From 5bce7a1e988003a9b88bf9b5e6fdac801832b8f8 Mon Sep 17 00:00:00 2001
From: VLE2FE <lukas.veit@de.bosch.com>
Date: Tue, 12 May 2020 17:37:01 +0200
Subject: [PATCH] DELETE method

---
 api/measurement.yaml           |  6 +--
 src/routes/measurement.spec.ts | 75 ++++++++++++++++++++++++++++++++++
 src/routes/measurement.ts      | 16 ++++++++
 3 files changed, 94 insertions(+), 3 deletions(-)

diff --git a/api/measurement.yaml b/api/measurement.yaml
index 7d1c0c4..4386a15 100644
--- a/api/measurement.yaml
+++ b/api/measurement.yaml
@@ -22,7 +22,7 @@
       500:
         $ref: 'api.yaml#/components/responses/500'
   put:
-    summary: TODO change measurement
+    summary: change measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
     x-doc: status is reset to 0 on any changes
     tags:
@@ -55,7 +55,7 @@
       500:
         $ref: 'api.yaml#/components/responses/500'
   delete:
-    summary: TODO delete measurement
+    summary: delete measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
     tags:
       - /measurement
@@ -77,7 +77,7 @@
 
 /measurement/new:
   post:
-    summary: TODO add measurement
+    summary: add measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
     x-doc: 'Adds status: 0 automatically'
     tags:
diff --git a/src/routes/measurement.spec.ts b/src/routes/measurement.spec.ts
index 08b27ef..bba7ca8 100644
--- a/src/routes/measurement.spec.ts
+++ b/src/routes/measurement.spec.ts
@@ -223,6 +223,81 @@ describe('/measurement', () => {
     });
   });
 
+  describe('DELETE /measurement/{id}', () => {
+    it('sets the status to deleted', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({status: 'OK'});
+        MeasurementModel.findById('800000000000000000000001').lean().exec((err, data) => {
+          if (err) return done(err);
+          should(data).have.property('status', -1);
+          done();
+        });
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {key: 'janedoe'},
+        httpStatus: 401,
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'user'},
+        httpStatus: 403,
+      });
+    });
+    it('rejects deleting a measurement for a write user who did not create this measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000003',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+      });
+    });
+    it('accepts deleting a measurement of another user for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {status: 'OK'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000h00000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/000000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        httpStatus: 401,
+      });
+    });
+  });
+
   describe('POST /measurement/new', () => {
     it('returns the right measurement', done => {
       TestHelper.request(server, done, {
diff --git a/src/routes/measurement.ts b/src/routes/measurement.ts
index a340a31..85bea0e 100644
--- a/src/routes/measurement.ts
+++ b/src/routes/measurement.ts
@@ -55,6 +55,22 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
   });
 });
 
+router.delete('/measurement/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  MeasurementModel.findById(req.params.id).lean().exec(async (err, data) => {
+    if (err) return next(err);
+    if (!data) {
+      res.status(404).json({status: 'Not found'});
+    }
+    if (!await conditionIdCheck(data, req, res, next)) return;
+    await MeasurementModel.findByIdAndUpdate(req.params.id, {status: -1}).lean().exec(async err => {
+      if (err) return next(err);
+      res.json({status: 'OK'});
+    });
+  });
+});
+
 router.post('/measurement/new', async (req, res, next) => {
   if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;