medic · sugat009 · Nov 6, 2024 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024
diff --git a/api/src/controllers/contact.js b/api/src/controllers/contact.js
@@ -0,0 +1,50 @@
+const auth = require('../auth');
+const { Contact, Qualifier } = require('@medic/cht-datasource');
+const ctx = require('../services/data-context');
+const serverUtils = require('../server-utils');
+
+const getContact = ({ with_lineage }) => ctx.bind(with_lineage === 'true' ? Contact.v1.getWithLineage : Contact.v1.get);
+const getContactIds = () => ctx.bind(Contact.v1.getIdsPage);
+
+const checkUserPermissions = async (req) => {
+  const userCtx = await auth.getUserCtx(req);
+  if (!auth.isOnlineOnly(userCtx) || !auth.hasAllPermissions(userCtx, 'can_view_contacts')) {
+    return Promise.reject({ code: 403, message: 'Insufficient privileges' });
+  }
+};
+
+module.exports = {
+  v1: {
+    get: serverUtils.doOrError(async (req, res) => {
+      await checkUserPermissions(req);
+      const { uuid } = req.params;
+      const contact = await getContact(req.query)(Qualifier.byUuid(uuid));
+
+      if (!contact) {
+        return serverUtils.error({ status: 404, message: 'Contact not found' }, req, res);
+      }
+
+      return res.json(contact);
+    }),
+    getIds: serverUtils.doOrError(async (req, res) => {
+      await checkUserPermissions(req);
+
+      if (!req.query.freetext && !req.query.type) {
+        return serverUtils.error({ status: 400, message: 'Either query param freetext or type is required' }, req, res);
+      }
+      const qualifier = {};
+
+      if (req.query.freetext) {
+        Object.assign(qualifier, Qualifier.byFreetext(req.query.freetext));
+      }
+
+      if (req.query.type) {
+        Object.assign(qualifier, Qualifier.byContactType(req.query.type));
+      }
+
+      const docs = await getContactIds()(qualifier, req.query.cursor, req.query.limit);
+
+      return res.json(docs);
+    }),
+  },
+};
diff --git a/api/src/controllers/person.js b/api/src/controllers/person.js
@@ -32,9 +32,8 @@ module.exports = {
       await checkUserPermissions(req);
 
       const personType  = Qualifier.byContactType(req.query.type);
-      const limit = req.query.limit ? Number(req.query.limit) : req.query.limit;
 
-      const docs = await getPageByType()( personType, req.query.cursor, limit );
+      const docs = await getPageByType()( personType, req.query.cursor, req.query.limit );
 
       return res.json(docs);
     }),

diff --git a/api/src/controllers/place.js b/api/src/controllers/place.js
@@ -33,9 +33,8 @@ module.exports = {
       await checkUserPermissions(req);
 
       const placeType = Qualifier.byContactType(req.query.type);
-      const limit = req.query.limit ? Number(req.query.limit) : req.query.limit;
 
-      const docs = await getPageByType()( placeType, req.query.cursor, limit );
+      const docs = await getPageByType()( placeType, req.query.cursor, req.query.limit );
 
       return res.json(docs);
     })

diff --git a/api/src/controllers/report.js b/api/src/controllers/report.js
@@ -0,0 +1,39 @@
+const auth = require('../auth');
+const ctx = require('../services/data-context');
+const serverUtils = require('../server-utils');
+const { Report, Qualifier } = require('@medic/cht-datasource');
+
+const getReport = () => ctx.bind(Report.v1.get);
+const getReportIds = () => ctx.bind(Report.v1.getIdsPage);
+
+const checkUserPermissions = async (req) => {
+  const userCtx = await auth.getUserCtx(req);
+  if (!auth.isOnlineOnly(userCtx) || !auth.hasAllPermissions(userCtx, 'can_view_reports')) {
+    return Promise.reject({ code: 403, message: 'Insufficient privileges' });
+  }
+};
+
+module.exports = {
+  v1: {
+    get: serverUtils.doOrError(async (req, res) => {
+      await checkUserPermissions(req);
+      const { uuid } = req.params;
+      const report = await getReport()(Qualifier.byUuid(uuid));
+
+      if (!report) {
+        return serverUtils.error({ status: 404, message: 'Report not found' }, req, res);
+      }
+
+      return res.json(report);
+    }),
+    getIds: serverUtils.doOrError(async (req, res) => {
+      await checkUserPermissions(req);
+
+      const qualifier = Qualifier.byFreetext(req.query.freetext);
+
+      const docs = await getReportIds()(qualifier, req.query.cursor, req.query.limit);
+
+      return res.json(docs);
+    })
+  }
+};
diff --git a/api/src/routing.js b/api/src/routing.js
@@ -37,8 +37,10 @@ const exportData = require('./controllers/export-data');
 const records = require('./controllers/records');
 const forms = require('./controllers/forms');
 const users = require('./controllers/users');
+const contact = require('./controllers/contact');
 const person = require('./controllers/person');
 const place = require('./controllers/place');
+const report = require('./controllers/report');
 const { people, places } = require('@medic/contacts')(config, db, dataContext);
 const upgrade = require('./controllers/upgrade');
 const settings = require('./controllers/settings');
@@ -492,6 +494,12 @@ app.postJson('/api/v1/people', function(req, res) {
 app.get('/api/v1/person', person.v1.getAll);
 app.get('/api/v1/person/:uuid', person.v1.get);
 
+app.get('/api/v1/contact/id', contact.v1.getIds);
+app.get('/api/v1/contact/:uuid', contact.v1.get);
+
+app.get('/api/v1/report/id', report.v1.getIds);
+app.get('/api/v1/report/:uuid', report.v1.get);
+
 app.postJson('/api/v1/bulk-delete', bulkDocs.bulkDelete);
 
 // offline users are not allowed to hydrate documents via the hydrate API