From 54168e45008692cd9102f3da40be7b205318bee0 Mon Sep 17 00:00:00 2001 From: VLE2FE Date: Thu, 28 May 2020 12:40:37 +0200 Subject: [PATCH] adjusted PUT /sample/{id} --- api/sample.yaml | 2 +- src/routes/material.spec.ts | 2 ++ src/routes/sample.spec.ts | 17 ++++++++++------- src/routes/sample.ts | 3 +++ 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/api/sample.yaml b/api/sample.yaml index 9e830ff..cea8de7 100644 --- a/api/sample.yaml +++ b/api/sample.yaml @@ -69,7 +69,7 @@ put: summary: change sample description: 'Auth: basic, levels: write, maintain, dev, admin
Only maintain and admin are allowed to edit samples created by another user' - x-doc: status is reset to 0 on any changes + x-doc: status is reset to 0 on any changes, deleted samples cannot be changed # TODO tags: - /sample security: diff --git a/src/routes/material.spec.ts b/src/routes/material.spec.ts index ae8d305..6c70e07 100644 --- a/src/routes/material.spec.ts +++ b/src/routes/material.spec.ts @@ -7,6 +7,8 @@ import globals from '../globals'; // TODO: color name must be unique to get color number // TODO: separate supplier/ material name into own collections +// TODO: restore material + describe('/material', () => { let server; before(done => TestHelper.before(done)); diff --git a/src/routes/sample.spec.ts b/src/routes/sample.spec.ts index cfeeb7c..f0bbe88 100644 --- a/src/routes/sample.spec.ts +++ b/src/routes/sample.spec.ts @@ -10,9 +10,9 @@ import globals from '../globals'; // TODO: write script for data import // TODO: delete everything (measurements, condition) with sample // TODO: allow adding sample numbers for existing samples - // TODO: Do not allow validation or measurement entry without condition +// TODO: restore sample describe('/sample', () => { let server; @@ -187,7 +187,6 @@ describe('/sample', () => { res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'} }); }); - it('works with an API key', done => { TestHelper.request(server, done, { method: 'get', @@ -197,7 +196,6 @@ describe('/sample', () => { res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'} }); }); - it('returns a deleted sample for a maintain/admin user', done => { TestHelper.request(server, done, { method: 'get', @@ -207,7 +205,6 @@ describe('/sample', () => { res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {}, user: 'admin'} }); }); - it('returns 403 for a write user when requesting a deleted sample', done => { TestHelper.request(server, done, { method: 'get', @@ -216,7 +213,6 @@ describe('/sample', () => { httpStatus: 403 }); }); - it('returns 404 for an unknown sample', done => { TestHelper.request(server, done, { method: 'get', @@ -225,7 +221,6 @@ describe('/sample', () => { httpStatus: 404 }); }); - it('rejects an invalid id', done => { TestHelper.request(server, done, { method: 'get', @@ -234,7 +229,6 @@ describe('/sample', () => { httpStatus: 404 }); }); - it('rejects unauthorized requests', done => { TestHelper.request(server, done, { method: 'get', @@ -589,6 +583,15 @@ describe('/sample', () => { res: {status: 'Condition template not available'} }); }); + it('rejects editing a deleted sample', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/sample/400000000000000000000005', + auth: {basic: 'admin'}, + httpStatus: 403, + req: {} + }); + }); it('rejects an API key', done => { TestHelper.request(server, done, { method: 'put', diff --git a/src/routes/sample.ts b/src/routes/sample.ts index ed1afb3..3976231 100644 --- a/src/routes/sample.ts +++ b/src/routes/sample.ts @@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => { if (!sampleData) { return res.status(404).json({status: 'Not found'}); } + if (sampleData.status === globals.status.deleted) { + return res.status(403).json({status: 'Forbidden'}); + } // only maintain and admin are allowed to edit other user's data if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;