Archived
2

adjusted PUT /sample/{id}

This commit is contained in:
VLE2FE 2020-05-28 12:40:37 +02:00
parent dc8828dbeb
commit 54168e4500
4 changed files with 16 additions and 8 deletions

View File

@ -69,7 +69,7 @@
put:
summary: change sample
description: 'Auth: basic, levels: write, maintain, dev, admin <br>Only maintain and admin are allowed to edit samples created by another user'
x-doc: status is reset to 0 on any changes
x-doc: status is reset to 0 on any changes, deleted samples cannot be changed # TODO
tags:
- /sample
security:

View File

@ -7,6 +7,8 @@ import globals from '../globals';
// TODO: color name must be unique to get color number
// TODO: separate supplier/ material name into own collections
// TODO: restore material
describe('/material', () => {
let server;
before(done => TestHelper.before(done));

View File

@ -10,9 +10,9 @@ import globals from '../globals';
// TODO: write script for data import
// TODO: delete everything (measurements, condition) with sample
// TODO: allow adding sample numbers for existing samples
// TODO: Do not allow validation or measurement entry without condition
// TODO: restore sample
describe('/sample', () => {
let server;
@ -187,7 +187,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
});
});
it('works with an API key', done => {
TestHelper.request(server, done, {
method: 'get',
@ -197,7 +196,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
});
});
it('returns a deleted sample for a maintain/admin user', done => {
TestHelper.request(server, done, {
method: 'get',
@ -207,7 +205,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {}, user: 'admin'}
});
});
it('returns 403 for a write user when requesting a deleted sample', done => {
TestHelper.request(server, done, {
method: 'get',
@ -216,7 +213,6 @@ describe('/sample', () => {
httpStatus: 403
});
});
it('returns 404 for an unknown sample', done => {
TestHelper.request(server, done, {
method: 'get',
@ -225,7 +221,6 @@ describe('/sample', () => {
httpStatus: 404
});
});
it('rejects an invalid id', done => {
TestHelper.request(server, done, {
method: 'get',
@ -234,7 +229,6 @@ describe('/sample', () => {
httpStatus: 404
});
});
it('rejects unauthorized requests', done => {
TestHelper.request(server, done, {
method: 'get',
@ -589,6 +583,15 @@ describe('/sample', () => {
res: {status: 'Condition template not available'}
});
});
it('rejects editing a deleted sample', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/400000000000000000000005',
auth: {basic: 'admin'},
httpStatus: 403,
req: {}
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',

View File

@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
if (!sampleData) {
return res.status(404).json({status: 'Not found'});
}
if (sampleData.status === globals.status.deleted) {
return res.status(403).json({status: 'Forbidden'});
}
// only maintain and admin are allowed to edit other user's data
if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;