zabartcc · XDerpingxGruntX · Oct 20, 2024 · Feb 21, 2024 · Feb 21, 2024 · Feb 22, 2024
diff --git a/controllers/ControllerController.js b/controllers/ControllerController.js
diff --git a/controllers/EventController.js b/controllers/EventController.js
@@ -178,7 +178,7 @@ router.delete('/:slug/signup', getUser, async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.delete('/:slug/mandelete/:cid', getUser, auth(['atm', 'datm', 'ec']), async(req, res) => {
+router.delete('/:slug/mandelete/:cid', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async(req, res) => {
 	try {
 		const signup = await Event.findOneAndUpdate({url: req.params.slug}, {
 			$pull: {
@@ -211,7 +211,7 @@ router.delete('/:slug/mandelete/:cid', getUser, auth(['atm', 'datm', 'ec']), asy
 	return res.json(res.stdRes);
 });
 
-router.put('/:slug/mansignup/:cid', getUser, auth(['atm', 'datm', 'ec']), async (req, res) => {
+router.put('/:slug/mansignup/:cid', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async (req, res) => {
 	try {
 		const user = await User.findOne({cid: req.params.cid});
 		if(user !== null) {
@@ -242,7 +242,7 @@ router.put('/:slug/mansignup/:cid', getUser, auth(['atm', 'datm', 'ec']), async
 	return res.json(res.stdRes);
 });
 
-router.post('/', getUser, auth(['atm', 'datm', 'ec']), upload.single('banner'), async (req, res) => {
+router.post('/', getUser, auth(['atm1', 'datm', 'ec', 'wm']), upload.single('banner'), async (req, res) => {
 	try {
 		const url = req.body.name.replace(/\s+/g, '-').toLowerCase().replace(/^-+|-+(?=-|$)/g, '').replace(/[^a-zA-Z0-9-_]/g, '') + '-' + Date.now().toString().slice(-5);
 		const allowedTypes = ['image/jpg', 'image/jpeg', 'image/png', 'image/gif'];
@@ -296,7 +296,7 @@ router.post('/', getUser, auth(['atm', 'datm', 'ec']), upload.single('banner'),
 	return res.json(res.stdRes);
 });
 
-router.put('/:slug', getUser, auth(['atm', 'datm', 'ec']), upload.single('banner'), async (req, res) => {
+router.put('/:slug', getUser, auth(['atm1', 'datm', 'ec', 'wm']), upload.single('banner'), async (req, res) => {
 	try {
 		const event = await Event.findOne({url: req.params.slug});
 		const {name, description, startTime, endTime, positions} = req.body;
@@ -408,7 +408,7 @@ router.put('/:slug', getUser, auth(['atm', 'datm', 'ec']), upload.single('banner
 	return res.json(res.stdRes);
 });
 
-router.delete('/:slug', getUser, auth(['atm', 'datm', 'ec']), async (req, res) => {
+router.delete('/:slug', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async (req, res) => {
 	try {
 		const deleteEvent = await Event.findOne({url: req.params.slug});
 		await deleteEvent.delete();
@@ -448,7 +448,7 @@ router.delete('/:slug', getUser, auth(['atm', 'datm', 'ec']), async (req, res) =
 // 	return res.json(res.stdRes);
 // });
 
-router.put('/:slug/assign', getUser, auth(['atm', 'datm', 'ec']), async (req, res) => {
+router.put('/:slug/assign', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async (req, res) => {
 	try {
 		const {position, cid} = req.body;
 
@@ -484,7 +484,7 @@ router.put('/:slug/assign', getUser, auth(['atm', 'datm', 'ec']), async (req, re
 	return res.json(res.stdRes);
 });
 
-router.put('/:slug/notify', getUser, auth(['atm', 'datm', 'ec']), async (req, res) => {
+router.put('/:slug/notify', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async (req, res) => {
 	try {
 		await Event.updateOne({url: req.params.slug}, {
 			$set: {
@@ -524,7 +524,7 @@ router.put('/:slug/notify', getUser, auth(['atm', 'datm', 'ec']), async (req, re
 	return res.json(res.stdRes);
 });
 
-router.put('/:slug/close', getUser, auth(['atm', 'datm', 'ec']), async (req, res) => {
+router.put('/:slug/close', getUser, auth(['atm1', 'datm', 'ec', 'wm']), async (req, res) => {
 	try {
 		await Event.updateOne({url: req.params.slug}, {
 			$set: {

diff --git a/controllers/FeedbackController.js b/controllers/FeedbackController.js
@@ -6,7 +6,7 @@ import Notification from '../models/Notification.js';
 import getUser from '../middleware/getUser.js';
 import auth from '../middleware/auth.js';
 
-router.get('/', getUser, auth(['atm', 'datm', 'ta', 'ec']), async (req, res) => { // All feedback
+router.get('/', getUser, auth(['atm1', 'datm', 'ta', 'ec','wm']), async (req, res) => { // All feedback
 	try {
 		const page = +req.query.page || 1;
 		const limit = +req.query.limit || 20;
@@ -85,7 +85,7 @@ router.get('/controllers', async ({res}) => { // Controller list on feedback pag
 	return res.json(res.stdRes);
 });
 
-router.get('/unapproved', getUser, auth(['atm', 'datm', 'ta', 'ec']), async ({res}) => { // Get all unapproved feedback
+router.get('/unapproved', getUser, auth(['atm1', 'datm', 'ta', 'ec', 'wm']), async ({res}) => { // Get all unapproved feedback
 	try {
 		const feedback = await Feedback.find({deletedAt: null, approved: false}).populate('controller', 'fname lname cid').sort({createdAt: 'desc'}).lean();
 		res.stdRes.data = feedback;
@@ -96,7 +96,7 @@ router.get('/unapproved', getUser, auth(['atm', 'datm', 'ta', 'ec']), async ({re
 	return res.json(res.stdRes);
 });
 
-router.put('/approve/:id', getUser, auth(['atm', 'datm', 'ta']), async (req, res) => { // Approve feedback
+router.put('/approve/:id', getUser, auth(['atm1', 'datm', 'ta']), async (req, res) => { // Approve feedback
 	try {
 		const approved = await Feedback.findOneAndUpdate({_id: req.params.id}, {
 			approved: true
@@ -123,7 +123,7 @@ router.put('/approve/:id', getUser, auth(['atm', 'datm', 'ta']), async (req, res
 	return res.json(res.stdRes);
 });
 
-router.put('/reject/:id', getUser, auth(['atm', 'datm', 'ta']), async (req, res) => { // Reject feedback
+router.put('/reject/:id', getUser, auth(['atm1', 'datm', 'ta']), async (req, res) => { // Reject feedback
 	try {
 		const feedback = await Feedback.findOne({_id: req.params.id});
 		await feedback.delete();

diff --git a/controllers/FileController.js b/controllers/FileController.js
@@ -50,7 +50,7 @@ router.get('/downloads/:id', async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.post('/downloads', getUser, auth(['atm', 'datm', 'ta', 'fe']), upload.single('download'), async (req, res) => {
+router.post('/downloads', getUser, auth(['atm1', 'datm', 'ta', 'fe']), upload.single('download'), async (req, res) => {
 	try {
 		if(!req.body.category) {
 			throw {
@@ -95,7 +95,7 @@ router.post('/downloads', getUser, auth(['atm', 'datm', 'ta', 'fe']), upload.sin
 	return res.json(res.stdRes);
 });
 
-router.put('/downloads/:id', upload.single('download'), getUser, auth(['atm', 'datm', 'ta', 'fe']), async (req, res) => {
+router.put('/downloads/:id', upload.single('download'), getUser, auth(['atm1', 'datm', 'ta', 'fe']), async (req, res) => {
 	try {
 		if(!req.file) { // no updated file provided
 			await Downloads.findByIdAndUpdate(req.params.id, {
@@ -140,7 +140,7 @@ router.put('/downloads/:id', upload.single('download'), getUser, auth(['atm', 'd
 	return res.json(res.stdRes);
 });
 
-router.delete('/downloads/:id', getUser, auth(['atm', 'datm', 'ta', 'fe']), async (req, res) => {
+router.delete('/downloads/:id', getUser, auth(['atm1', 'datm', 'ta', 'fe']), async (req, res) => {
 	try {
 		const download = await Downloads.findByIdAndDelete(req.params.id).lean();
 		await req.app.dossier.create({
@@ -181,7 +181,7 @@ router.get('/documents/:slug', async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.post('/documents', getUser, auth(['atm', 'datm', 'ta', 'fe']), upload.single('download'), async (req, res) => {
+router.post('/documents', getUser, auth(['atm1', 'datm', 'ta', 'fe']), upload.single('download'), async (req, res) => {
 	try {
 		const {name, category, description, content, type} = req.body;
 		if(!category) {
@@ -252,7 +252,7 @@ router.post('/documents', getUser, auth(['atm', 'datm', 'ta', 'fe']), upload.sin
 	return res.json(res.stdRes);
 });
 
-router.put('/documents/:slug', upload.single('download'), getUser, auth(['atm', 'datm', 'ta', 'fe']), async (req, res) => {
+router.put('/documents/:slug', upload.single('download'), getUser, auth(['atm1', 'datm', 'ta', 'fe']), async (req, res) => {
 	try {
 		const document = await Document.findOne({slug: req.params.slug});
 		const {name, category, description, content, type} = req.body;
@@ -318,7 +318,7 @@ router.put('/documents/:slug', upload.single('download'), getUser, auth(['atm',
 	return res.json(res.stdRes);
 })
 
-router.delete('/documents/:id', getUser, auth(['atm', 'datm', 'ta', 'fe']), async (req, res) => {
+router.delete('/documents/:id', getUser, auth(['atm1', 'datm', 'ta', 'fe']), async (req, res) => {
 	try {
 		const doc = await Document.findByIdAndDelete(req.params.id);
 		await req.app.dossier.create({

diff --git a/controllers/NewsController.js b/controllers/NewsController.js
@@ -18,7 +18,7 @@ router.get('/', async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.post('/', getUser, auth(['atm', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) => {
+router.post('/', getUser, auth(['atm1', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) => {
 	try {
 		if(!req.body || !req.body.title || !req.body.content) {
 			throw {
@@ -74,7 +74,7 @@ router.get('/:slug', async (req, res) =>{
 	return res.json(res.stdRes);
 });
 
-router.put('/:slug', getUser, auth(['atm', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) => {
+router.put('/:slug', getUser, auth(['atm1', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) => {
 	try {
 		const {title, content} = req.body;
 		const newsItem = await News.findOne({uriSlug: req.params.slug});
@@ -98,7 +98,7 @@ router.put('/:slug', getUser, auth(['atm', 'datm', 'ta', 'ec', 'fe', 'wm']), asy
 	return res.json(res.stdRes);
 });
 
-router.delete('/:slug', getUser, auth(['atm', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) =>{
+router.delete('/:slug', getUser, auth(['atm1', 'datm', 'ta', 'ec', 'fe', 'wm']), async (req, res) =>{
 	try {
 		const newsItem = await News.findOne({uriSlug: req.params.slug});
 		const status = await newsItem.delete();

diff --git a/controllers/StatsController.js b/controllers/StatsController.js
@@ -16,7 +16,7 @@ import { DateTime as L } from 'luxon';
 const months = ['', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'];
 const ratings = ["Unknown", "OBS", "S1", "S2", "S3", "C1", "C2", "C3", "I1", "I2", "I3", "SUP", "ADM"];
 
-router.get('/admin', getUser, auth(['atm', 'datm', 'ta', 'fe', 'ec', 'wm']), async (req, res) => {
+router.get('/admin', getUser, auth(['atm1', 'datm', 'ta', 'fe', 'ec', 'wm']), async (req, res) => {
 	try {
 		const d = new Date();
 		const thisMonth = new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), 1));
@@ -117,7 +117,7 @@ router.get('/admin', getUser, auth(['atm', 'datm', 'ta', 'fe', 'ec', 'wm']), asy
 	return res.json(res.stdRes);
 })
 
-router.get('/ins', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
+router.get('/ins', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
 	try {
 		let lastTraining = await TrainingSession.aggregate([
 			{$group: {
@@ -170,7 +170,7 @@ router.get('/ins', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (re
 	return res.json(res.stdRes);
 })
 
-router.get('/activity', getUser, auth(['atm', 'datm', 'ta', 'wm']), async (req, res) => {
+router.get('/activity', getUser, auth(['atm1', 'datm', 'ta', 'wm']), async (req, res) => {
 	try {
 		const today = L.utc();
 		const chkDate = today.minus({days: 91});

diff --git a/controllers/TrainingController.js b/controllers/TrainingController.js
@@ -129,7 +129,7 @@ router.get('/milestones', getUser, async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.get('/request/open', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
+router.get('/request/open', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
 	try {
 		const days = +req.query.period || 21; // days from start of CURRENT week
 		const d = new Date(Date.now()),
@@ -155,7 +155,7 @@ router.get('/request/open', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']),
 	return res.json(res.stdRes);
 });
 
-router.post('/request/take/:id', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
+router.post('/request/take/:id', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
 	try {
 		if(new Date(req.body.startTime) >= new Date(req.body.endTime)) {
 			throw {
@@ -206,7 +206,7 @@ router.post('/request/take/:id', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr
 	return res.json(res.stdRes);
 });
 
-router.delete('/request/:id', getUser, auth(['atm', 'datm', 'ta']), async (req, res) => {
+router.delete('/request/:id', getUser, auth(['atm1', 'datm', 'ta']), async (req, res) => {
 	try {
 		const request = await TrainingRequest.findById(req.params.id);
 		request.delete();
@@ -224,7 +224,7 @@ router.delete('/request/:id', getUser, auth(['atm', 'datm', 'ta']), async (req,
 	return res.json(res.stdRes);
 });
 
-router.get('/request/:date', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
+router.get('/request/:date', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
 	try {
 		const d = new Date(`${req.params.date.slice(0,4)}-${req.params.date.slice(4,6)}-${req.params.date.slice(6,8)}`);
 		const dayAfter = new Date(d);
@@ -248,7 +248,7 @@ router.get('/request/:date', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']),
 	return res.json(res.stdRes);
 });
 
-router.get('/session/open', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
+router.get('/session/open', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async (req, res) => {
 	try {
 		const sessions = await TrainingSession.find({
 			instructorCid: res.user.cid,
@@ -266,7 +266,7 @@ router.get('/session/open', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']),
 
 router.get('/session/:id', getUser, async(req, res) => {
 	try {
-		const isIns = ['ta', 'ins', 'mtr', 'atm', 'datm'].some(r => res.user.roleCodes.includes(r));
+		const isIns = ['ta', 'ins', 'mtr', 'atm1', 'datm'].some(r => res.user.roleCodes.includes(r));
 
 		if(isIns) {
 			const session = await TrainingSession.findById(
@@ -303,7 +303,7 @@ router.get('/session/:id', getUser, async(req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.get('/sessions', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
+router.get('/sessions', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
 	try {
 		const page = +req.query.page || 1;
 		const limit = +req.query.limit || 20;
@@ -404,7 +404,7 @@ router.get('/sessions/past', getUser, async (req, res) => {
 	return res.json(res.stdRes);
 });
 
-router.get('/sessions/:cid', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
+router.get('/sessions/:cid', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
 	try {
 		const controller = await User.findOne({cid: req.params.cid}).select('fname lname').lean();
 		if(!controller) {
@@ -441,7 +441,7 @@ router.get('/sessions/:cid', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']),
 	return res.json(res.stdRes);
 });
 
-router.put('/session/save/:id', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
+router.put('/session/save/:id', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
 	try {
 		await TrainingSession.findByIdAndUpdate(req.params.id, req.body);
 	} catch(e) {
@@ -452,7 +452,7 @@ router.put('/session/save/:id', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr'
 	return res.json(res.stdRes);
 });
 
-router.put('/session/submit/:id', getUser, auth(['atm', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
+router.put('/session/submit/:id', getUser, auth(['atm1', 'datm', 'ta', 'ins', 'mtr']), async(req, res) => {
 	try {
 		if(req.body.position === '' || req.body.progress === null || req.body.movements === null || req.body.location === null || req.body.ots === null || req.body.studentNotes === null || (req.body.studentNotes && req.body.studentNotes.length > 3000) || (req.body.insNotes && req.body.insNotes.length > 3000)) {
 			throw {