DELETE and GET methods for condition

2020-05-08 15:12:36 +02:00
parent 852c035dfc
commit 0ec9b44462
7 changed files with 767 additions and 8 deletions
--- a/src/routes/condition.spec.ts
+++ b/src/routes/condition.spec.ts
@@ -9,7 +9,7 @@ describe('/condition', () => {
  beforeEach(done => server = TestHelper.beforeEach(server, done));
  afterEach(done => TestHelper.afterEach(server, done));

-  describe('GET /condition/id', () => {
+  describe('GET /condition/{id}', () => {
    it('returns the right condition', done => {
      TestHelper.request(server, done, {
        method: 'get',
@@ -19,10 +19,117 @@ describe('/condition', () => {
        res: {_id: '700000000000000000000001', sample_id: '400000000000000000000001', number: 'B1', parameters: {material: 'copper', weeks: 3}, treatment_template: '200000000000000000000001'}
      });
    });
-    it('returns the right condition for an API key');
-    it('rejects an invalid id');
-    it('rejects an unknown id');
-    it('rejects unauthorized requests');
+    it('returns the right condition for an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/condition/700000000000000000000001',
+        auth: {key: 'janedoe'},
+        httpStatus: 200,
+        res: {_id: '700000000000000000000001', sample_id: '400000000000000000000001', number: 'B1', parameters: {material: 'copper', weeks: 3}, treatment_template: '200000000000000000000001'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/condition/70000000000t000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/condition/000000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects unauthorized requests', done  => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/condition/700000000000000000000001',
+        httpStatus: 401
+      });
+    });
+  });
+
+  describe('DELETE /condition/{id}', () => {
+    it('deletes the condition', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({status: 'OK'});
+        ConditionModel.findById('700000000000000000000002').lean().exec((err, data) => {
+          if (err) return done(err);
+          should(data).be.null();
+          done();
+        });
+      });
+    });
+    it('rejects a deleting a condition referenced by measurements');
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/70000000000w000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000002',
+        auth: {key: 'janedoe'},
+        httpStatus: 401
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000002',
+        auth: {basic: 'user'},
+        httpStatus: 403
+      });
+    });
+    it('rejects a write user deleting a condition belonging to a sample of another user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000003',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403
+      });
+    });
+    it('accepts an maintain/admin user deleting a condition belonging to a sample of another user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000002',
+        auth: {basic: 'admin'},
+        httpStatus: 200
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({status: 'OK'});
+        done();
+      });
+    });
+    it('returns 404 for an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/00000000000w000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/condition/700000000000000000000002',
+        httpStatus: 401
+      });
+    });
  });

  describe('POST /condition/new', () => {
--- a/src/routes/condition.ts
+++ b/src/routes/condition.ts
@@ -7,10 +7,41 @@ import res400 from './validate/res400';
 import SampleModel from '../models/sample';
 import ConditionModel from '../models/condition';
 import TreatmentTemplateModel from '../models/treatment_template';
+import IdValidate from './validate/id';


 const router = express.Router();

+router.get('/condition/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'all')) return;
+
+  ConditionModel.findById(req.params.id).lean().exec((err, data) => {
+    if (err) return next(err);
+    if (data) {
+      res.json(ConditionValidate.output(data));
+    }
+    else {
+      res.status(404).json({status: 'Not found'});
+    }
+  });
+});
+
+router.delete('/condition/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  ConditionModel.findById(req.params.id).lean().exec(async (err, data: any) => {
+    if (err) return next(err);
+    if (!data) {
+      res.status(404).json({status: 'Not found'});
+    }
+    if (!await sampleIdCheck(data, req, res, next)) return;
+    ConditionModel.findByIdAndDelete(req.params.id).lean().exec(async err => {
+      if (err) return next(err);
+      res.json({status: 'OK'});
+    });
+  });
+});
+
 router.post('/condition/new', async (req, res, next) => {
  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;

--- a/src/routes/material.ts
+++ b/src/routes/material.ts
@@ -80,7 +80,7 @@ router.delete('/material/' + IdValidate.parameter(), (req, res, next) => {
    MaterialModel.findByIdAndDelete(req.params.id).lean().exec((err, data) => {
      if (err) return next(err);
      if (data) {
-        res.json({status: 'OK'})
+        res.json({status: 'OK'});
      }
      else {
        res.status(404).json({status: 'Not found'});