Merge pull request #66 from uwblueprint/maggie/faciliators-learners

Facilitator's Learners GET + PUT Endpoints

backend/rest/userRoutes.ts

@@ -1,6 +1,6 @@
 import { Router } from "express";
 
-import { isAuthorizedByRole } from "../middlewares/auth";
+import { getAccessToken, isAuthorizedByRole } from "../middlewares/auth";
 import {
   createUserDtoValidator,
   updateUserDtoValidator,
@@ -12,7 +12,12 @@ import UserService from "../services/implementations/userService";
 import IAuthService from "../services/interfaces/authService";
 import IEmailService from "../services/interfaces/emailService";
 import IUserService from "../services/interfaces/userService";
-import { UserDTO, isRole } from "../types/userTypes";
+import {
+  UpdateUserDTO,
+  UserDTO,
+  isFacilitator,
+  isRole,
+} from "../types/userTypes";
 import { getErrorMessage } from "../utilities/errorUtils";
 import { sendResponseByMimeType } from "../utilities/responseUtil";
 import { capitalizeFirstLetter } from "../utilities/StringUtils";
@@ -203,4 +208,97 @@ userRouter.get(
   },
 );
 
+/* Facilitator will be able to view a list of all their learners */
+userRouter.get(
+  "/facilitator/myLearners",
+  isAuthorizedByRole(new Set(["Facilitator"])),
+  async (req, res) => {
+    const accessToken = getAccessToken(req);
+    try {
+      if (!accessToken) {
+        throw new Error("Unauthorized: No access token provided");
+      }
+      const facilitatorId = await authService.getUserIdFromAccessToken(
+        accessToken,
+      );
+      const facilitator = await userService.getUserById(
+        facilitatorId.toString(),
+      );
+
+      if (isFacilitator(facilitator)) {
+        const learners = await Promise.all(
+          facilitator.learners.map(async (learnerId) => {
+            const learner = await userService.getUserById(learnerId.toString());
+            return learner;
+          }),
+        );
+        res.status(200).json(learners);
+      } else {
+        throw new Error("Unathorized: User retrieved is not a facilitator.");
+      }
+    } catch (error) {
+      res.status(500).send(getErrorMessage(error));
+    }
+  },
+);
+
+/* Facilitator will be able to edit their learners */
+userRouter.put(
+  "/facilitator/myLearners/:userId",
+  isAuthorizedByRole(new Set(["Facilitator"])),
+  updateUserDtoValidator,
+  async (req, res) => {
+    const accessToken = getAccessToken(req);
+    try {
+      if (!accessToken) {
+        throw new Error("Unauthorized: No access token provided");
+      }
+
+      const facilitatorId = await authService.getUserIdFromAccessToken(
+        accessToken,
+      );
+      const selectedLearnerId = req.params.userId;
+      const facilitator = await userService.getUserById(
+        facilitatorId.toString(),
+      );
+
+      if (isFacilitator(facilitator)) {
+        // verify that selected learner userId corresponds to learner belonging to facilitator
+
+        // facilitator.learners is an array of ObjectIds
+        // FacilitatorDTO casts it as an array of strings
+        const facilitatorHasLearner = facilitator.learners.find(
+          (learnerId) => learnerId.toString() === selectedLearnerId,
+        );
+
+        if (!facilitatorHasLearner) {
+          throw new Error(
+            "Unauthorized: Learner does not belong to facilitator.",
+          );
+        }
+      } else {
+        throw new Error("Unauthorized: User retrieved is not a facilitator.");
+      }
+
+      // update learner
+      const updateLearnerPayload: UpdateUserDTO = {
+        firstName: req.body.firstName,
+        lastName: req.body.lastName,
+        email: req.body.email,
+        role: req.body.role,
+        status: "Active",
+      };
+
+      const updatedUser = await userService.updateUserById(
+        selectedLearnerId,
+        updateLearnerPayload,
+      );
+
+      res.status(200).json(updatedUser);
+    } catch (error) {
+      res.status(500).send(getErrorMessage(error));
+    }
+  },
+);
+
 export default userRouter;