Merge pull request #207 from NIAEFEUP/feature/company-profile

Feature/company profile
NIAEFEUP · Mar 21, 2023 · b6e70aa · b6e70aa
2 parents 4c3cf69 + 7a6183c
commit b6e70aa
Show file tree

Hide file tree

Showing 7 changed files with 650 additions and 8 deletions.
diff --git a/src/api/middleware/company.js b/src/api/middleware/company.js
@@ -85,6 +85,45 @@ export const profileComplete = async (req, res, next) => {
  return next();
 };
 
+export const canAccessProfile = (companyId) => async (req, res, next) => {
+ const company = await new CompanyService().findById(companyId, true);
+
+ const notFound = () =>
+ new APIError(
+ HTTPStatus.UNPROCESSABLE_ENTITY,
+ ErrorTypes.VALIDATION_ERROR,
+ [
+ {
+ value: companyId,
+ msg: ValidationReasons.COMPANY_NOT_FOUND(companyId),
+ param: "companyId",
+ location: "params",
+ },
+ ]
+ );
+
+ const errorOrNotFound = (reason) =>
+ companyId === req.user?.company?.toString() || req.hasAdminPrivileges
+ ? new APIError(HTTPStatus.FORBIDDEN, ErrorTypes.FORBIDDEN, reason)
+ : notFound();
+
+ if (!company.hasFinishedRegistration)
+ return next(
+ errorOrNotFound(ValidationReasons.REGISTRATION_NOT_FINISHED)
+ );
+
+ if (req.hasAdminPrivileges)
+ return next();
+
+ if (company.isBlocked)
+ return next(errorOrNotFound(ValidationReasons.COMPANY_BLOCKED));
+
+ if (company.isDisabled && companyId !== req.user?.company?.toString())
+ return next(notFound());
+
+ return next();
+};
+
 export const isNotBlocked = (owner) => async (req, res, next) => {
  const company = await (new CompanyService()).findById(owner, true);
  if (company.isBlocked) {

diff --git a/src/api/middleware/validators/company.js b/src/api/middleware/validators/company.js
@@ -75,6 +75,10 @@ export const deleteCompany = useExpressValidators([
  existingCompanyParamValidator,
 ]);
 
+export const profile = useExpressValidators([
+ existingCompanyParamValidator,
+]);
+
 export const getOffers = useExpressValidators([
  existingCompanyParamValidator,
 ]);

diff --git a/src/api/routes/company.js b/src/api/routes/company.js
@@ -72,6 +72,26 @@ export default (app) => {
 
  });
 
+ router.get("/:companyId",
+ validators.profile,
+ (req, res, next) => companyMiddleware.canAccessProfile(req.params.companyId)(req, res, next),
+ async (req, res) => {
+ const company = await new CompanyService().findById(
+ req.params.companyId,
+ // Can be safely set to true, as the middleware takes
+ // care of validation for us
+ true,
+ req.hasAdminPrivileges
+ );
+ const offers = await new OfferService().getOffersByCompanyId(
+ req.params.companyId,
+ req.targetOwner,
+ req.hasAdminPrivileges
+ );
+ return res.json({ company, offers });
+ }
+ );
+
  router.put(
  "/:companyId/block",
  or([

diff --git a/src/api/routes/offer.js b/src/api/routes/offer.js
@@ -68,7 +68,8 @@ export default (app) => {
  */
  router.get("/company/:companyId", companyValidators.getOffers, async (req, res, next) => {
  try {
- const offers = await (new OfferService()).getOffersByCompanyId(req.params.companyId, req.targetOwner, req.hasAdminPrivileges);
+ const offers = await (new OfferService())
+ .getOffersByCompanyId(req.params.companyId, req.targetOwner, req.hasAdminPrivileges);
 
  return res.json(offers);
  } catch (err) {

diff --git a/src/models/constants/Company.js b/src/models/constants/Company.js
@@ -8,6 +8,7 @@ export default Object.freeze({
  },
  offers: {
  max_concurrent: 5,
+ max_profile_visible: 5
  },
  contacts: {
  min_length: 1,

diff --git a/src/services/offer.js b/src/services/offer.js
@@ -5,6 +5,7 @@ import Account from "../models/Account.js";
 import EmailService from "../lib/emailService.js";
 import { OFFER_DISABLED_NOTIFICATION } from "../email-templates/companyOfferDisabled.js";
 import OfferConstants from "../models/constants/Offer.js";
+import CompanyConstants from "../models/constants/Company.js";
 import base64url from "base64url";
 
 const { ObjectId } = mongoose.Types;
@@ -413,7 +414,7 @@ class OfferService {
 
  /**
  * Checks whether a given offer is visible to a specific userCompanyId.
- * Unpublished/Unactive offers may still be visible
+ * Unpublished/inactive offers may still be visible
  * @param {*} offer
  * @param {*} hasAdminPrivileges
  * @param {*} userCompanyId
@@ -437,17 +438,29 @@ class OfferService {
 
  /**
  * Gets all the offers from a specific company that are visible to a specific user
- * Note: This function will show even unpublished/unactive offers
+ * Note: This function will show even unpublished/inactive offers
  * @param {*} companyId
  * @param {*} userCompanyId
  * @param {*} hasAdminPrivileges
+ * @param {*} limit
+ * @param {*} sortByPublishDate
  * @returns Visible offers
  */
- async getOffersByCompanyId(companyId, userCompanyId, hasAdminPrivileges) {
- return (await Offer.find({ owner: companyId }))
- .filter((offer) =>
- this.isVisibleOffer(offer, hasAdminPrivileges, userCompanyId)
- );
+ async getOffersByCompanyId(
+ companyId,
+ userCompanyId,
+ hasAdminPrivileges,
+ limit = CompanyConstants.offers.max_profile_visible,
+ sortByPublishDate = true
+ ) {
+ return (
+ await Offer.find({ owner: companyId }, null, {
+ limit,
+ sort: (sortByPublishDate && { publishDate: "desc" }) || undefined,
+ })
+ ).filter((offer) =>
+ this.isVisibleOffer(offer, hasAdminPrivileges, userCompanyId)
+ );
  }
 
  async sendOfferDisabledNotification(offerId) {