Get another user's event attendance

api/controllers/AttendanceController.ts

@@ -27,7 +27,17 @@ export class AttendanceController {
 
   @Get()
   async getAttendancesForCurrentUser(@AuthenticatedUser() user: UserModel): Promise<GetAttendancesForUserResponse> {
-    const attendances = await this.attendanceService.getAttendancesForUser(user);
+    const attendances = await this.attendanceService.getAttendancesForCurrentUser(user);
+    return { error: null, attendances };
+  }
+
+  @Get('/user/:uuid')
+  async getAttendancesForUser(@Params() params: UuidParam,
+    @AuthenticatedUser() currentUser: UserModel): Promise<GetAttendancesForEventResponse> {
+    if (params.uuid === currentUser.uuid) {
+      return this.getAttendancesForCurrentUser(currentUser);
+    }
+    const attendances = await this.attendanceService.getAttendancesForUser(params.uuid);
     return { error: null, attendances };
   }
 

api/validators/UserControllerRequests.ts

@@ -44,6 +44,9 @@ export class UserPatches implements IUserPatches {
   @Allow()
   bio?: string;
 
+  @Allow()
+  isAttendancePublic?: boolean;
+
   @Type(() => PasswordUpdate)
   @ValidateNested()
   @HasMatchingPasswords()

migrations/0037-add-userAttendancePermission-to-userTable.ts

@@ -0,0 +1,17 @@
+import { MigrationInterface, QueryRunner, TableColumn } from 'typeorm';
+
+const TABLE_NAME = 'Users';
+
+export class AddUserAttendancePermissionToUserTable1691286073346 implements MigrationInterface {
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.addColumn(TABLE_NAME, new TableColumn({
+      name: 'isAttendancePublic',
+      type: 'boolean',
+      default: true,
+    }));
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.dropColumn(TABLE_NAME, 'isAttendancePublic');
+  }
+}

models/UserModel.ts

@@ -55,6 +55,9 @@ export class UserModel extends BaseEntity {
   })
   bio: string;
 
+  @Column('boolean', { default: true })
+  isAttendancePublic: boolean;
+
   @Column('integer', { default: 0 })
   @Index('leaderboard_index')
   points: number;

services/AttendanceService.ts

@@ -1,6 +1,6 @@
 import { Service } from 'typedi';
 import { InjectManager } from 'typeorm-typedi-extensions';
-import { BadRequestError, NotFoundError } from 'routing-controllers';
+import { BadRequestError, ForbiddenError, NotFoundError } from 'routing-controllers';
 import { EntityManager } from 'typeorm';
 import * as moment from 'moment';
 import { ActivityType, PublicAttendance, Uuid } from '../types';
@@ -27,13 +27,22 @@ export default class AttendanceService {
     return attendances.map((attendance) => attendance.getPublicAttendance());
   }
 
-  public async getAttendancesForUser(user: UserModel): Promise<PublicAttendance[]> {
+  public async getAttendancesForCurrentUser(user: UserModel): Promise<PublicAttendance[]> {
     const attendances = await this.transactions.readOnly(async (txn) => Repositories
       .attendance(txn)
       .getAttendancesForUser(user));
     return attendances.map((attendance) => attendance.getPublicAttendance());
   }
 
+  public async getAttendancesForUser(uuid: Uuid): Promise<PublicAttendance[]> {
+    return this.transactions.readOnly(async (txn) => {
+      const user = await Repositories.user(txn).findByUuid(uuid);
+      if (!user.isAttendancePublic) throw new ForbiddenError();
+      const attendances = await Repositories.attendance(txn).getAttendancesForUser(user);
+      return attendances.map((attendance) => attendance.getPublicAttendance());
+    });
+  }
+
   public async attendEvent(user: UserModel, attendanceCode: string, asStaff = false): Promise<PublicAttendance> {
     return this.transactions.readWrite(async (txn) => {
       const event = await Repositories.event(txn).findByAttendanceCode(attendanceCode);

tests/attendance.test.ts

@@ -272,4 +272,58 @@ describe('attendance', () => {
     expect(attendance.user.uuid).toEqual(staff.uuid);
     expect(attendance.event.uuid).toEqual(event.uuid);
   });
+
+  test('get user attendance by uuid', async () => {
+    const conn = await DatabaseConnection.get();
+    const member1 = UserFactory.fake();
+    const member2 = UserFactory.fake();
+    const event1 = EventFactory.fake({ requiresStaff: true });
+    const event2 = EventFactory.fake({ requiresStaff: true });
+
+    await new PortalState()
+      .createUsers(member1, member2)
+      .createEvents(event1, event2)
+      .attendEvents([member1], [event1, event2])
+      .write();
+
+    const attendanceController = ControllerFactory.attendance(conn);
+    const params = { uuid: member1.uuid };
+
+    // returns all attendances for uuid
+    const getAttendancesForUserUuid = await attendanceController.getAttendancesForUser(params, member2);
+    const attendancesForEvent = getAttendancesForUserUuid.attendances.map((a) => ({
+      user: a.user.uuid,
+      event: a.event.uuid,
+      asStaff: a.asStaff,
+    }));
+    const expectedAttendances = [
+      { event: event1.uuid, user: member1.uuid, asStaff: false },
+      { event: event2.uuid, user: member1.uuid, asStaff: false },
+    ];
+    expect(attendancesForEvent).toEqual(expect.arrayContaining(expectedAttendances));
+  });
+
+  test('throws error when canSeeAttendanceFalse', async () => {
+    const conn = await DatabaseConnection.get();
+    const member1 = UserFactory.fake();
+    const member2 = UserFactory.fake();
+    const event1 = EventFactory.fake({ requiresStaff: true });
+    const event2 = EventFactory.fake({ requiresStaff: true });
+
+    await new PortalState()
+      .createUsers(member1, member2)
+      .createEvents(event1, event2)
+      .attendEvents([member1, member2], [event1, event2])
+      .write();
+
+    const attendanceController = ControllerFactory.attendance(conn);
+    const userController = ControllerFactory.user(conn);
+    const params = { uuid: member1.uuid };
+
+    const changePublicAttendancePatch = { user: { isAttendancePublic: false } };
+    await userController.patchCurrentUser(changePublicAttendancePatch, member1);
+
+    await expect(attendanceController.getAttendancesForUser(params, member2))
+      .rejects.toThrow(ForbiddenError);
+  });
 });

tests/data/UserFactory.ts

@@ -43,6 +43,7 @@ export class UserFactory {
       points: 0,
       credits: 0,
       handle: UserAccountService.generateDefaultHandle(firstName, lastName),
+      isAttendancePublic: true,
     });
     return UserModel.merge(fake, substitute);
   }

types/ApiRequests.ts

@@ -66,6 +66,7 @@ export interface UserPatches {
   major?: string;
   graduationYear?: number;
   bio?: string;
+  isAttendancePublic?: boolean;
   passwordChange?: PasswordUpdate;
 }