Add PermissionRequest schema and API for LED sign access requests #1972
Conversation
Embotic-Wayne
commented
Dec 27, 2025
Embotic-Wayne
commented
- added mongodb schema for user id, type, and when its deleted (excluding duplicates)
- new api to create, read, and delete permission requests sent by members
- unit tests to validate their behavior
| type: Schema.Types.ObjectId, | ||
| ref: 'User', | ||
| required: true, | ||
| index: true, |
There was a problem hiding this comment.
we can remove this, we have the PermissionRequestSchema.index to take care of this
| }, | ||
| type: { | ||
| type: String, | ||
| enum: Object.keys(PermissionRequestTypes), |
There was a problem hiding this comment.
i know they will be a 1 to 1 mapping, we will use the values when we create new data though
| enum: Object.keys(PermissionRequestTypes), | |
| enum: Object.values(PermissionRequestTypes), |
| ); | ||
|
|
||
| // Compound unique index prevents duplicate active requests per user+type | ||
| PermissionRequestSchema.index({ userId: 1, type: 1 }, { unique: true }); |
There was a problem hiding this comment.
instead of { unique: true } can it be
{
unique: true,
partialFilterExpression: { deletedAt: null }
}that way we dont index deleted records
| const populated = await PermissionRequest.findById(permissionRequest._id) | ||
| .populate('userId', 'firstName lastName email'); | ||
| res.status(OK).send(populated); |
There was a problem hiding this comment.
we can also return an empty 200, unless we want to do something with this data in the frontend after submitting
| .populate('userId', 'firstName lastName email'); | ||
| res.status(OK).send(populated); | ||
| } catch (error) { | ||
| if (error.code === 11000) return res.status(BAD_REQUEST).send({ error: 'Request already exists' }); |
There was a problem hiding this comment.
we have CONFLICT instead of BAD_REQUEST
we can send that and no text back, since conflict implies something exists
| } | ||
| }); | ||
|
|
||
| router.post('/delete', async (req, res) => { |
There was a problem hiding this comment.
should admins be able to delete records, and whatever record they want?
| } | ||
| }); | ||
|
|
||
| router.get('/getAll', async (req, res) => { |
There was a problem hiding this comment.
how about / returns everything, up to you
| } | ||
| }); | ||
|
|
||
| router.get('/get', async (req, res) => { |
There was a problem hiding this comment.
can we consolidate both endpoints into one /
the endpoint can either take a parameter like userId, or nothing
if we didnt pass any filters in, return everything if the user is an officer or higher
if we passed in a user id, return the data if
- the user is less than an officer and its their own user id.
- the user is an officer or higher
