UoaWDCC · harbassan · Oct 21, 2024 · Oct 20, 2024 · Oct 20, 2024 · Oct 20, 2024
diff --git a/backend/src/db/daos/noteDao.js b/backend/src/db/daos/noteDao.js
@@ -1,5 +1,6 @@
 import Note from "../models/note.js";
 import Group from "../models/group.js";
+import { HttpError } from "../../util/error.js";
 
 /**
  * Checks if a user is in a group
@@ -31,7 +32,7 @@ const createNote = async (groupId, title, email, text = "") => {
   if (role === null) {
     return null;
   }
-  const dbNote = new Note({ title, role, text });
+  const dbNote = new Note({ title, role, text, date: new Date() });
   await dbNote.save();
   const updateQuery = {};
   updateQuery[`notes.${role}`] = dbNote.id;
@@ -48,19 +49,17 @@ const createNote = async (groupId, title, email, text = "") => {
  */
 const deleteNote = async (noteId, groupId, email) => {
   const role = await checkRole(groupId, email);
-  const note = await Note.findById(noteId);
-  if (note.role !== role) {
-    return null;
-  }
+  const note = await Note.findById(noteId, { role: 1 }).lean();
+  if (note?.role !== role) throw new HttpError(403, "Forbidden");
 
-  const updateQuery = {
-    $pull: { [`notes.${note.role}`]: noteId },
-  };
+  const updateQuery = { $pull: { [`notes.${note.role}`]: noteId } };
+  await Promise.all([
+    // remove reference
+    Group.updateOne({ _id: groupId }, updateQuery),
+    // remove document
+    Note.deleteOne({ _id: noteId }),
+  ]);
 
-  //  delete note from group
-  await Group.updateOne({ _id: groupId }, updateQuery);
-  //  delete note from note collection
-  await note.delete();
   return null;
 };
 
@@ -94,24 +93,13 @@ const updateNote = async (noteId, updatedNote, groupId, email) => {
  * @returns list of database note objects
  */
 //  I know the group is fetched for twice but this is currently not used anywhere
-const retrieveNoteList = async (groupId, email) => {
-  const dbGroup = await Group.findById(groupId);
-  const role = await checkRole(groupId, email);
-  //  if user is not in group return null
-  if (role === null) {
-    return null;
-  }
-  const allNotes = [];
-  const noteIds = [...dbGroup.notes.values()].flat();
-  const dbNotes = await Note.find({ _id: { $in: noteIds } }, [
-    "title",
-    "role",
-    "date",
-    "text",
-  ]);
+const retrieveNoteList = async (groupId) => {
+  const { notes } = await Group.findById(groupId, { notes: 1 }).lean();
+
+  const noteIds = Object.values(notes).flat();
+  const dbNotes = await Note.find({ _id: { $in: noteIds } }, { __v: 0 });
 
-  allNotes.push(...dbNotes);
-  return allNotes;
+  return dbNotes;
 };
 
 /**

diff --git a/backend/src/routes/api/note.js b/backend/src/routes/api/note.js
@@ -7,16 +7,18 @@ import {
   retrieveNote,
 } from "../../db/daos/noteDao.js";
 import auth from "../../middleware/firebaseAuth.js";
+import { handle } from "../../util/error.js";
+import STATUS from "../../util/status.js";
 
 const router = Router();
 const HTTP_OK = 200;
 
 router.use(auth);
 
 // Retrieve note list
-router.get("/retrieveList/:groupId", async (req, res) => {
+router.get("/retrieveAll/:groupId", async (req, res) => {
   const { groupId } = req.params;
-  const notes = retrieveNoteList(groupId);
+  const notes = await retrieveNoteList(groupId);
   res.status(HTTP_OK).json(notes);
 });
 
@@ -43,9 +45,12 @@ router.put("/update", async (req, res) => {
 });
 
 // Delete a note
-router.delete("/delete", async (req, res) => {
-  const { noteId, groupId, email } = req.body;
-  await deleteNote(noteId, groupId, email);
-  res.status(HTTP_OK).json("note deleted");
-});
+router.delete(
+  "/delete",
+  handle(async (req, res) => {
+    const { noteId, groupId, email } = req.body;
+    await deleteNote(noteId, groupId, email);
+    res.status(STATUS.OK).json("note deleted");
+  })
+);
 export default router;