krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-14 21:27:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
581271e9303166d4c27ee72d73778ae3d0c51dd4
habitica/website/server/controllers/api-v3/challenges.js
Natalie 581271e930 Reporting challenges (#14756) 
* initial commit

* update logic to display flagged challenges properly to users and admins

* add report button to pages 'My Challenges' and 'Discover Challenges'

* allow mods to view flagged messages on challengeDetail view

* update showing flagged challenges for group challenges

* update showing flagged challenges for a specific challenge

* disallow closing a flagged challenge

* update notes to reflect apiParams properly

* fix css spacing

* update challenge en locales

* fix spacing

* update title of closeChallengeModal

* let user know flagged challenges cannot be cloned

* fix linting errors

* ensure flagged challenges cannot be declared with a winner and cloned via API

* define a non user challenge properly

* fix logic to check for a nonParticipant and nonLeader user when grabbing flagged challenges

* fix linting of max character of 100 / line

* remove reporting on 'my challenges' and 'discover challenges'

* WIP(challenges): disable clone button and add notes to new functions

* WIP(challenges): smol changes

* WIP(challenges): clone button only disabled for admin and flagged user; other users can still clone but the flag goes along with the clone

* WIP(challenges): stop flags carrying over on cloned challenges

* WIP(challenges): typo fixing, undoing a smol change

* fix(challenges): improved query logic for flags

* WIP(challenges): more smol changes

* fix(challenges): refactor queries

* fix(challenges): correct My Challenges tab logic

* WIP(challenges): fix clone button state

* WIP(challenges): really fixed clone button & clear flags from clones

* WIP(challenge): implement new design for reporting modal

* WIP(challenge): making things pretty

* WIP(challenge): conquering the close button

* WIP(challenge): fixin some spacing

* WIP(challenge): smol fix

* WIP(challenge): making sure the button is actually disabled

* WIP(challenge): fix blockquote css

* fix(tests): no private guilds

* fix(lint): curlies etc

* fix(test): moderator permission

* fix(lint): sure man whatever

* fix(lint): bad vim no tabby

* fix(test): permissions not contrib lol

* fix(challenges): add icon and fix leaky CSS

* fix(challenge): correct clone button behavior

---------

Co-authored-by: Julius Jung <me@matchajune.io>
Co-authored-by: SabreCat <sabe@habitica.com>
Co-authored-by: Sabe Jones <sabrecat@gmail.com>
2023-10-24 09:24:56 -05:00

1041 lines
36 KiB
JavaScript
Raw Blame History

import _ from 'lodash';
import cloneDeep from 'lodash/cloneDeep';
import { authWithHeaders, authWithSession } from '../../middlewares/auth';
import { model as Challenge } from '../../models/challenge';
import {
model as Group,
basicFields as basicGroupFields,
TAVERN_ID,
} from '../../models/group';
import {
model as User,
nameFields,
} from '../../models/user';
import {
NotFound,
NotAuthorized,
} from '../../libs/errors';
import * as Tasks from '../../models/task';
import csvStringify from '../../libs/csvStringify';
import {
createTasks,
} from '../../libs/tasks';
import {
addUserJoinChallengeNotification,
getChallengeGroupResponse,
createChallenge,
cleanUpTask,
createChallengeQuery,
} from '../../libs/challenges';
import apiError from '../../libs/apiError';
import common from '../../../common';
import {
clearFlags,
flagChallenge,
notifyOfFlaggedChallenge,
} from '../../libs/challenges/reporting';
const { MAX_SUMMARY_SIZE_FOR_CHALLENGES } = common.constants;
const api = {};
/**
* @apiDefine ChallengeLeader Challenge Leader
* The leader of the challenge can use this route.
*/
/**
* @apiDefine ChallengeNotFound
* @apiError (404) {NotFound} ChallengeNotFound The specified challenge could not be found.
*/
/**
* @apiDefine SuccessfulChallengeRequest
* @apiSuccess {UUID} challenge.group._id The group id.
* @apiSuccess {String} challenge.group.type Group type: `guild` or `party`.
* @apiSuccess {String} challenge.group.privacy Group privacy: `public` or `private`.
* @apiSuccess {String} challenge.name Full name of challenge.
* @apiSuccess {String} challenge.shortName A shortened name for the challenge, to be used as a tag.
* @apiSuccess {Object} challenge.leader User details of challenge leader.
* @apiSuccess {UUID} challenge.leader._id User ID of challenge leader.
* @apiSuccess {Object} challenge.leader.profile Profile information of leader.
* @apiSuccess {Object} challenge.leader.profile.name Display Name of leader.
* @apiSuccess {String} challenge.updatedAt Timestamp of last update.
* @apiSuccess {String} challenge.createdAt Timestamp of challenge creation.
* @apiSuccess {UUID} challenge.id Id number of newly created challenge.
* @apiSuccess {UUID} challenge._id Same as `challenge.id`.
* @apiSuccess {String} challenge.prize Number of gems offered as prize to winner (can be 0).
* @apiSuccess {String} challenge.memberCount Number users participating in challenge.
* @apiSuccess {Object} challenge.tasksOrder Object containing IDs of the challenge's
* tasks and rewards in their preferred sort order.
* @apiSuccess {Array} challenge.tasksOrder.rewards Array of `reward` task IDs.
* @apiSuccess {Array} challenge.tasksOrder.todos Array of `todo` task IDs.
* @apiSuccess {Array} challenge.tasksOrder.dailys Array of `daily` task IDs.
* @apiSuccess {Array} challenge.tasksOrder.habits Array of `habit` task IDs.
* @apiSuccess {Boolean} challenge.official Boolean indicating if
* this is an official Habitica challenge.
*
*/
/**
* @apiDefine ChallengeSuccessExample
* @apiSuccessExample {json} Successful response with single challenge
{
"data": {
"group": {
"_id": "group-id-associated-with-challenge",
"name": "MyGroup",
"type": "guild",
"privacy": "public"
},
"name": "Long Detailed Name of Challenge",
"shortName": "my challenge",
"leader": {
"_id": "user-id-of-challenge-creator",
"profile": {
"name": "MyUserName"
}
},
"updatedAt": "timestamp,
"createdAt": "timestamp",
"_id": "challenge-id",
"prize": 0,
"memberCount": 1,
"tasksOrder": {
"rewards": [
"uuid-of-challenge-reward"
],
"todos": [
"uuid-of-challenge-todo"
],
"dailys": [
"uuid-of-challenge-daily"
],
"habits": [
"uuid-of-challenge-habit"
]
},
"official": false,
"id": "challenge-id"
}
}
*/
/**
* @apiDefine ChallengeArrayExample
* @apiSuccessExample {json} Successful response with array of challenges
{
"data": [{
"group": {
"_id": "group-id-associated-with-challenge",
"name": "MyGroup",
"type": "guild",
"privacy": "public"
},
"name": "Long Detailed Name of Challenge",
"shortName": "my challenge",
"leader": {
"_id": "user-id-of-challenge-creator",
"profile": {
"name": "MyUserName"
}
},
"updatedAt": "timestamp,
"createdAt": "timestamp",
"_id": "challenge-id",
"prize": 0,
"memberCount": 1,
"tasksOrder": {
"rewards": [
"uuid-of-challenge-reward"
],
"todos": [
"uuid-of-challenge-todo"
],
"dailys": [
"uuid-of-challenge-daily"
],
"habits": [
"uuid-of-challenge-habit"
]
},
"official": false,
"id": "challenge-id"
}]
}
*/
/**
* @api {post} /api/v3/challenges Create a new challenge
* @apiName CreateChallenge
* @apiGroup Challenge
* @apiDescription Creates a challenge. Cannot create associated
* tasks with this route. See <a href="#api-Task-CreateChallengeTasks">CreateChallengeTasks</a>.
*
* @apiParam (Body) {Object} challenge An object representing the challenge to be created
* @apiParam (Body) {UUID} challenge.group The id of the group to which the challenge belongs
* @apiParam (Body) {String} challenge.name The full name of the challenge
* @apiParam (Body) {String} challenge.shortName A shortened name for the challenge,
* to be used as a tag.
* @apiParam (Body) {String} [challenge.summary] A short summary advertising the main purpose
* of the challenge; maximum 250 characters;
* if not supplied, challenge.name will be used.
* @apiParam (Body) {String} [challenge.description] A detailed description of the challenge
* @apiParam (Body) {Boolean} [official=false] Whether or not a challenge is an official
* Habitica challenge (requires admin).
* @apiParam (Body) {Number} [challenge.prize=0] Number of gems offered as
* a prize to challenge winner.
*
* @apiSuccess (201) {Object} challenge The newly created challenge.
* @apiUse SuccessfulChallengeRequest
*
* @apiUse ChallengeSuccessExample
*
* @apiError (401) {NotAuthorized} CantAffordPrize User does not have enough
gems to offer this prize.
* @apiError (400) {BadRequest} ChallengeValidationFailed Invalid or missing parameter
in challenge body.
*
* @apiUse GroupNotFound
* @apiUse UserNotFound
*/
api.createChallenge = {
method: 'POST',
url: '/challenges',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkBody('group', apiError('groupIdRequired')).notEmpty();
req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const { savedChal, group } = await createChallenge(user, req, res);
const response = savedChal.toJSON();
response.leader = { // the leader is the authenticated user
_id: user._id,
profile: { name: user.profile.name },
};
response.group = getChallengeGroupResponse(group);
res.analytics.track('challenge create', {
uuid: user._id,
hitType: 'event',
category: 'behavior',
challengeID: response._id,
groupID: group._id,
groupName: group.privacy === 'private' ? null : group.name,
groupType: group._id === TAVERN_ID ? 'tavern' : group.type,
prize: response.prize,
headers: req.headers,
});
res.respond(201, response);
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/join Join a challenge
* @apiName JoinChallenge
* @apiGroup Challenge
* @apiParam (Path) {UUID} challengeId The challenge _id
*
* @apiSuccess {Object} challenge The challenge the user joined
* @apiUse SuccessfulChallengeRequest
*
* @apiUse ChallengeNotFound
* @apiUse UserNotFound
*
* @apiUse ChallengeSuccessExample
*/
api.joinChallenge = {
method: 'POST',
url: '/challenges/:challengeId/join',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
const group = await Group.getGroup({
user, groupId: challenge.group, fields: `${basicGroupFields} purchased`, optionalMembership: true,
});
if (!group || !challenge.canJoin(user, group)) throw new NotFound(res.t('challengeNotFound'));
group.purchased = undefined;
const addedSuccessfully = await challenge.addToUser(user);
if (!addedSuccessfully) {
throw new NotAuthorized(res.t('userAlreadyInChallenge'));
}
challenge.memberCount += 1;
addUserJoinChallengeNotification(user);
// Add all challenge's tasks to user's tasks and save the challenge
const results = await Promise.all([challenge.syncTasksToUser(user), challenge.save()]);
const response = results[1].toJSON();
response.group = getChallengeGroupResponse(group);
const chalLeader = await User.findById(response.leader).select(nameFields).exec();
response.leader = chalLeader ? chalLeader.toJSON({ minimize: true }) : null;
res.analytics.track('challenge join', {
uuid: user._id,
hitType: 'event',
category: 'behavior',
challengeID: challenge._id,
groupID: group._id,
groupName: group.privacy === 'private' ? null : group.name,
groupType: group._id === TAVERN_ID ? 'tavern' : group.type,
headers: req.headers,
});
res.respond(200, response);
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/leave Leave a challenge
* @apiName LeaveChallenge
* @apiGroup Challenge
* @apiParam (Path) {UUID} challengeId The challenge _id
* @apiParam (Body) {String="remove-all","keep-all"} [keep="keep-all"] Whether or not to
* keep or remove the
* challenge's tasks.
*
* @apiSuccess {Object} data An empty object
*
* @apiUse ChallengeNotFound
* @apiUse UserNotFound
*/
api.leaveChallenge = {
method: 'POST',
url: '/challenges/:challengeId/leave',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
const keep = req.body.keep === 'remove-all' ? 'remove-all' : 'keep-all';
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
if (!challenge.isMember(user)) throw new NotAuthorized(res.t('challengeMemberNotFound'));
// Unlink challenge's tasks from user's tasks and save the challenge
await challenge.unlinkTasks(user, keep);
res.analytics.track('challenge leave', {
uuid: user._id,
hitType: 'event',
category: 'behavior',
challengeID: challenge._id,
groupID: challenge.group._id,
groupName: challenge.group.privacy === 'private' ? null : challenge.group.name,
groupType: challenge.group._id === TAVERN_ID ? 'tavern' : challenge.group.type,
headers: req.headers,
});
res.respond(200, {});
},
};
/**
* @api {get} /api/v3/challenges/user Get challenges for a user
* @apiName GetUserChallenges
* @apiGroup Challenge
* @apiDescription Get challenges the user has access to. Includes public challenges,
* challenges belonging to the user's group, and challenges the user has already joined.
* Returns 10 results per page.
*
* @apiSuccess {Object[]} challenges An array of challenges sorted with official
* challenges first, followed by the challenges
* in order from newest to oldest.
*
* @apiParam (Query) {Number} page This parameter can be used to specify the page number
for the user challenges result (the initial page is number 0).
* @apiParam (Query) {String} [member] If set to `true` it limits results to challenges where the
user is a member, or the user owns the challenge.
* @apiParam (Query) {String} [owned] If set to `owned` it limits results to challenges owned
by the user. If set to `not_owned` it limits results
to challenges not owned by the user.
* @apiParam (Query) {String} [search] Optional query parameter to filter results to challenges
that include (even partially) the search query parameter
in the name or description.
* @apiParam (Query) {String} [categories] Optional comma separated list of categories.
If set it limits results to challenges that are part
of the given categories.
* @apiError (400) {BadRequest} queryPageInteger Page query parameter must be a positive integer
* @apiUse SuccessfulChallengeRequest
*
* @apiUse ChallengeArrayExample
*
* @apiUse UserNotFound
*/
api.getUserChallenges = {
method: 'GET',
url: '/challenges/user',
middlewares: [authWithHeaders()],
async handler (req, res) {
req.checkQuery('page').notEmpty().isInt({ min: 0 }, apiError('queryPageInteger'));
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const CHALLENGES_PER_PAGE = 10;
const {
categories,
member,
owned,
page,
search,
} = req.query;
const { user } = res.locals;
const query = {
$and: [],
};
if (!user.hasPermission('moderator')) {
query.$and.push(
{
$or: [
{ flagCount: { $not: { $gt: 1 } } },
{ leader: user._id },
],
},
);
}
// Challenges the user owns
const orOptions = [{ leader: user._id }];
// Challenges where the user is participating
if (user.challenges.length > 0) {
orOptions.push({ _id: { $in: user.challenges } });
}
// Challenges in groups user is a member of, plus public challenges
if (!member) {
const userGroups = await Group.getGroups({
user,
types: ['party', 'guilds', 'tavern'],
});
const userGroupIds = userGroups.map(userGroup => userGroup._id);
orOptions.push({
group: { $in: userGroupIds },
});
}
if (owned === 'not_owned') {
query.leader = { $ne: user._id }; // Show only Challenges user does not own
} else if (owned === 'owned') {
query.leader = user._id; // Show only Challenges user owns
} else {
orOptions.push(
{ leader: user._id }, // Additionally show Challenges user owns
);
}
query.$and.push({ $or: orOptions });
if (search) {
const searchOr = { $or: [] };
const searchWords = _.escapeRegExp(search).split(' ').join('|');
const searchQuery = { $regex: new RegExp(`${searchWords}`, 'i') };
searchOr.$or.push({ name: searchQuery });
searchOr.$or.push({ description: searchQuery });
query.$and.push(searchOr);
}
if (categories) {
const categorySlugs = categories.split(',');
query.categories = { $elemMatch: { slug: { $in: categorySlugs } } };
}
// Ensure that official challenges are always first
let mongoQuery = createChallengeQuery(query);
if (page) {
mongoQuery = mongoQuery
.skip(CHALLENGES_PER_PAGE * page)
.limit(CHALLENGES_PER_PAGE);
}
// see below why we're not using populate
// .populate('group', basicGroupFields)
// .populate('leader', nameFields)
const challenges = await mongoQuery.exec();
// Unserialize, then serialize the challenges to fill in default fields
const resChals = challenges.map(chal => (new Challenge(chal)).toJSON());
// Instead of populate we make a find call manually because of https://github.com/Automattic/mongoose/issues/3833
await Promise.all(resChals.map((chal, index) => Promise.all([
User.findById(chal.leader).select(`${nameFields} backer contributor`).exec(),
Group.findById(chal.group).select(basicGroupFields).exec(),
]).then(populatedData => {
resChals[index].leader = populatedData[0]
? populatedData[0].toJSON({ minimize: true })
: null;
resChals[index].group = populatedData[1]
? populatedData[1].toJSON({ minimize: true })
: null;
})));
res.respond(200, resChals);
},
};
/**
* @api {get} /api/v3/challenges/groups/:groupId Get challenges for a group
* @apiDescription Get challenges hosted in the specified group.
* @apiName GetGroupChallenges
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} groupId The group id ('party' for the user party and 'habitrpg'
* for tavern are accepted)
*
* @apiSuccess {Array} data An array of challenges sorted with official challenges first,
* followed by the challenges in order from newest to oldest.
*
* @apiUse SuccessfulChallengeRequest
* @apiUse ChallengeArrayExample
* @apiUse UserNotFound
* @apiUse GroupNotFound
*/
api.getGroupChallenges = {
method: 'GET',
url: '/challenges/groups/:groupId',
middlewares: [authWithHeaders({
// Some fields (including _id) are always loaded (see middlewares/auth)
userFieldsToInclude: ['party', 'guilds', 'contributor'], // Some fields are always loaded (see middlewares/auth)
})],
async handler (req, res) {
const { user } = res.locals;
let { groupId } = req.params;
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
if (groupId === 'party') groupId = user.party._id;
if (groupId === 'habitrpg') groupId = TAVERN_ID;
const group = await Group.getGroup({ user, groupId });
if (!group) throw new NotFound(res.t('groupNotFound'));
const challenges = await createChallengeQuery({ group: groupId })
// Only populate the leader as the group is implicit // see below why we're not using populate
// .populate('leader', nameFields)
.exec();
const resChals = challenges.map(challenge => {
// filter out challenges that the non-admin user isn't participating in, nor created
const nonParticipant = !user.challenges
|| (user.challenges
&& user.challenges.findIndex(cId => cId === challenge._id) === -1);
const isFlaggedForNonAdminUser = challenge.flagCount > 1
&& !user.hasPermission('moderator')
&& nonParticipant
&& challenge.leader !== user._id;
return isFlaggedForNonAdminUser ? null : (new Challenge(challenge)).toJSON();
}).filter(challenge => !!challenge);
// Instead of populate we make a find call manually because of https://github.com/Automattic/mongoose/issues/3833
await Promise.all(resChals.map((chal, index) => User
.findById(chal.leader)
.select(nameFields)
.exec()
.then(populatedLeader => {
resChals[index].leader = populatedLeader
? populatedLeader.toJSON({ minimize: true })
: null;
})));
res.respond(200, resChals);
},
};
/**
* @api {get} /api/v3/challenges/:challengeId Get a challenge
* @apiName GetChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The challenge _id
*
* @apiSuccess {Object} data The challenge object
* @apiUse SuccessfulChallengeRequest
* @apiUse ChallengeSuccessExample
*
* @apiUse ChallengeNotFound
*/
api.getChallenge = {
method: 'GET',
url: '/challenges/:challengeId',
middlewares: [authWithHeaders()],
async handler (req, res) {
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const { user } = res.locals;
const { challengeId } = req.params;
// Don't populate the group as we'll fetch it manually later
// .populate('leader', nameFields)
const challenge = await Challenge.findById(challengeId).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
const nonParticipant = !user.challenges
|| (user.challenges
&& user.challenges.findIndex(cId => cId === challenge._id) === -1);
const isFlaggedForNonAdminUser = challenge.flagCount > 1
&& !user.hasPermission('moderator')
&& nonParticipant
&& challenge.leader !== user._id;
if (isFlaggedForNonAdminUser) throw new NotFound(res.t('challengeNotFound'));
// Fetching basic group data
const group = await Group.getGroup({
user, groupId: challenge.group, fields: `${basicGroupFields} purchased`,
});
if (!group && !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
const chalRes = challenge.toJSON();
if (group) {
group.purchased = undefined;
chalRes.group = group.toJSON({ minimize: true });
}
// Instead of populate we make a find call manually because of https://github.com/Automattic/mongoose/issues/3833
const chalLeader = await User.findById(chalRes.leader).select(nameFields).exec();
chalRes.leader = chalLeader ? chalLeader.toJSON({ minimize: true }) : null;
res.respond(200, chalRes);
},
};
/**
* @api {get} /api/v3/challenges/:challengeId/export/csv Export a challenge in CSV
* @apiName ExportChallengeCsv
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The challenge _id
*
* @apiSuccess {String} challenge A csv file
*
* @apiUse ChallengeNotFound
*/
api.exportChallengeCsv = {
method: 'GET',
url: '/challenges/:challengeId/export/csv',
middlewares: [authWithSession],
async handler (req, res) {
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const { user } = res.locals;
const { challengeId } = req.params;
const challenge = await Challenge.findById(challengeId).select('_id group leader tasksOrder').exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
const group = await Group.getGroup({
user, groupId: challenge.group, fields: '_id type privacy', optionalMembership: true,
});
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
// In v2 this used the aggregation framework to run some
// computation on MongoDB but then iterated through all
// results on the server so the perf difference isn't that big (hopefully)
const [members, tasks] = await Promise.all([
User.find({ challenges: challengeId })
.select(nameFields)
.sort({ _id: 1 })
.lean() // so we don't involve mongoose
.exec(),
Tasks.Task.find({
'challenge.id': challengeId,
userId: { $exists: true },
}).sort({ userId: 1, text: 1 })
.select('userId type text value notes streak')
.lean()
.exec(),
]);
let resArray = members
.map(member => [member._id, member.profile.name, member.auth.local.username]);
let lastUserId;
let index = -1;
tasks.forEach(task => {
/**
* Occasional error does not unlink a user's challenge tasks from that challenge's data
* after the user leaves that challenge, which previously caused a failure when exporting
* to a CSV. The following if statement makes sure that the task's attached user still
* belongs to the challenge.
* See more at https://github.com/HabitRPG/habitica/issues/8350
*/
if (!resArray.map(line => line[0]).includes(task.userId)) {
return;
}
while (task.userId !== lastUserId) {
index += 1;
[lastUserId] = resArray[index]; // resArray[index][0] is an user id
}
const streak = task.streak || 0;
resArray[index].push(`${task.type}:${task.text}`, task.value, task.notes, streak);
});
// The first row is going to be UUID name Task Value Notes
// repeated n times for the n challenge tasks
const challengeTasks = _.reduce(
challenge.tasksOrder.toObject(),
(result, array) => result.concat(array), [],
).sort();
resArray.unshift(['UUID', 'Display Name', 'Username']);
_.times(challengeTasks.length, () => resArray[0].push('Task', 'Value', 'Notes', 'Streak'));
// Remove lines for users without tasks info
resArray = resArray.filter(line => {
if (line.length === 2) { // only user data ([id, profile name]), no task data
return false;
}
return true;
});
res.set({
'Content-Type': 'text/csv',
'Content-disposition': `attachment; filename=${challengeId}.csv`,
});
const csvRes = await csvStringify(resArray);
res.status(200).send(csvRes);
},
};
/**
* @api {put} /api/v3/challenges/:challengeId Update a challenge's name, description, or summary
*
* @apiName UpdateChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The challenge _id
* @apiParam (Body) {String} [challenge.name] The new full name of the challenge.
* @apiParam (Body) {String} [challenge.summary] The new challenge summary.
* @apiParam (Body) {String} [challenge.description] The new challenge description.
*
* @apiSuccess {Object} data The updated challenge
* @apiPermission ChallengeLeader
*
* @apiUse ChallengeSuccessExample
*
* @apiUse ChallengeNotFound
*
* @apiError (401) {NotAuthorized} MustBeChallengeLeader Only challenge leader
* can update the challenge.
*/
api.updateChallenge = {
method: 'PUT',
url: '/challenges/:challengeId',
middlewares: [authWithHeaders()],
async handler (req, res) {
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
req.checkBody('summary', apiError('summaryLengthExceedsMax')).isLength({ max: MAX_SUMMARY_SIZE_FOR_CHALLENGES });
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const { user } = res.locals;
const { challengeId } = req.params;
const challenge = await Challenge.findById(challengeId).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
const group = await Group.getGroup({
user, groupId: challenge.group, fields: `${basicGroupFields} purchased`, optionalMembership: true,
});
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
if (!challenge.canModify(user)) throw new NotAuthorized(res.t('onlyLeaderUpdateChal'));
group.purchased = undefined;
_.merge(challenge, Challenge.sanitizeUpdate(req.body));
const savedChal = await challenge.save();
const response = savedChal.toJSON();
response.group = getChallengeGroupResponse(group);
const chalLeader = await User.findById(response.leader).select(nameFields).exec();
response.leader = chalLeader ? chalLeader.toJSON({ minimize: true }) : null;
res.respond(200, response);
},
};
/**
* @api {delete} /api/v3/challenges/:challengeId Delete a challenge
* @apiName DeleteChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The _id for the challenge to delete
*
* @apiSuccess {Object} data An empty object
*
* @apiUse ChallengeNotFound
*/
api.deleteChallenge = {
method: 'DELETE',
url: '/challenges/:challengeId',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
if (!challenge.canModify(user)) throw new NotAuthorized(res.t('onlyLeaderDeleteChal'));
// Close channel in background, some ops are run in the background without `await`ing
await challenge.closeChal({ broken: 'CHALLENGE_DELETED' });
res.analytics.track('challenge delete', {
uuid: user._id,
hitType: 'event',
category: 'behavior',
challengeID: challenge._id,
groupID: challenge.group._id,
groupName: challenge.group.privacy === 'private' ? null : challenge.group.name,
groupType: challenge.group._id === TAVERN_ID ? 'tavern' : challenge.group.type,
prize: challenge.prize,
headers: req.headers,
});
res.respond(200, {});
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/selectWinner/:winnerId Select winner for challenge
* @apiName SelectChallengeWinner
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The _id for the challenge to close with a winner
* @apiParam (Path) {UUID} winnerId The _id of the winning user
*
* @apiSuccess {Object} data An empty object
*
* @apiUse ChallengeNotFound
*/
api.selectChallengeWinner = {
method: 'POST',
url: '/challenges/:challengeId/selectWinner/:winnerId',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
req.checkParams('winnerId', res.t('winnerIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
if (!challenge.canModify(user)) throw new NotAuthorized(res.t('onlyLeaderDeleteChal'));
const nonParticipant = !user.challenges
|| (user.challenges
&& user.challenges.findIndex(cId => cId === challenge._id) === -1);
const isFlaggedForNonAdminUser = challenge.flagCount > 1
&& !user.hasPermission('moderator')
&& nonParticipant
&& challenge.leader !== user._id;
if (isFlaggedForNonAdminUser) throw new NotFound(res.t('challengeNotFound'));
const winner = await User.findOne({ _id: req.params.winnerId }).exec();
if (!winner || winner.challenges.indexOf(challenge._id) === -1) throw new NotFound(res.t('winnerNotFound', { userId: req.params.winnerId }));
// Close channel in background, some ops are run in the background without `await`ing
await challenge.closeChal({ broken: 'CHALLENGE_CLOSED', winner });
res.analytics.track('challenge close', {
uuid: user._id,
hitType: 'event',
category: 'behavior',
challengeID: challenge._id,
challengeWinnerID: winner._id,
groupID: challenge.group._id,
groupName: challenge.group.privacy === 'private' ? null : challenge.group.name,
groupType: challenge.group._id === TAVERN_ID ? 'tavern' : challenge.group.type,
prize: challenge.prize,
headers: req.headers,
});
res.respond(200, {});
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/clone Clone a challenge
* @apiName CloneChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The _id for the challenge to clone
*
* @apiSuccess {Object} challenge The cloned challenge
*
* @apiUse ChallengeNotFound
*/
api.cloneChallenge = {
method: 'POST',
url: '/challenges/:challengeId/clone',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challengeToClone = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challengeToClone) throw new NotFound(res.t('challengeNotFound'));
const nonParticipant = !user.challenges
|| (user.challenges
&& user.challenges.findIndex(cId => cId === challengeToClone._id) === -1);
const isFlaggedForNonAdminUser = challengeToClone.flagCount > 1
&& !user.hasPermission('moderator')
&& nonParticipant
&& challengeToClone.leader !== user._id;
if (isFlaggedForNonAdminUser) throw new NotFound(res.t('challengeNotFound'));
const { savedChal } = await createChallenge(user, req, res);
const challengeTaskIds = [
...challengeToClone.tasksOrder.habits,
...challengeToClone.tasksOrder.dailys,
...challengeToClone.tasksOrder.todos,
...challengeToClone.tasksOrder.rewards,
];
const challengeTasks = await Promise.all(challengeTaskIds.map(async taskId => {
const task = Tasks.Task.findById(taskId).exec();
return task;
}));
// last task should be added first and vice-versa, since new tasks are prepended
challengeTasks.reverse();
const tasksToClone = challengeTasks.map(task => {
const clonedTask = cloneDeep(task.toObject());
const omittedTask = cleanUpTask(clonedTask);
return omittedTask;
});
const taskRequest = {
body: tasksToClone,
};
const clonedTasks = await createTasks(taskRequest, res, { user, challenge: savedChal });
res.respond(200, { clonedTasks, clonedChallenge: savedChal });
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/flag Flag a challenge
* @apiName FlagChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The _id for the challenge to flag
* @apiParam (Body) {String} [comment] Why the message was flagged
*
* @apiSuccess {Object} data The flagged challenge message
*
* @apiUse ChallengeNotFound
*/
api.flagChallenge = {
method: 'POST',
url: '/challenges/:challengeId/flag',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
await flagChallenge(challenge, user, res);
await notifyOfFlaggedChallenge(challenge, user, req.body.comment);
res.respond(200, { challenge });
},
};
/**
* @api {post} /api/v3/challenges/:challengeId/clearflags Clears flags on a challenge
* @apiName ClearFlagsChallenge
* @apiGroup Challenge
*
* @apiParam (Path) {UUID} challengeId The _id for the challenge to clear flags from
*
* @apiSuccess {Object} data The flagged challenge message
*
* @apiUse ChallengeNotFound
*/
api.clearFlagsChallenge = {
method: 'POST',
url: '/challenges/:challengeId/clearflags',
middlewares: [authWithHeaders()],
async handler (req, res) {
const { user } = res.locals;
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
if (!user.hasPermission('moderator')) {
throw new NotAuthorized(res.t('messageGroupChatAdminClearFlagCount'));
}
const challenge = await Challenge.findOne({ _id: req.params.challengeId }).exec();
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
await clearFlags(challenge, user);
res.respond(200, { challenge });
},
};
export default api;
Reference in New Issue View Git Blame Copy Permalink