Merge pull request #9 in ~VLE2FE/dfop-api from template_version to develop

* commit 'ab8c74a6410b29bca1b66369ac39b0a33fbfd94f': POST finished PUT finished GET finished adapted api doc
2020-05-14 16:46:54 +02:00 · 2020-05-14 16:46:54 +02:00 · 529cbb7115
commit 529cbb7115
parent c84d0ebf0c ab8c74a641
18 changed files with 782 additions and 473 deletions
--- a/api/schemas.yaml
+++ b/api/schemas.yaml
@ -145,6 +145,11 @@ Template:
  properties:
    name:
      type: string
      example: humidity
    version:
      type: number
      readOnly: true
      example: 1
    parameters:
      type: array
      items:
@ -152,8 +157,20 @@ Template:
        properties:
          name:
            type: string
            example: kf
          range:
            type: object
            example:
              min: 0
              max: 2
 TreatmentTemplate:
  allOf:
    - $ref: 'api.yaml#/components/schemas/Template'
  properties:
    number_prefix:
      type: string
      example: B
 Email:
  properties:
--- a/api/template.yaml
+++ b/api/template.yaml
@ -14,23 +14,15 @@
            schema:
              type: array
              items:
-                $ref: 'api.yaml#/components/schemas/Template'
+                $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: heat aging
                parameters:
                  - name: method
                    range:
                      values:
                        - copper
                        - hot air
      401:
        $ref: 'api.yaml#/components/responses/401'
      500:
        $ref: 'api.yaml#/components/responses/500'
-/template/treatment/{name}:
+
 /template/treatment/{id}:
  parameters:
-    - $ref: 'api.yaml#/components/parameters/Name'
+    - $ref: 'api.yaml#/components/parameters/Id'
  get:
    summary: treatment method details
    description: 'Auth: basic, levels: read, write, maintain, admin'
@ -44,17 +36,7 @@
        content:
          application/json:
            schema:
-              allOf:
+              $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
                - $ref: 'api.yaml#/components/schemas/Template'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: heat aging
                parameters:
                  - name: method
                    range:
                      values:
                        - copper
                        - hot air
      401:
        $ref: 'api.yaml#/components/responses/401'
      404:
@ -62,8 +44,9 @@
      500:
        $ref: 'api.yaml#/components/responses/500'
  put:
-    summary: add/change treatment method
+    summary: change treatment method
    description: 'Auth: basic, levels: maintain, admin'
    x-doc: With a change a new version is set, resulting in a new template with a new id
    tags:
      - /template
    security:
@ -73,33 +56,14 @@
      content:
        application/json:
          schema:
-            allOf:
+            $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
              - $ref: 'api.yaml#/components/schemas/Template'
            example:
              name: heat aging
              parameters:
                - name: method
                  range:
                    values:
                      - copper
                      - hot air
    responses:
      200:
        description: treatment details
        content:
          application/json:
            schema:
-              allOf:
+              $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
                - $ref: 'api.yaml#/components/schemas/Template'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: heat aging
                parameters:
                  - name: method
                    range:
                      values:
                        - copper
                        - hot air
      400:
        $ref: 'api.yaml#/components/responses/400'
      401:
@ -110,26 +74,37 @@
        $ref: 'api.yaml#/components/responses/404'
      500:
        $ref: 'api.yaml#/components/responses/500'
-  delete:
+
-    summary: delete treatment method
+/template/treatment/new:
  post:
    summary: add treatment method
    description: 'Auth: basic, levels: maintain, admin'
    tags:
      - /template
    security:
      - BasicAuth: []
    requestBody:
      required: true
      content:
        application/json:
          schema:
            $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
    responses:
      200:
-        $ref: 'api.yaml#/components/responses/Ok'
+        description: treatment details
        content:
          application/json:
            schema:
              $ref: 'api.yaml#/components/schemas/TreatmentTemplate'
      400:
        $ref: 'api.yaml#/components/responses/400'
      401:
        $ref: 'api.yaml#/components/responses/401'
      403:
        $ref: 'api.yaml#/components/responses/403'
      404:
        $ref: 'api.yaml#/components/responses/404'
      500:
        $ref: 'api.yaml#/components/responses/500'
 /template/measurements:
  get:
    summary: all available measurement methods
@ -147,21 +122,13 @@
              type: array
              items:
                $ref: 'api.yaml#/components/schemas/Template'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: humidity
                parameters:
                  - name: kf
                    range:
                      min: 0
                      max: 2
      401:
        $ref: 'api.yaml#/components/responses/401'
      500:
        $ref: 'api.yaml#/components/responses/500'
-/template/measurement/{name}:
+/template/measurement/{id}:
  parameters:
-    - $ref: 'api.yaml#/components/parameters/Name'
+    - $ref: 'api.yaml#/components/parameters/Id'
  get:
    summary: measurement method details
    description: 'Auth: basic, levels: read, write, maintain, admin'
@ -175,16 +142,7 @@
        content:
          application/json:
            schema:
-              allOf:
+              $ref: 'api.yaml#/components/schemas/Template'
                - $ref: 'api.yaml#/components/schemas/Template'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: humidity
                parameters:
                  - name: kf
                    range:
                      min: 0
                      max: 2
      400:
        $ref: 'api.yaml#/components/responses/400'
      401:
@ -194,7 +152,7 @@
      500:
        $ref: 'api.yaml#/components/responses/500'
  put:
-    summary: add/change measurement method
+    summary: change measurement method
    description: 'Auth: basic, levels: maintain, admin'
    tags:
      - /template
@ -205,32 +163,14 @@
      content:
        application/json:
          schema:
-            allOf:
+            $ref: 'api.yaml#/components/schemas/Template'
              - $ref: 'api.yaml#/components/schemas/Template'
            example:
              _id: 5ea0450ed851c30a90e70894
              name: humidity
              parameters:
                - name: kf
                  range:
                    min: 0
                    max: 2
    responses:
      200:
        description: measurement details
        content:
          application/json:
            schema:
-              allOf:
+              $ref: 'api.yaml#/components/schemas/Template'
                - $ref: 'api.yaml#/components/schemas/Template'
              example:
                _id: 5ea0450ed851c30a90e70894
                name: humidity
                parameters:
                  - name: kf
                    range:
                      min: 0
                      max: 2
      400:
        $ref: 'api.yaml#/components/responses/400'
      401:
@ -241,23 +181,33 @@
        $ref: 'api.yaml#/components/responses/404'
      500:
        $ref: 'api.yaml#/components/responses/500'
-  delete:
+
-    summary: delete measurement method
+/template/measurement/new:
  post:
    summary: add measurement method
    description: 'Auth: basic, levels: maintain, admin'
    tags:
      - /template
    security:
      - BasicAuth: []
    requestBody:
      required: true
      content:
        application/json:
          schema:
            $ref: 'api.yaml#/components/schemas/Template'
    responses:
      200:
-        $ref: 'api.yaml#/components/responses/Ok'
+        description: measurement details
        content:
          application/json:
            schema:
              $ref: 'api.yaml#/components/schemas/Template'
      400:
        $ref: 'api.yaml#/components/responses/400'
      401:
        $ref: 'api.yaml#/components/responses/401'
      403:
        $ref: 'api.yaml#/components/responses/403'
      404:
        $ref: 'api.yaml#/components/responses/404'
      500:
        $ref: 'api.yaml#/components/responses/500'
--- a/package-lock.json
+++ b/package-lock.json
@ -14,6 +14,30 @@
        "js-yaml": "^3.13.1"
      }
    },
    "@apidevtools/openapi-schemas": {
      "version": "2.0.3",
      "resolved": "https://registry.npmjs.org/@apidevtools/openapi-schemas/-/openapi-schemas-2.0.3.tgz",
      "integrity": "sha512-QoPaxGXfgqgGpK1p21FJ400z56hV681a8DOcZt3J5z0WIHgFeaIZ4+6bX5ATqmOoCpRCsH4ITEwKaOyFMz7wOA=="
    },
    "@apidevtools/swagger-methods": {
      "version": "3.0.1",
      "resolved": "https://registry.npmjs.org/@apidevtools/swagger-methods/-/swagger-methods-3.0.1.tgz",
      "integrity": "sha512-1Vlm18XYW6Yg7uHunroXeunWz5FShPFAdxBbPy8H6niB2Elz9QQsCoYHMbcc11EL1pTxaIr9HXz2An/mHXlX1Q=="
    },
    "@apidevtools/swagger-parser": {
      "version": "9.0.1",
      "resolved": "https://registry.npmjs.org/@apidevtools/swagger-parser/-/swagger-parser-9.0.1.tgz",
      "integrity": "sha512-Irqybg4dQrcHhZcxJc/UM4vO7Ksoj1Id5e+K94XUOzllqX1n47HEA50EKiXTCQbykxuJ4cYGIivjx/MRSTC5OA==",
      "requires": {
        "@apidevtools/json-schema-ref-parser": "^8.0.0",
        "@apidevtools/openapi-schemas": "^2.0.2",
        "@apidevtools/swagger-methods": "^3.0.0",
        "@jsdevtools/ono": "^7.1.0",
        "call-me-maybe": "^1.0.1",
        "openapi-types": "^1.3.5",
        "z-schema": "^4.2.2"
      }
    },
    "@babel/code-frame": {
      "version": "7.8.3",
      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.8.3.tgz",
@ -1353,6 +1377,16 @@
      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
    },
    "lodash.get": {
      "version": "4.4.2",
      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
      "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk="
    },
    "lodash.isequal": {
      "version": "4.5.0",
      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
      "integrity": "sha1-QVxEePK8wwEgwizhDtMib30+GOA="
    },
    "log-symbols": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-3.0.0.tgz",
@ -1743,6 +1777,11 @@
        "wrappy": "1"
      }
    },
    "openapi-types": {
      "version": "1.3.5",
      "resolved": "https://registry.npmjs.org/openapi-types/-/openapi-types-1.3.5.tgz",
      "integrity": "sha512-11oi4zYorsgvg5yBarZplAqbpev5HkuVNPlZaPTknPDzAynq+lnJdXAmruGWP0s+dNYZS7bjM+xrTpJw7184Fg=="
    },
    "p-cancelable": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-1.1.0.tgz",
@ -2505,6 +2544,11 @@
      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
    },
    "validator": {
      "version": "12.2.0",
      "resolved": "https://registry.npmjs.org/validator/-/validator-12.2.0.tgz",
      "integrity": "sha512-jJfE/DW6tIK1Ek8nCfNFqt8Wb3nzMoAbocBF6/Icgg1ZFSBpObdnwVY2jQj6qUqzhx5jc71fpvBWyLGO7Xl+nQ=="
    },
    "vary": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@ -2709,6 +2753,17 @@
        "lodash": "^4.17.15",
        "yargs": "^13.3.0"
      }
    },
    "z-schema": {
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/z-schema/-/z-schema-4.2.3.tgz",
      "integrity": "sha512-zkvK/9TC6p38IwcrbnT3ul9in1UX4cm1y/VZSs4GHKIiDCrlafc+YQBgQBUdDXLAoZHf2qvQ7gJJOo6yT1LH6A==",
      "requires": {
        "commander": "^2.7.1",
        "lodash.get": "^4.4.2",
        "lodash.isequal": "^4.5.0",
        "validator": "^12.0.0"
      }
    }
  }
 }
--- a/package.json
+++ b/package.json
@ -15,6 +15,7 @@
  "license": "ISC",
  "dependencies": {
    "@apidevtools/json-schema-ref-parser": "^8.0.0",
    "@apidevtools/swagger-parser": "^9.0.1",
    "@hapi/joi": "^17.1.1",
    "@types/bcrypt": "^3.0.0",
    "@types/body-parser": "^1.19.0",
--- a/src/api.ts
+++ b/src/api.ts
@ -1,5 +1,6 @@
 import swagger from 'swagger-ui-express';
 import jsonRefParser, {JSONSchema} from '@apidevtools/json-schema-ref-parser';
 import oasParser from '@apidevtools/swagger-parser';
 // modifies the normal swagger-ui-express package
@ -19,7 +20,15 @@ export default class api {
      apiDoc = doc;
      apiDoc.paths = apiDoc.paths.allOf.reduce((s, e) => Object.assign(s, e));  // bundle routes
      apiDoc = this.resolveXDoc(apiDoc);
-      swagger.setup(apiDoc);
+      oasParser.validate(apiDoc, (err, api) => {
        if (err) {
          console.error(err);
        }
        else {
          console.info(process.env.NODE_ENV === 'test' ? '' : 'API ok, version ' + api.info.version);
          swagger.setup(apiDoc);
        }
      });
    });
    return swagger.setup(apiDoc, {customCssUrl: '/static/styles/swagger.css'})
  }
--- a/src/models/measurement_template.ts
+++ b/src/models/measurement_template.ts
@ -1,7 +1,8 @@
 import mongoose from 'mongoose';
 const MeasurementTemplateSchema = new mongoose.Schema({
-  name: {type: String, index: {unique: true}},
+  name: String,
  version: Number,
  parameters: [{
    name: String,
    range: mongoose.Schema.Types.Mixed
--- a/src/models/treatment_template.ts
+++ b/src/models/treatment_template.ts
@ -1,7 +1,9 @@
 import mongoose from 'mongoose';
 const TreatmentTemplateSchema = new mongoose.Schema({
-  name: {type: String, index: {unique: true}},
+  name: String,
  version: Number,
  number_prefix: String,
  parameters: [{
    name: String,
    range: mongoose.Schema.Types.Mixed
--- a/src/routes/condition.ts
+++ b/src/routes/condition.ts
@ -34,9 +34,7 @@ router.put('/condition/' + IdValidate.parameter(), async (req, res, next) => {
  if (error) return res400(error, res);
  const data = await ConditionModel.findById(req.params.id).lean().exec().catch(err => {next(err);}) as any;
-  if (data instanceof Error) {
+  if (data instanceof Error) return;
    return;
  }
  if (!data) {
    res.status(404).json({status: 'Not found'});
  }
--- a/src/routes/material.spec.ts
+++ b/src/routes/material.spec.ts
@ -1,7 +1,7 @@
 import should from 'should/as-function';
 import MaterialModel from '../models/material';
 import TestHelper from "../test/helper";
-// TODO: status
+
 // TODO: numbers with color only (no number)
 // TODO: deal with numbers with leading zeros
--- a/src/routes/material.ts
+++ b/src/routes/material.ts
@ -8,7 +8,7 @@ import IdValidate from './validate/id';
 import res400 from './validate/res400';
 import mongoose from 'mongoose';
-// TODO: remove f() for await
+
 const router = express.Router();
@ -104,9 +104,7 @@ module.exports = router;
 async function nameCheck (material, res, next) {  // check if name was already taken
  const materialData = await MaterialModel.findOne({name: material.name}).lean().exec().catch(err => {next(err); return false;}) as any;
-  if (materialData instanceof Error) {
+  if (materialData instanceof Error) return false;
    return false;
  }
  if (materialData) {  // could not find material_id
    res.status(400).json({status: 'Material name already taken'});
    return false;
--- a/src/routes/measurement.ts
+++ b/src/routes/measurement.ts
@ -32,9 +32,7 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
  if (error) return res400(error, res);
  const data = await MeasurementModel.findById(req.params.id).lean().exec().catch(err => {next(err);}) as any;
-  if (data instanceof Error) {
+  if (data instanceof Error) return;
    return;
  }
  if (!data) {
    res.status(404).json({status: 'Not found'});
  }
--- a/src/routes/sample.spec.ts
+++ b/src/routes/sample.spec.ts
@ -124,6 +124,32 @@ describe('/sample', () => {
        });
      });
    });
    it('keeps unchanged notes', done => {
      TestHelper.request(server, done, {
        method: 'put',
        url: '/sample/400000000000000000000002',
        auth: {basic: 'janedoe'},
        httpStatus: 200,
        req: {notes: {comment: 'Stoff gesperrt', sample_references: []}}
      }).end((err, res) => {
        if (err) return done(err);
        should(res.body).be.eql({_id: '400000000000000000000002', number: '21', type: 'granulate', color: 'natural', batch: '1560237365', material_id: '100000000000000000000001', note_id: '500000000000000000000001', user_id: '000000000000000000000002'});
        SampleModel.findById('400000000000000000000002').lean().exec((err, data: any) => {
          if (err) return done (err);
          should(data).have.only.keys('_id', 'number', 'color', 'type', 'batch', 'material_id', 'note_id', 'user_id', 'status', '__v');
          should(data).have.property('_id');
          should(data).have.property('number', '21');
          should(data).have.property('color', 'natural');
          should(data).have.property('type', 'granulate');
          should(data).have.property('batch', '1560237365');
          should(data.material_id.toString()).be.eql('100000000000000000000001');
          should(data.user_id.toString()).be.eql('000000000000000000000002');
          should(data).have.property('status', 10);
          should(data.note_id.toString()).be.eql('500000000000000000000001');
          done();
        });
      });
    });
    it('changes the given properties', done => {
      TestHelper.request(server, done, {
        method: 'put',
--- a/src/routes/sample.ts
+++ b/src/routes/sample.ts
@ -46,25 +46,31 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
      if (!await materialCheck(sample, res, next, sampleData.material_id)) return;
    }
-    if (sample.hasOwnProperty('notes') && sampleData.note_id !== null) {  // deal with old notes data
+    if (sample.hasOwnProperty('notes')) {
-      NoteModel.findById(sampleData.note_id).lean().exec((err, data: any) => {
+      let newNotes = true;
-        if (err) return console.error(err);
+      if (sampleData.note_id !== null) {  // old notes data exists
-        if (data.hasOwnProperty('custom_fields')) {  // update note_fields
+        const data = await NoteModel.findById(sampleData.note_id).lean().exec().catch(err => {next(err);}) as any;
-          customFieldsChange(Object.keys(data.custom_fields), -1);
+        if (data instanceof Error) return;
        newNotes = !_.isEqual(_.pick(IdValidate.stringify(data), _.keys(sample.notes)), sample.notes);
        if (newNotes) {
          if (data.hasOwnProperty('custom_fields')) {  // update note_fields
            customFieldsChange(Object.keys(data.custom_fields), -1);
          }
          NoteModel.findByIdAndDelete(sampleData.note_id).lean().exec(err => {  // delete old notes
            if (err) return console.error(err);
          });
        }
        NoteModel.findByIdAndDelete(sampleData.note_id).lean().exec(err => {  // delete old notes
          if (err) return console.error(err);
        })
      });
    }
    if (sample.hasOwnProperty('notes') && Object.keys(sample.notes).length > 0) {  // save new notes
      if (!await sampleRefCheck(sample, res, next)) return;
      if (sample.notes.hasOwnProperty('custom_fields') && Object.keys(sample.notes.custom_fields).length > 0) {  // new custom_fields
        customFieldsChange(Object.keys(sample.notes.custom_fields), 1);
      }
-      let data = await new NoteModel(sample.notes).save().catch(err => { return next(err)});  // save new notes
+
-      delete sample.notes;
+      if (_.keys(sample.notes).length > 0 && newNotes) {  // save new notes
-      sample.note_id = data._id;
+        if (!await sampleRefCheck(sample, res, next)) return;
        if (sample.notes.hasOwnProperty('custom_fields') && Object.keys(sample.notes.custom_fields).length > 0) {  // new custom_fields
          customFieldsChange(Object.keys(sample.notes.custom_fields), 1);
        }
        let data = await new NoteModel(sample.notes).save().catch(err => { return next(err)});  // save new notes
        delete sample.notes;
        sample.note_id = data._id;
      }
    }
    // check for changes
@ -160,9 +166,7 @@ async function numberCheck (sample, res, next) {  // validate number, returns fa
 async function materialCheck (sample, res, next, id = sample.material_id) {  // validate material_id and color, returns false if invalid
  const materialData = await MaterialModel.findById(id).lean().exec().catch(err => {next(err); return false;}) as any;
-  if (materialData instanceof Error) {
+  if (materialData instanceof Error) return false;
    return false;
  }
  if (!materialData) {  // could not find material_id
    res.status(400).json({status: 'Material not available'});
    return false;
--- a/src/routes/template.spec.ts
+++ b/src/routes/template.spec.ts
--- a/src/routes/template.ts
+++ b/src/routes/template.ts
@ -5,6 +5,7 @@ import TemplateValidate from './validate/template';
 import TemplateTreatmentModel from '../models/treatment_template';
 import TemplateMeasurementModel from '../models/measurement_template';
 import res400 from './validate/res400';
 import IdValidate from './validate/id';
 // TODO: remove f() for await
@ -13,21 +14,20 @@ const router = express.Router();
 router.get('/template/:collection(measurements|treatments)', (req, res, next) => {
  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;
-  (req.params.collection === 'treatments' ? TemplateTreatmentModel : TemplateMeasurementModel)
+  req.params.collection = req.params.collection.replace(/s$/g, '');
-    .find({}).lean().exec((err, data) => {
+  model(req).find({}).lean().exec((err, data) => {
     if (err) next (err);
-     res.json(_.compact(data.map(e => TemplateValidate.output(e))));  // validate all and filter null values from validation errors
+     res.json(_.compact(data.map(e => TemplateValidate.output(e, req.params.collection))));  // validate all and filter null values from validation errors
  });
 });
-router.get('/template/:collection(measurement|treatment)/:name', (req, res, next) => {
+router.get('/template/:collection(measurement|treatment)/' + IdValidate.parameter(), (req, res, next) => {
  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;
-  (req.params.collection === 'treatment' ? TemplateTreatmentModel : TemplateMeasurementModel)
+  model(req).findById(req.params.id).lean().exec((err, data) => {
    .findOne({name: req.params.name}).lean().exec((err, data) => {
    if (err) next (err);
    if (data) {
-      res.json(TemplateValidate.output(data));
+      res.json(TemplateValidate.output(data, req.params.collection));
    }
    else {
      res.status(404).json({status: 'Not found'});
@ -35,56 +35,64 @@ router.get('/template/:collection(measurement|treatment)/:name', (req, res, next
  });
 });
-router.put('/template/:collection(measurement|treatment)/:name', (req, res, next) => {
+router.put('/template/:collection(measurement|treatment)/' + IdValidate.parameter(), async (req, res, next) => {
  if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
-  const collectionModel = req.params.collection === 'treatment' ? TemplateTreatmentModel : TemplateMeasurementModel;
+  const {error, value: template} = TemplateValidate.input(req.body, 'change', req.params.collection);
  if (error) return res400(error, res);
-  collectionModel.findOne({name: req.params.name}).lean().exec((err, data) => {
+  const templateData = await model(req).findById(req.params.id).lean().exec().catch(err => {next(err);}) as any;
  if (templateData instanceof Error) return;
  if (!templateData) {
    res.status(404).json({status: 'Not found'});
  }
  if (_.has(template, 'number_prefix') && template.number_prefix !== templateData.number_prefix) {  // got new number_prefix
    if (!await numberPrefixCheck(template, req, res, next)) return;
  }
  if (!_.isEqual(_.pick(templateData, _.keys(template)), template)) {  // data was changed
    template.version = templateData.version + 1;
    await new (model(req))(_.assign({}, _.omit(templateData, ['_id', '__v']), template)).save((err, data) => {
      if (err) next (err);
      res.json(TemplateValidate.output(data.toObject(), req.params.collection));
    });
  }
  else {
    res.json(TemplateValidate.output(templateData, req.params.collection));
  }
 });
 router.post('/template/:collection(measurement|treatment)/new', async (req, res, next) => {
  if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
  const {error, value: template} = TemplateValidate.input(req.body, 'new', req.params.collection);
  if (error) return res400(error, res);
  if (_.has(template, 'number_prefix')) {  // got number_prefix
    if (!await numberPrefixCheck(template, req, res, next)) return;
  }
  template.version = 1;
  await new (model(req))(template).save((err, data) => {
    if (err) next (err);
-    const templateState = data? 'change': 'new';
+    res.json(TemplateValidate.output(data.toObject(), req.params.collection));
    const {error, value: template} = TemplateValidate.input(req.body, templateState);
    if (error) return res400(error, res);
    if (template.hasOwnProperty('name') && template.name !== req.params.name) {
      collectionModel.find({name: template.name}).lean().exec((err, data) => {
        if (err) next (err);
        if (data.length > 0) {
          res.status(400).json({status: 'Template name already taken'});
          return;
        }
        else {
          f();
        }
      });
    }
    else {
      f();
    }
    function f() {  // to resolve async
      collectionModel.findOneAndUpdate({name: req.params.name}, template, {new: true, upsert: true}).lean().exec((err, data) => {
        if (err) return next(err);
        res.json(TemplateValidate.output(data));
      });
    }
  });
 });
 router.delete('/template/:collection(measurement|treatment)/:name', (req, res, next) => {
  if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
  (req.params.collection === 'treatment' ? TemplateTreatmentModel : TemplateMeasurementModel)
    .findOneAndDelete({name: req.params.name}).lean().exec((err, data) => {
    if (err) return next(err);
    if (data) {
      res.json({status: 'OK'})
    }
    else {
      res.status(404).json({status: 'Not found'});
    }
  });
 });
-module.exports = router;
+module.exports = router;
 async function numberPrefixCheck (template, req, res, next) {
  const data = await model(req).findOne({number_prefix: template.number_prefix}).lean().exec().catch(err => {next(err); return false;}) as any;
  if (data) {
    res.status(400).json({status: 'Number prefix already taken'});
    return false
  }
  return true;
 }
 function model (req) {
  return req.params.collection === 'treatment' ? TemplateTreatmentModel : TemplateMeasurementModel;
 }
--- a/src/routes/validate/template.ts
+++ b/src/routes/validate/template.ts
@ -6,6 +6,13 @@ export default class TemplateValidate {
    name: joi.string()
      .max(128),
    version: joi.number()
      .min(1),
    number_prefix: joi.string()
      .min(1)
      .max(16),
    parameters: joi.array()
      .min(1)
      .items(
@ -20,40 +27,78 @@ export default class TemplateValidate {
            min: joi.number(),
-            max: joi.number()
+            max: joi.number(),
            type: joi.string()
              .valid('array')
          })
            .oxor('values', 'min')
            .oxor('values', 'max')
            .oxor('type', 'values')
            .oxor('type', 'min')
            .oxor('type', 'max')
            .required()
        })
      )
  };
-  static input (data, param) {  // validate data, param: new(everything required)/change(available attributes are validated)
+  static input (data, param, template) {  // validate data, param: new(everything required)/change(available attributes are validated)
    if (param === 'new') {
-      return joi.object({
+      if (template === 'treatment') {
-        name: this.template.name.required(),
+        return joi.object({
-        parameters: this.template.parameters.required()
+          name: this.template.name.required(),
-      }).validate(data);
+          number_prefix: this.template.number_prefix.required(),
          parameters: this.template.parameters.required()
        }).validate(data);
      }
      else {
        return joi.object({
          name: this.template.name.required(),
          parameters: this.template.parameters.required()
        }).validate(data);
      }
    }
    else if (param === 'change') {
-      return joi.object({
+      if (template === 'treatment') {
-        name: this.template.name,
+        return joi.object({
-        parameters: this.template.parameters
+          name: this.template.name,
-      }).validate(data);
+          number_prefix: this.template.number_prefix,
          parameters: this.template.parameters
        }).validate(data);
      }
      else {
        return joi.object({
          name: this.template.name,
          parameters: this.template.parameters
        }).validate(data);
      }
    }
    else {
      return{error: 'No parameter specified!', value: {}};
    }
  }
-  static output (data) {  // validate output from database for needed properties, strip everything else
+  static output (data, template) {  // validate output from database for needed properties, strip everything else
    data = IdValidate.stringify(data);
-    const {value, error} = joi.object({
+    let joiObject;
-      _id: IdValidate.get(),
+    if (template === 'treatment') {
-      name: this.template.name,
+      joiObject = {
-      parameters: this.template.parameters
+        _id: IdValidate.get(),
-    }).validate(data, {stripUnknown: true});
+        name: this.template.name,
        version: this.template.version,
        number_prefix: this.template.number_prefix,
        parameters: this.template.parameters
      };
    }
    else {
      joiObject = {
        _id: IdValidate.get(),
        name: this.template.name,
        version: this.template.version,
        parameters: this.template.parameters
      };
    }
    const {value, error} = joi.object(joiObject).validate(data, {stripUnknown: true});
    return error !== undefined? null : value;
  }
 }
--- a/src/routes/validate/user.ts
+++ b/src/routes/validate/user.ts
@ -5,7 +5,7 @@ import IdValidate from './id';
 export default class UserValidate {  // validate input for user
  private static user = {
-    name: Joi.string()
+    name: Joi.string()  // TODO: check allowed characters
      .alphanum()
      .lowercase()
      .max(128),
--- a/src/test/db.json
+++ b/src/test/db.json
@ -308,6 +308,8 @@
      {
        "_id": {"$oid":"200000000000000000000001"},
        "name": "heat treatment",
        "version": 1,
        "number_prefix": "A",
        "parameters": [
          {
            "name": "material",
@ -331,6 +333,8 @@
      {
        "_id": {"$oid":"200000000000000000000002"},
        "name": "heat treatment 2",
        "version": 2,
        "number_prefix": "B",
        "parameters": [
          {
            "name": "material",
@ -344,6 +348,7 @@
      {
        "_id": {"$oid":"300000000000000000000001"},
        "name": "spectrum",
        "version": 1,
        "parameters": [
          {
            "name": "dpt",
@ -357,6 +362,7 @@
      {
        "_id": {"$oid":"300000000000000000000002"},
        "name": "kf",
        "version": 2,
        "parameters": [
          {
            "name": "weight %",
@ -378,6 +384,7 @@
      {
        "_id": {"$oid":"300000000000000000000003"},
        "name": "mt 3",
        "version": 1,
        "parameters": [
          {
            "name": "val1",