UserGetter = require "./UserGetter" logger = require("logger-sharelatex") UserDeleter = require("./UserDeleter") UserUpdater = require("./UserUpdater") sanitize = require('sanitizer') module.exports = UserController = getLoggedInUsersPersonalInfo: (req, res, next = (error) ->) -> # this is funcky as hell, we don't use the current session to get the user # we use the auth token, actually destroying session from the chat api request if req.query?.auth_token? req.session.destroy() logger.log user: req.user, "reciving request for getting logged in users personal info" return next(new Error("User is not logged in")) if !req.user? UserGetter.getUser req.session.user._id, { first_name: true, last_name: true, role:true, institution:true }, (error, user) -> UserController.sendFormattedPersonalInfo(user, res, next) getPersonalInfo: (req, res, next = (error) ->) -> UserGetter.getUser req.params.user_id, { _id: true, first_name: true, last_name: true, email: true}, (error, user) -> logger.log user_id: req.params.user_id, "reciving request for getting users personal info" return next(error) if error? return res.send(404) if !user? UserController.sendFormattedPersonalInfo(user, res, next) req.session.destroy() updatePersonalInfo: (req, res, next = (error)->) -> {first_name, last_name, role, institution} = req.body user_id = req.session.user._id logger.log data:req.body, user_id:user_id, "getting update for user personal info" update = first_name:sanitize.escape(first_name) last_name:sanitize.escape(last_name) role:sanitize.escape(role) institution:sanitize.escape(institution) UserUpdater.updatePersonalInfo user_id, update, (err)-> if err? res.send 500 else res.send 204 sendFormattedPersonalInfo: (user, res, next = (error) ->) -> UserController._formatPersonalInfo user, (error, info) -> return next(error) if error? res.send JSON.stringify(info) _formatPersonalInfo: (user, callback = (error, info) ->) -> callback null, { id: user._id.toString() first_name: user.first_name last_name: user.last_name email: user.email signUpDate: user.signUpDate role: user.role institution: user.institution }