diven.idnani/Todo_Admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Todo_Admin/Backend/routes/todos.js
Diven2510 eef41c105c Files for Todo_admin added
2025-12-30 19:44:14 +05:30

229 lines
6.1 KiB
JavaScript
Raw Permalink Blame History

import express from 'express';
import Todo from '../models/Todo.js';
import User from '../models/User.js';
import { requireAdmin } from '../middleware/auth.js';
const router = express.Router();
// Get todos - different behavior for admin vs user
router.get('/', async (req, res) => {
try {
const { date, userId } = req.query;
let query = {};
if (req.user.role === 'admin') {
// Admin can see all todos or filter by userId
if (userId) {
query.userId = userId;
}
} else {
// Regular users only see their assigned tasks
query.userId = req.user._id;
}
if (date) {
const startDate = new Date(date);
const endDate = new Date(date);
endDate.setDate(endDate.getDate() + 1);
query.dueDate = {
$gte: startDate,
$lt: endDate
};
}
const todos = await Todo.find(query)
.populate('userId', 'username email')
.populate('assignedBy', 'username email')
.sort({ createdAt: -1 });
res.json(todos);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Create new todo - only admins can assign tasks to others
router.post('/', async (req, res) => {
try {
const { title, description, priority, dueDate, userId } = req.body;
let todoData = {
title,
description,
priority,
dueDate: new Date(dueDate)
};
if (req.user.role === 'admin') {
// Admin can assign tasks to any user
todoData.userId = userId || req.user._id;
todoData.assignedBy = req.user._id;
} else {
// Regular users can only create tasks for themselves
todoData.userId = req.user._id;
}
const todo = new Todo(todoData);
await todo.save();
const populatedTodo = await Todo.findById(todo._id)
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
res.status(201).json(populatedTodo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Update todo - different permissions for admin vs user
router.put('/:id', async (req, res) => {
try {
const { id } = req.params;
const updates = req.body;
console.log('Update request:', { id, updates, userRole: req.user.role });
let query = { _id: id };
let finalUpdates = { ...updates };
if (req.user.role === 'admin') {
// Admin can update any todo
console.log('Admin updating todo');
} else {
// Regular users can only update their own todos
query.userId = req.user._id;
console.log('User updating own todo');
// Users can only update status and submit tasks
const allowedUpdates = ['status'];
const filteredUpdates = {};
allowedUpdates.forEach(field => {
if (updates[field] !== undefined) {
filteredUpdates[field] = updates[field];
}
});
// Handle task submission
if (updates.status === 'submitted') {
filteredUpdates.submittedAt = new Date();
}
finalUpdates = filteredUpdates;
console.log('Filtered updates for user:', finalUpdates);
}
const todo = await Todo.findOneAndUpdate(query, finalUpdates, { new: true })
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
if (!todo) {
console.log('Todo not found with query:', query);
return res.status(404).json({ message: 'Todo not found or access denied' });
}
console.log('Todo updated successfully:', todo);
res.json(todo);
} catch (error) {
console.error('Update todo error:', error);
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Delete todo - only admins can delete
router.delete('/:id', requireAdmin, async (req, res) => {
try {
const { id } = req.params;
const todo = await Todo.findByIdAndDelete(id);
if (!todo) {
return res.status(404).json({ message: 'Todo not found' });
}
res.json({ message: 'Todo deleted successfully' });
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin routes for user management
router.get('/admin/users', requireAdmin, async (req, res) => {
try {
const users = await User.find({ role: 'user' }).select('-password');
res.json(users);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to get all todos with user details
router.get('/admin/all-todos', requireAdmin, async (req, res) => {
try {
const todos = await Todo.find()
.populate('userId', 'username email')
.populate('assignedBy', 'username email')
.sort({ createdAt: -1 });
res.json(todos);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to assign task to user
router.post('/admin/assign', requireAdmin, async (req, res) => {
try {
const { title, description, priority, dueDate, userId } = req.body;
const todo = new Todo({
title,
description,
priority,
dueDate: new Date(dueDate),
userId,
assignedBy: req.user._id
});
await todo.save();
const populatedTodo = await Todo.findById(todo._id)
.populate('userId', 'username email')
.populate('assignedBy', 'username email');
res.status(201).json(populatedTodo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
// Admin route to mark task as completed
router.put('/admin/complete/:id', requireAdmin, async (req, res) => {
try {
const { id } = req.params;
const todo = await Todo.findByIdAndUpdate(
id,
{
status: 'completed',
completedAt: new Date()
},
{ new: true }
).populate('userId', 'username email')
.populate('assignedBy', 'username email');
if (!todo) {
return res.status(404).json({ message: 'Todo not found' });
}
res.json(todo);
} catch (error) {
res.status(500).json({ message: 'Server error', error: error.message });
}
});
export default router;
Reference in New Issue View Git Blame Copy Permalink