-
-
Notifications
You must be signed in to change notification settings - Fork 43
Expand file tree
/
Copy pathactivityLogController.js
More file actions
53 lines (43 loc) · 1.6 KB
/
activityLogController.js
File metadata and controls
53 lines (43 loc) · 1.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
const ActivityLog = require('../models/activityLog');
const UserProfile = require('../models/userProfile');
const { hasPermission } = require('../utilities/permissions');
const activityLogController = function () {
async function fetchSupportDailyLog(req, res) {
try {
const { studentId } = req.params;
const { requestor } = req.body;
if (!studentId) return res.status(400).json({ error: 'Missing studentId' });
if (!(await hasPermission(requestor, 'fetchSupportDailyLog'))) {
return res
.status(403)
.json({ error: 'Forbidden: Only support role can access this endpoint' });
}
const studentProfile = await UserProfile.findById(studentId).select('orgId');
if (!studentProfile) {
return res.status(404).json({ error: 'Student not found' });
}
if (String(studentProfile.orgId) !== String(requestor.orgId)) {
return res
.status(403)
.json({ error: 'Forbidden: Cannot access student outside your organization' });
}
// fetch logs
const logs = await ActivityLog.find({ actor_id: studentId })
.sort({ created_at: -1 })
.select('action_type metadata created_at actor_id');
await ActivityLog.create({
actor_id: requestor.requestorId,
action_type: 'view_student_daily_log',
metadata: { viewedStudentId: studentId },
created_at: new Date(),
});
res.json(logs);
} catch (err) {
res.status(500).json({ error: err.message });
}
}
return {
fetchSupportDailyLog,
};
};
module.exports = activityLogController;