From 1c2631c6fba9ac1f4230d51536e965b85428b512 Mon Sep 17 00:00:00 2001 From: VLE2FE Date: Thu, 28 May 2020 14:11:19 +0200 Subject: [PATCH] adapted /materials --- api/material.yaml | 4 ++-- src/index.ts | 1 + src/routes/material.spec.ts | 26 ++++++++++++++++++++++++++ src/routes/material.ts | 15 +++++++++------ src/routes/sample.ts | 2 +- src/test/db.json | 17 +++++++++++++++++ 6 files changed, 56 insertions(+), 9 deletions(-) diff --git a/api/material.yaml b/api/material.yaml index d184a3f..51af0ef 100644 --- a/api/material.yaml +++ b/api/material.yaml @@ -48,7 +48,7 @@ get: summary: get material details description: 'Auth: all, levels: read, write, maintain, dev, admin' - x-doc: status handling (accessible (only for maintain/admin))? # TODO after decision + x-doc: deleted samples are available only for maintain/admin tags: - /material responses: @@ -67,7 +67,7 @@ put: summary: change material description: 'Auth: basic, levels: write, maintain, dev, admin' - x-doc: status is reset to 0 on any changes + x-doc: status is reset to 0 on any changes, deleted samples cannot be changed tags: - /material security: diff --git a/src/index.ts b/src/index.ts index 0de6ff4..7dda199 100644 --- a/src/index.ts +++ b/src/index.ts @@ -14,6 +14,7 @@ import db from './db'; // TODO: coverage // TODO: think about the display of deleted/new samples and validation in data and UI // TODO: improve error coverage +// TODO: guess properties from material name in UI // tell if server is running in debug or production environment console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT ====='); diff --git a/src/routes/material.spec.ts b/src/routes/material.spec.ts index 6c70e07..330d5b7 100644 --- a/src/routes/material.spec.ts +++ b/src/routes/material.spec.ts @@ -204,6 +204,23 @@ describe('/material', () => { res: {_id: '100000000000000000000007', name: 'Ultramid A4H', supplier: 'BASF', group: 'PA66', mineral: 0, glass_fiber: 0, carbon_fiber: 0, numbers: [{color: 'black', number: ''}]} }); }); + it('returns a deleted material for a maintain/admin user', done => { + TestHelper.request(server, done, { + method: 'get', + url: '/material/100000000000000000000008', + auth: {basic: 'admin'}, + httpStatus: 200, + res: {_id: '100000000000000000000008', name: 'Latamid 66 H 2 G 30', supplier: 'LATI', group: 'PA66', mineral: 0, glass_fiber: 30, carbon_fiber: 0, numbers: [{color: 'blue', number: '5513943509'}]} + }); + }); + it('returns 403 for a write user when requesting a deleted material', done => { + TestHelper.request(server, done, { + method: 'get', + url: '/material/100000000000000000000008', + auth: {basic: 'janedoe'}, + httpStatus: 403 + }); + }); it('rejects an invalid id', done => { TestHelper.request(server, done, { method: 'get', @@ -363,6 +380,15 @@ describe('/material', () => { req: {}, }); }); + it('rejects editing a deleted material', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/100000000000000000000008', + auth: {basic: 'janedoe'}, + httpStatus: 403, + req: {} + }); + }); it('rejects an API key', done => { TestHelper.request(server, done, { method: 'put', diff --git a/src/routes/material.ts b/src/routes/material.ts index 4a1adb8..ffba3ef 100644 --- a/src/routes/material.ts +++ b/src/routes/material.ts @@ -34,14 +34,14 @@ router.get('/materials/:group(new|deleted)', (req, res, next) => { router.get('/material/' + IdValidate.parameter(), (req, res, next) => { if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'all')) return; - MaterialModel.findById(req.params.id).lean().exec((err, data) => { + MaterialModel.findById(req.params.id).lean().exec((err, data: any) => { if (err) return next(err); - if (data) { - res.json(MaterialValidate.output(data)); - } - else { - res.status(404).json({status: 'Not found'}); + + if (!data) { + return res.status(404).json({status: 'Not found'}); } + if (data.status === globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return; // deleted materials only available for maintain/admin + res.json(MaterialValidate.output(data)); }); }); @@ -55,6 +55,9 @@ router.put('/material/' + IdValidate.parameter(), (req, res, next) => { if (!materialData) { return res.status(404).json({status: 'Not found'}); } + if (materialData.status === globals.status.deleted) { + return res.status(403).json({status: 'Forbidden'}); + } if (material.hasOwnProperty('name') && material.name !== materialData.name) { if (!await nameCheck(material, res, next)) return; } diff --git a/src/routes/sample.ts b/src/routes/sample.ts index 9166bbb..23e786a 100644 --- a/src/routes/sample.ts +++ b/src/routes/sample.ts @@ -43,7 +43,7 @@ router.get('/sample/' + IdValidate.parameter(), (req, res, next) => { if (err) return next(err); if (sampleData) { - if (sampleData.status ===globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return; // deleted samples only available for maintain/admin + if (sampleData.status === globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return; // deleted samples only available for maintain/admin sampleData.material = sampleData.material_id; // map data to right keys sampleData.user = sampleData.user_id.name; sampleData.notes = sampleData.note_id ? sampleData.note_id : {}; diff --git a/src/test/db.json b/src/test/db.json index 372b09a..de4070f 100644 --- a/src/test/db.json +++ b/src/test/db.json @@ -268,6 +268,23 @@ ], "status": 0, "__v": 0 + }, + { + "_id": {"$oid":"100000000000000000000008"}, + "name": "Latamid 66 H 2 G 30", + "supplier": "LATI", + "group": "PA66", + "mineral": 0, + "glass_fiber": 30, + "carbon_fiber": 0, + "numbers": [ + { + "color": "blue", + "number": "5513943509" + } + ], + "status": -1, + "__v": 0 } ], "measurements": [