commit

controller/auth.controller.js

@@ -49,16 +49,17 @@ exports.login = handleError(async (req, res) => {
     await userModel.create({
       user_id: user.data.id,
       nama: user.data.nama,
-      lembaga: user.data.peran[0].organisasi.nama,
+      lembaga: user.data.peran[0].organisasi,
       email: user.data.username,
       no_hp: user.data.no_hp,
       alamat: user.data.alamat,
+      role: user.data.peran[0].peran,
       isPublic: false,
       isPrivate: false,
     })
   }
 
-  const accessToken = jwt.sign({ user_id: user.data.id }, process.env.SECRET, {
+  const accessToken = jwt.sign({ id: user.data.id }, process.env.SECRET, {
     expiresIn: '1d',
   })
 

controller/dokumen.controller.js

@@ -1,15 +1,5 @@
 const chunkModel = require('../model/chunk.model')
-// const { addDocument } = require('../utils/documentFunction')
 const handleError = require('../utils/handleError')
-const response = require('../utils/responseHandler')
-
-// exports.uploads = handleError(async (req, res) => {
-//   const dokumen = req.file
-//   const data = await addDocument(dokumen)
-//   response.success(res, {
-//     data,
-//   })
-// })
 
 exports.getDokumen = handleError(async (req, res) => {
   const { id } = req.params

controller/laporan.controller.js

@@ -6,6 +6,7 @@ const { validate } = require('../utils/validation')
 const axios = require('axios')
 const https = require('https')
 const { addManyDokumen } = require('../utils/dokumenFunction')
+const pelanggaranModel = require('../model/pelanggaran.model')
 
 exports.create = handleError(async (req, res) => {
   const httpsAgent = new https.Agent({
@@ -14,24 +15,14 @@ exports.create = handleError(async (req, res) => {
   req.body.dokumen = req.files
   const isValid = validate(res, req.body, {
     no_laporan: 'string',
-    user_id: 'string',
     pt_id: 'string',
     pelanggaran_id: 'string',
     keterangan: 'string',
-    is_public: { type: 'boolean', convert: true },
     dokumen: { type: 'array', items: 'object' },
   })
   if (!isValid) return
 
-  const {
-    no_laporan,
-    pt_id,
-    user_id,
-    keterangan,
-    pelanggaran_id,
-    role_data,
-    is_public,
-  } = req.body
+  const { no_laporan, pt_id, keterangan, pelanggaran_id, role_data } = req.body
 
   const url = `https://api.kemdikbud.go.id:8243/pddikti/1.2/pt/${pt_id}`
 
@@ -41,21 +32,29 @@ exports.create = handleError(async (req, res) => {
     },
     httpsAgent,
   })
-  const pt = responseAxios.data[0]
 
-  let user = {}
-  if (!is_public) {
-    user = await userModel.findOne({
-      user_id: user_id,
+  const pt = responseAxios.data[0]
+  if (!pt)
+    return response.error(res, {
+      message: 'pt_id tidak ditemukan',
     })
-  }
 
   const dokumen = await addManyDokumen(req.files)
   const dokumen_id = dokumen.map((e) => e._id)
 
+  const pelanggaran = await pelanggaranModel.find({
+    _id: {
+      $in: pelanggaran_id.split(',').map((e) => e),
+    },
+  })
+
+  if (!pelanggaran.length)
+    return response.error(res, { message: 'pelanggaran_id tidak ada' })
+
+  const user = req.user
   let data = {
     no_laporan,
-    user: user._id || user_id,
+    user: user._id,
     dokumen: dokumen_id,
     pt,
     pelanggaran: pelanggaran_id.split(',').map((e) => e),
@@ -72,11 +71,27 @@ exports.create = handleError(async (req, res) => {
 })
 
 exports.getAll = handleError(async (req, res) => {
-  const data = await laporanModel
+  const user = req.user
+  let data = await laporanModel
     .find()
     .populate('user')
     .populate('pelanggaran')
     .populate('dokumen')
+
+  if (!data) {
+    return response.error(res, {
+      message: 'Not Found',
+      code: 404,
+    })
+  }
+
+  if (user.role.id !== 2020) {
+    data = data.filter(
+      (e) =>
+        e.user.role.id === user.role.id && e.pt.pembina.id === user.lembaga.id
+    )
+  }
+
   return response.success(res, {
     message: '',
     data,
@@ -85,17 +100,21 @@ exports.getAll = handleError(async (req, res) => {
 
 exports.getOne = handleError(async (req, res) => {
   const { id } = req.params
-  const user_id = req.data
-  const user = await userModel.findOne({
-    user_id: user_id,
-  })
+  const user = req.user
   const data = await laporanModel
     .findOne({ _id: id, user: user._id })
     .populate('user')
     .populate('pelanggaran')
     .populate('dokumen')
+
+  if (!data) {
+    return response.error(res, {
+      message: 'Not Found',
+      code: 404,
+    })
+  }
   return response.success(res, {
-    message: '',
-    data,
+    message: 'Berhasil ngambil data Laporan',
+    data: user,
   })
 })

middleware/role.js

@@ -0,0 +1,19 @@
+const userModel = require('../model/user.model')
+const { array } = require('../utils/handleDokumen')
+const response = require('../utils/responseHandler')
+
+module.exports = (role) => async (req, res, next) => {
+  const user = req.user
+
+  if (
+    (typeof role == 'number' && user.role.id !== role) ||
+    (typeof role == 'object' && !role.includes(user.role.id))
+  ) {
+    response.error(res, {
+      message: 'Forbidden',
+      code: 403,
+    })
+  }
+
+  next()
+}

middleware/verifyToken.js

@@ -1,4 +1,5 @@
 const jwt = require('jsonwebtoken')
+const userModel = require('../model/user.model')
 const response = require('../utils/responseHandler')
 
 module.exports = (req, res, next) => {
@@ -11,14 +12,21 @@ module.exports = (req, res, next) => {
       message: 'Token tidak ada',
     })
 
-  jwt.verify(token, process.env.SECRET, (err, data) => {
+  jwt.verify(token, process.env.SECRET, async (err, data) => {
     if (err)
       return response.error(res, {
         code: 403,
         message: 'Ditolak',
       })
-
-    req.user = data
-    next()
+    try {
+      const user = await userModel.findOne({ user_id: data.id })
+      req.user = user
+      next()
+    } catch (error) {
+      return response.error(res, {
+        code: 403,
+        message: 'Ditolak',
+      })
+    }
   })
 }

model/user.model.js

@@ -7,7 +7,7 @@ module.exports = mongoose.model(
   new Schema({
     user_id: String,
     nama: String,
-    lembaga: String,
+    lembaga: Object,
     email: String,
     no_hp: String,
     alamat: String,
@@ -15,6 +15,7 @@ module.exports = mongoose.model(
       type: Types.ObjectId,
       ref: dokumen,
     },
+    role: Object,
     isPublic: Boolean,
     isPrivate: Boolean,
   }),

routes/v1/index.js

@@ -1,4 +1,5 @@
 const router = require('express').Router()
+const auth = require('../../middleware/verifyToken')
 
 router.get('/', (req, res) => {
   res.json({
@@ -7,7 +8,7 @@ router.get('/', (req, res) => {
   })
 })
 
-router.use('/laporan', require('./laporan.routes'))
+router.use('/laporan', auth, require('./laporan.routes'))
 router.use('/public', require('./public.routes'))
 router.use('/auth', require('./auth.routes'))
 

routes/v1/laporan.routes.js

@@ -1,8 +1,15 @@
 const router = require('express').Router()
 const laporan = require('../../controller/laporan.controller')
 const handleDokumen = require('../../utils/handleDokumen')
+const role = require('../../middleware/role')
 
-router.post('/create', handleDokumen.array('dokumen'), laporan.create)
-router.get('/', handleDokumen.array('dokumen'), laporan.getAll)
+router.post(
+  '/create',
+  role([2020, 2021]),
+  handleDokumen.array('dokumen'),
+  laporan.create
+)
+router.get('/', role([2020, 2021]), laporan.getAll)
+router.get('/:id', laporan.getOne)
 
 module.exports = router