adapted /materials

api/material.yaml

@@ -48,7 +48,7 @@
   get:
     summary: get material details
     description: 'Auth: all, levels: read, write, maintain, dev, admin'
-    x-doc: status handling (accessible (only for maintain/admin))?  # TODO after decision
+    x-doc: deleted samples are available only for maintain/admin
     tags:
       - /material
     responses:
@@ -67,7 +67,7 @@
   put:
     summary: change material
     description: 'Auth: basic, levels: write, maintain, dev, admin'
-    x-doc: status is reset to 0 on any changes
+    x-doc: status is reset to 0 on any changes, deleted samples cannot be changed
     tags:
       - /material
     security:

src/index.ts

@@ -14,6 +14,7 @@ import db from './db';
 // TODO: coverage
 // TODO: think about the display of deleted/new samples and validation in data and UI
 // TODO: improve error coverage
+// TODO: guess properties from material name in UI
 
 // tell if server is running in debug or production environment
 console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');

src/routes/material.spec.ts

@@ -204,6 +204,23 @@ describe('/material', () => {
         res: {_id: '100000000000000000000007', name: 'Ultramid A4H', supplier: 'BASF', group: 'PA66', mineral: 0, glass_fiber: 0, carbon_fiber: 0, numbers: [{color: 'black', number: ''}]}
       });
     });
+    it('returns a deleted material for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/material/100000000000000000000008',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {_id: '100000000000000000000008', name: 'Latamid 66 H 2 G 30', supplier: 'LATI', group: 'PA66', mineral: 0, glass_fiber: 30, carbon_fiber: 0, numbers: [{color: 'blue', number: '5513943509'}]}
+      });
+    });
+    it('returns 403 for a write user when requesting a deleted material', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/material/100000000000000000000008',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403
+      });
+    });
     it('rejects an invalid id', done => {
       TestHelper.request(server, done, {
         method: 'get',
@@ -363,6 +380,15 @@ describe('/material', () => {
         req: {},
       });
     });
+    it('rejects editing a deleted material', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/material/100000000000000000000008',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+        req: {}
+      });
+    });
     it('rejects an API key', done => {
       TestHelper.request(server, done, {
         method: 'put',

src/routes/material.ts

@@ -34,14 +34,14 @@ router.get('/materials/:group(new|deleted)', (req, res, next) => {
 router.get('/material/' + IdValidate.parameter(), (req, res, next) => {
   if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'all')) return;
 
-  MaterialModel.findById(req.params.id).lean().exec((err, data) => {
+  MaterialModel.findById(req.params.id).lean().exec((err, data: any) => {
     if (err) return next(err);
-    if (data) {
+
-      res.json(MaterialValidate.output(data));
+    if (!data) {
-    }
+      return res.status(404).json({status: 'Not found'});
-    else {
-      res.status(404).json({status: 'Not found'});
     }
+    if (data.status === globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return;  // deleted materials only available for maintain/admin
+    res.json(MaterialValidate.output(data));
   });
 });
 
@@ -55,6 +55,9 @@ router.put('/material/' + IdValidate.parameter(), (req, res, next) => {
     if (!materialData) {
       return res.status(404).json({status: 'Not found'});
     }
+    if (materialData.status === globals.status.deleted) {
+      return res.status(403).json({status: 'Forbidden'});
+    }
     if (material.hasOwnProperty('name') && material.name !== materialData.name) {
       if (!await nameCheck(material, res, next)) return;
     }

src/routes/sample.ts

@@ -43,7 +43,7 @@ router.get('/sample/' + IdValidate.parameter(), (req, res, next) => {
     if (err) return next(err);
 
     if (sampleData) {
-      if (sampleData.status ===globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return;  // deleted samples only available for maintain/admin
+      if (sampleData.status === globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return;  // deleted samples only available for maintain/admin
       sampleData.material = sampleData.material_id;  // map data to right keys
       sampleData.user = sampleData.user_id.name;
       sampleData.notes = sampleData.note_id ? sampleData.note_id : {};

src/test/db.json

@@ -268,6 +268,23 @@
         ],
         "status": 0,
         "__v": 0
+      },
+      {
+        "_id": {"$oid":"100000000000000000000008"},
+        "name": "Latamid 66 H 2 G 30",
+        "supplier": "LATI",
+        "group": "PA66",
+        "mineral": 0,
+        "glass_fiber": 30,
+        "carbon_fiber": 0,
+        "numbers": [
+          {
+            "color": "blue",
+            "number": "5513943509"
+          }
+        ],
+        "status": -1,
+        "__v": 0
       }
     ],
     "measurements": [