adjusted PUT /sample/{id}
This commit is contained in:
parent
dc8828dbeb
commit
54168e4500
@ -69,7 +69,7 @@
|
||||
put:
|
||||
summary: change sample
|
||||
description: 'Auth: basic, levels: write, maintain, dev, admin <br>Only maintain and admin are allowed to edit samples created by another user'
|
||||
x-doc: status is reset to 0 on any changes
|
||||
x-doc: status is reset to 0 on any changes, deleted samples cannot be changed # TODO
|
||||
tags:
|
||||
- /sample
|
||||
security:
|
||||
|
@ -7,6 +7,8 @@ import globals from '../globals';
|
||||
// TODO: color name must be unique to get color number
|
||||
// TODO: separate supplier/ material name into own collections
|
||||
|
||||
// TODO: restore material
|
||||
|
||||
describe('/material', () => {
|
||||
let server;
|
||||
before(done => TestHelper.before(done));
|
||||
|
@ -10,9 +10,9 @@ import globals from '../globals';
|
||||
// TODO: write script for data import
|
||||
// TODO: delete everything (measurements, condition) with sample
|
||||
// TODO: allow adding sample numbers for existing samples
|
||||
|
||||
// TODO: Do not allow validation or measurement entry without condition
|
||||
|
||||
// TODO: restore sample
|
||||
|
||||
describe('/sample', () => {
|
||||
let server;
|
||||
@ -187,7 +187,6 @@ describe('/sample', () => {
|
||||
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
|
||||
});
|
||||
});
|
||||
|
||||
it('works with an API key', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -197,7 +196,6 @@ describe('/sample', () => {
|
||||
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
|
||||
});
|
||||
});
|
||||
|
||||
it('returns a deleted sample for a maintain/admin user', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -207,7 +205,6 @@ describe('/sample', () => {
|
||||
res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {}, user: 'admin'}
|
||||
});
|
||||
});
|
||||
|
||||
it('returns 403 for a write user when requesting a deleted sample', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -216,7 +213,6 @@ describe('/sample', () => {
|
||||
httpStatus: 403
|
||||
});
|
||||
});
|
||||
|
||||
it('returns 404 for an unknown sample', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -225,7 +221,6 @@ describe('/sample', () => {
|
||||
httpStatus: 404
|
||||
});
|
||||
});
|
||||
|
||||
it('rejects an invalid id', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -234,7 +229,6 @@ describe('/sample', () => {
|
||||
httpStatus: 404
|
||||
});
|
||||
});
|
||||
|
||||
it('rejects unauthorized requests', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'get',
|
||||
@ -589,6 +583,15 @@ describe('/sample', () => {
|
||||
res: {status: 'Condition template not available'}
|
||||
});
|
||||
});
|
||||
it('rejects editing a deleted sample', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'put',
|
||||
url: '/sample/400000000000000000000005',
|
||||
auth: {basic: 'admin'},
|
||||
httpStatus: 403,
|
||||
req: {}
|
||||
});
|
||||
});
|
||||
it('rejects an API key', done => {
|
||||
TestHelper.request(server, done, {
|
||||
method: 'put',
|
||||
|
@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
|
||||
if (!sampleData) {
|
||||
return res.status(404).json({status: 'Not found'});
|
||||
}
|
||||
if (sampleData.status === globals.status.deleted) {
|
||||
return res.status(403).json({status: 'Forbidden'});
|
||||
}
|
||||
|
||||
// only maintain and admin are allowed to edit other user's data
|
||||
if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;
|
||||
|
Reference in New Issue
Block a user