 'FAQs', versionKey: false });
 
+// Create indexes based on MongoDB Atlas specifications
+// faqSchema.index({ _id: 1 }, { unique: true }); // UNIQUE index on _id (default)
+faqSchema.index({ LocationKey: 1, SortPosition: -1, Title: 1 }); // COMPOUND index for filtering and sorting
+
 const Faq = mongoose.model<IFaq>("FAQs", faqSchema);
 
 export default Faq;
diff --git a/src/routes/faqRoutes.ts b/src/routes/faqRoutes.ts
@@ -6,11 +6,11 @@ import {
   updateFaq, 
   deleteFaq 
 } from '../controllers/faqController.js';
-import { faqsAuth } from '../middleware/authMiddleware.js';
+import { faqsAuth, faqsByLocationAuth } from '../middleware/authMiddleware.js';
 
 const router = Router();
 
-router.get('/', faqsAuth, getFaqs);
+router.get('/', faqsByLocationAuth, getFaqs);
 router.get('/:id', faqsAuth, getFaqById);
 router.post('/', faqsAuth, createFaq);
 router.put('/:id', faqsAuth, updateFaq);
diff --git a/src/schemas/faqSchema.ts b/src/schemas/faqSchema.ts
@@ -0,0 +1,18 @@
+import { z } from 'zod';
+import { ValidationResult, createValidationResult } from './validationHelpers.js';
+
+// FAQ validation schema
+export const FaqSchema = z.object({
+  LocationKey: z.string().min(1, 'Location is required'),
+  Title: z.string().min(1, 'Title is required').max(200, 'Title must not exceed 200 characters'),
+  Body: z.string().min(1, 'Body content is required'),
+  SortPosition: z.number().int('Sort position must be an integer').min(1, 'Sort position must be 1 or greater')
+});
+
+// Validation function
+export function validateFaq(data: unknown): ValidationResult<z.output<typeof FaqSchema>> {
+  const result = FaqSchema.safeParse(data);
+  return createValidationResult(result);
+}
+
+export type FaqSchemaType = z.infer<typeof FaqSchema>;
diff --git a/src/types/IFaq.ts b/src/types/IFaq.ts
@@ -9,5 +9,4 @@ export interface IFaq extends Document {
   Title: string;
   Body: string;
   SortPosition: number;
-  Tags?: string[];
-}
+}
