Resolves issue #1585 - Updated org and user repositories for CVE and CVE-ID endpoints

src/controller/cve-id.controller/cve-id.controller.js

@@ -32,28 +32,30 @@ async function getFilteredCveId (req, res, next) {
     }
     options.page = req.ctx.query.page ? parseInt(req.ctx.query.page) : CONSTANTS.PAGINATOR_PAGE // if 'page' query parameter is not defined, set 'page' to the default page value
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
-    const isSecretariat = await orgRepo.isSecretariat(orgShortName)
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    const isSecretariat = await orgRepo.isSecretariatByShortName(orgShortName)
     const isBulkDownload = await orgRepo.isBulkDownload(orgShortName)
 
     // Create map of orgUUID to shortnames and users to simplify aggregation later
-    const orgs = await orgRepo.getAllOrgs()
-    const users = await userRepo.getAllUsers()
+    const orgs = await orgRepo.findAll()
+    const users = await userRepo.findAll()
 
     const orgMap = {}
     const userMap = {}
 
-    orgs.forEach(org => {
-      orgMap[org.UUID] = { shortname: org.short_name, users: {} }
-    })
-
     users.forEach(user => {
       userMap[user.UUID] = user.username
-      if (!orgMap[user.org_UUID]) {
-        orgMap[user.org_UUID] = { shortname: `MISSING ORG ${user.org_UUID}`, users: {} }
+    })
+
+    orgs.forEach(org => {
+      orgMap[org.UUID] = {
+        shortname: org.short_name,
+        users: org.users.reduce((orgUserMap, userid) => {
+          orgUserMap[userid] = userMap[userid]
+          return orgUserMap
+        }, {})
       }
-      orgMap[user.org_UUID].users[user.UUID] = user.username
     })
 
     Object.keys(req.ctx.query).forEach(k => {
@@ -186,7 +188,7 @@ async function reserveCveId (req, res, next) {
   let amount
   let shortName
   let year
-  const orgRepo = req.ctx.repositories.getOrgRepository()
+  const orgRepo = req.ctx.repositories.getBaseOrgRepository()
 
   try {
     Object.keys(req.ctx.query).forEach(k => {
@@ -203,7 +205,7 @@ async function reserveCveId (req, res, next) {
       }
     })
 
-    const isSecretariat = await orgRepo.isSecretariat(orgShortName)
+    const isSecretariat = await orgRepo.isSecretariatByShortName(orgShortName)
     if (orgShortName !== shortName && !isSecretariat) {
       return res.status(403).json(error.orgCannotReserveForOther())
     }
@@ -239,7 +241,7 @@ async function reserveCveId (req, res, next) {
       return res.status(403).json(error.overIdQuota(payload))
     }
 
-    hasLock = await orgRepo.findOneAndUpdate({ short_name: shortName, inUse: false }, { $set: { inUse: true } }, { new: true }) // set lock for org
+    hasLock = await orgRepo.findOneAndUpdate({ short_name: shortName, $or: [{ inUse: false }, { inUse: { $exists: false } }] }, { $set: { inUse: true } }, { new: true }) // set lock for org
     if (!hasLock) {
       return res.status(403).json(error.reservationInProgress())
     }
@@ -280,7 +282,7 @@ async function getCveId (req, res, next) {
     const auth = req.ctx.authenticated
     const id = req.ctx.params.id
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
 
     const agt = setAggregateObj({ cve_id: id })
     let result = await cveIdRepo.aggregate(agt)
@@ -293,14 +295,12 @@ async function getCveId (req, res, next) {
     let finalResult = {}
     let loggerUuid = 'unauthenticated-user'
     let orgShortName = ''
-    let orgUUID = null
     let isSecretariat = false
 
     if (auth) {
       loggerUuid = req.ctx.uuid
       orgShortName = req.ctx.org
-      orgUUID = await orgRepo.getOrgUUID(orgShortName) // orgShortName is not null
-      isSecretariat = await orgRepo.isSecretariatUUID(orgUUID)
+      isSecretariat = await orgRepo.isSecretariatByShortName(orgShortName)
     }
 
     // Secretariat and owning org are allowed to see complete results
@@ -334,15 +334,15 @@ async function modifyCveId (req, res, next) {
     let state
     let newOrgShortName
     let orgUUID
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const cveRepo = req.ctx.repositories.getCveRepository()
     const org = await orgRepo.findOneByShortName(req.ctx.org)
 
     // Get remaining org quota
     const totalReserved = await cveIdRepo.countDocuments({ owning_cna: org.UUID, state: 'RESERVED' })
-    const remainingQuota = (org.policies.id_quota - totalReserved)
+    const remainingQuota = (org.hard_quota - totalReserved)
 
     // Check for existing record - await only allowed at top level so cannot
     // move inside of it statement below
@@ -408,10 +408,10 @@ async function modifyCveId (req, res, next) {
       action: 'update_cveid',
       change: id + ' was successfully updated.',
       req_UUID: req.ctx.uuid,
-      org_UUID: await orgRepo.getOrgUUID(req.ctx.org),
+      org_UUID: org.UUID,
       cve_id: result
     }
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
     logger.info(JSON.stringify(payload))
     return res.status(200).json(responseMessage)
   } catch (err) {
@@ -425,8 +425,8 @@ async function createCveIdRange (req, res, next) {
     const CONSTANTS = getConstants()
     const year = req.ctx.params.year
     const cveIdRangeRepo = req.ctx.repositories.getCveIdRangeRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const result = await cveIdRangeRepo.findOne({ cve_year: year })
 
     if (result) {
@@ -443,7 +443,7 @@ async function createCveIdRange (req, res, next) {
       req_UUID: req.ctx.uuid,
       org_UUID: await orgRepo.getOrgUUID(req.ctx.org)
     }
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
 
     logger.info(JSON.stringify(payload))
     return res.status(200).send()
@@ -491,8 +491,8 @@ async function priorityReservation (year, amount, shortName, orgShortName, reque
   }
 
   if (!isFull) {
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
     const id = generateSequentialIds(year, result.ranges.priority.top_id, amount)
     const owningOrgUUID = await orgRepo.getOrgUUID(shortName)
@@ -588,8 +588,8 @@ async function sequentialReservation (year, amount, shortName, orgShortName, req
   }
 
   if (!isFull) {
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
     const ids = generateSequentialIds(year, result.ranges.general.top_id, amount)
     const owningOrgUUID = await orgRepo.getOrgUUID(shortName)
@@ -698,8 +698,8 @@ async function nonSequentialReservation (year, amount, shortName, orgShortName,
   }
 
   // Case 2: Enough IDs in the 'AVAILABLE' pool
-  const orgRepo = req.ctx.repositories.getOrgRepository()
-  const userRepo = req.ctx.repositories.getUserRepository()
+  const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+  const userRepo = req.ctx.repositories.getBaseUserRepository()
   let index
   let counter = 0
   const cveIdDocuments = []
@@ -856,7 +856,7 @@ async function reserveNonSequentialCveId (index, available, year, shortName, org
 
 async function getPayload (req, org) {
   const payload = {
-    id_quota: org.policies.id_quota
+    id_quota: org.hard_quota
   }
   const cveIdRepo = req.ctx.repositories.getCveIdRepository()
 
@@ -906,7 +906,7 @@ function setAggregateObj (query) {
     },
     {
       $lookup: {
-        from: 'Org',
+        from: 'BaseOrg',
         localField: 'owning_cna',
         foreignField: 'UUID',
         as: 'ownerCna'
@@ -929,7 +929,7 @@ function setAggregateObj (query) {
     },
     {
       $lookup: {
-        from: 'User',
+        from: 'BaseUser',
         localField: 'requested_by.user',
         foreignField: 'UUID',
         as: 'result'
@@ -952,7 +952,7 @@ function setAggregateObj (query) {
     },
     {
       $lookup: {
-        from: 'Org',
+        from: 'BaseOrg',
         localField: 'requested_by.cna',
         foreignField: 'UUID',
         as: 'result'

src/controller/cve.controller/cve.controller.js

@@ -352,7 +352,7 @@ async function submitCve (req, res, next) {
     const state = newCve.cve.cveMetadata.state
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
 
     // the cve id provided in the body must match the cve id provided in the URL params
     if (id !== cveId) {
@@ -395,8 +395,8 @@ async function submitCve (req, res, next) {
       org_UUID: await orgRepo.getOrgUUID(req.ctx.org),
       cve: cveId
     }
-    const userRepo = req.ctx.repositories.getUserRepository()
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
     logger.info(JSON.stringify(payload))
     return res.status(200).json(responseMessage)
   } catch (err) {
@@ -415,7 +415,7 @@ async function updateCve (req, res, next) {
     const cveId = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
     const newCveMetaData = newCve.cve.cveMetadata
     const newCveId = newCveMetaData.cveId
     const newCveState = newCveMetaData.state
@@ -459,8 +459,8 @@ async function updateCve (req, res, next) {
       cve: cveId
     }
 
-    const userRepo = req.ctx.repositories.getUserRepository()
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
     logger.info(JSON.stringify(payload))
     return res.status(200).json(responseMessage)
   } catch (err) {
@@ -476,10 +476,10 @@ async function submitCna (req, res, next) {
     const id = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const orgUuid = await orgRepo.getOrgUUID(req.ctx.org)
-    const userUuid = await userRepo.getUserUUID(req.ctx.user, orgUuid)
+    const userUuid = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
 
     // To avoid breaking legacy behavior in the "booleanIsTrue" function, we need to check to make sure that undefined is set to false
     let erlCheck
@@ -497,7 +497,7 @@ async function submitCna (req, res, next) {
 
     // check that cveId org matches user org
     const cveId = result
-    const isSecretariat = await orgRepo.isSecretariat(req.ctx.org)
+    const isSecretariat = await orgRepo.isSecretariatByShortName(req.ctx.org)
     if ((cveId.owning_cna !== orgUuid) && !isSecretariat) {
       return res.status(403).json(error.owningOrgDoesNotMatch())
     }
@@ -572,10 +572,10 @@ async function updateCna (req, res, next) {
     const id = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const orgUuid = await orgRepo.getOrgUUID(req.ctx.org)
-    const userUuid = await userRepo.getUserUUID(req.ctx.user, orgUuid)
+    const userUuid = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
 
     // To avoid breaking legacy behavior in the "booleanIsTrue" function, we need to check to make sure that undefined is set to false
     let erlCheck
@@ -593,7 +593,7 @@ async function updateCna (req, res, next) {
 
     // check that cveId org matches user org
     const cveId = result
-    const isSecretariat = await orgRepo.isSecretariat(req.ctx.org)
+    const isSecretariat = await orgRepo.isSecretariatByShortName(req.ctx.org)
     if ((cveId.owning_cna !== orgUuid) && !isSecretariat) {
       return res.status(403).json(error.owningOrgDoesNotMatch())
     }
@@ -698,7 +698,7 @@ async function rejectCVE (req, res, next) {
     }
 
     // Both orgs below should exist since they passed validation
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
     const providerOrgObj = await orgRepo.findOneByShortName(req.ctx.org)
     const owningCnaObj = await orgRepo.findOneByUUID(cveIdObj.owning_cna)
 
@@ -738,8 +738,8 @@ async function rejectCVE (req, res, next) {
       org_UUID: await orgRepo.getOrgUUID(req.ctx.org),
       cve: id
     }
-    const userRepo = req.ctx.repositories.getUserRepository()
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
     logger.info(JSON.stringify(payload))
     return res.status(200).json(responseMessage)
   } catch (err) {
@@ -755,7 +755,7 @@ async function rejectExistingCve (req, res, next) {
     const id = req.ctx.params.id
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
     const cveRepo = req.ctx.repositories.getCveRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
     const providerOrgObj = await orgRepo.findOneByShortName(req.ctx.org)
 
     // check that cve id exists
@@ -813,8 +813,8 @@ async function rejectExistingCve (req, res, next) {
       org_UUID: providerOrgObj.UUID,
       cve: id
     }
-    const userRepo = req.ctx.repositories.getUserRepository()
-    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, payload.org_UUID)
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
+    payload.user_UUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
     logger.info(JSON.stringify(payload))
     return res.status(200).json(responseMessage)
   } catch (err) {
@@ -830,10 +830,10 @@ async function insertAdp (req, res, next) {
     const id = req.ctx.params.id
     const cveRepo = req.ctx.repositories.getCveRepository()
     const cveIdRepo = req.ctx.repositories.getCveIdRepository()
-    const orgRepo = req.ctx.repositories.getOrgRepository()
-    const userRepo = req.ctx.repositories.getUserRepository()
+    const orgRepo = req.ctx.repositories.getBaseOrgRepository()
+    const userRepo = req.ctx.repositories.getBaseUserRepository()
     const orgUuid = await orgRepo.getOrgUUID(req.ctx.org)
-    const userUuid = await userRepo.getUserUUID(req.ctx.user, orgUuid)
+    const userUuid = await userRepo.getUserUUID(req.ctx.user, req.ctx.org)
 
     // check that cve id exists
     let result = await cveIdRepo.findOneByCveId(id)