adjusted PUT /sample/{id}

2020-05-28 12:40:37 +02:00 · 2020-05-28 12:40:37 +02:00 · 54168e4500
commit 54168e4500
parent dc8828dbeb
4 changed files with 16 additions and 8 deletions
--- a/api/sample.yaml
+++ b/api/sample.yaml
@ -69,7 +69,7 @@
  put:
    summary: change sample
    description: 'Auth: basic, levels: write, maintain, dev, admin <br>Only maintain and admin are allowed to edit samples created by another user'
-    x-doc: status is reset to 0 on any changes
+    x-doc: status is reset to 0 on any changes, deleted samples cannot be changed  # TODO
    tags:
      - /sample
    security:
--- a/src/routes/material.spec.ts
+++ b/src/routes/material.spec.ts
@ -7,6 +7,8 @@ import globals from '../globals';
 // TODO: color name must be unique to get color number
 // TODO: separate supplier/ material name into own collections

+// TODO: restore material
+
 describe('/material', () => {
  let server;
  before(done => TestHelper.before(done));
--- a/src/routes/sample.spec.ts
+++ b/src/routes/sample.spec.ts
@ -10,9 +10,9 @@ import globals from '../globals';
 // TODO: write script for data import
 // TODO: delete everything (measurements, condition) with sample
 // TODO: allow adding sample numbers for existing samples
-
 // TODO: Do not allow validation or measurement entry without condition

+// TODO: restore sample

 describe('/sample', () => {
  let server;
@ -187,7 +187,6 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
      });
    });
-
    it('works with an API key', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -197,7 +196,6 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
      });
    });
-
    it('returns a deleted sample for a maintain/admin user', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -207,7 +205,6 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {}, user: 'admin'}
      });
    });
-
    it('returns 403 for a write user when requesting a deleted sample', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -216,7 +213,6 @@ describe('/sample', () => {
        httpStatus: 403
      });
    });
-
    it('returns 404 for an unknown sample', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -225,7 +221,6 @@ describe('/sample', () => {
        httpStatus: 404
      });
    });
-
    it('rejects an invalid id', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -234,7 +229,6 @@ describe('/sample', () => {
        httpStatus: 404
      });
    });
-
    it('rejects unauthorized requests', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -589,6 +583,15 @@ describe('/sample', () => {
        res: {status: 'Condition template not available'}
      });
    });
+    it('rejects editing a deleted sample', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/sample/400000000000000000000005',
+        auth: {basic: 'admin'},
+        httpStatus: 403,
+        req: {}
+      });
+    });
    it('rejects an API key', done => {
      TestHelper.request(server, done, {
        method: 'put',
--- a/src/routes/sample.ts
+++ b/src/routes/sample.ts
@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
    if (!sampleData) {
      return res.status(404).json({status: 'Not found'});
    }
+    if (sampleData.status === globals.status.deleted) {
+      return res.status(403).json({status: 'Forbidden'});
+    }

    // only maintain and admin are allowed to edit other user's data
    if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;