From 5bce7a1e988003a9b88bf9b5e6fdac801832b8f8 Mon Sep 17 00:00:00 2001 From: VLE2FE Date: Tue, 12 May 2020 17:37:01 +0200 Subject: [PATCH] DELETE method --- api/measurement.yaml | 6 +-- src/routes/measurement.spec.ts | 75 ++++++++++++++++++++++++++++++++++ src/routes/measurement.ts | 16 ++++++++ 3 files changed, 94 insertions(+), 3 deletions(-) diff --git a/api/measurement.yaml b/api/measurement.yaml index 7d1c0c4..4386a15 100644 --- a/api/measurement.yaml +++ b/api/measurement.yaml @@ -22,7 +22,7 @@ 500: $ref: 'api.yaml#/components/responses/500' put: - summary: TODO change measurement + summary: change measurement description: 'Auth: basic, levels: write, maintain, dev, admin' x-doc: status is reset to 0 on any changes tags: @@ -55,7 +55,7 @@ 500: $ref: 'api.yaml#/components/responses/500' delete: - summary: TODO delete measurement + summary: delete measurement description: 'Auth: basic, levels: write, maintain, dev, admin' tags: - /measurement @@ -77,7 +77,7 @@ /measurement/new: post: - summary: TODO add measurement + summary: add measurement description: 'Auth: basic, levels: write, maintain, dev, admin' x-doc: 'Adds status: 0 automatically' tags: diff --git a/src/routes/measurement.spec.ts b/src/routes/measurement.spec.ts index 08b27ef..bba7ca8 100644 --- a/src/routes/measurement.spec.ts +++ b/src/routes/measurement.spec.ts @@ -223,6 +223,81 @@ describe('/measurement', () => { }); }); + describe('DELETE /measurement/{id}', () => { + it('sets the status to deleted', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000001', + auth: {basic: 'janedoe'}, + httpStatus: 200, + }).end((err, res) => { + if (err) return done(err); + should(res.body).be.eql({status: 'OK'}); + MeasurementModel.findById('800000000000000000000001').lean().exec((err, data) => { + if (err) return done(err); + should(data).have.property('status', -1); + done(); + }); + }); + }); + it('rejects an API key', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000001', + auth: {key: 'janedoe'}, + httpStatus: 401, + }); + }); + it('rejects requests from a read user', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000001', + auth: {basic: 'user'}, + httpStatus: 403, + }); + }); + it('rejects deleting a measurement for a write user who did not create this measurement', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000003', + auth: {basic: 'janedoe'}, + httpStatus: 403, + }); + }); + it('accepts deleting a measurement of another user for a maintain/admin user', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000001', + auth: {basic: 'admin'}, + httpStatus: 200, + res: {status: 'OK'} + }); + }); + it('rejects an invalid id', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000h00000000000001', + auth: {basic: 'janedoe'}, + httpStatus: 404, + }); + }); + it('rejects an unknown id', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/000000000000000000000001', + auth: {basic: 'janedoe'}, + httpStatus: 404, + }); + }); + it('rejects unauthorized requests', done => { + TestHelper.request(server, done, { + method: 'delete', + url: '/measurement/800000000000000000000001', + httpStatus: 401, + }); + }); + }); + describe('POST /measurement/new', () => { it('returns the right measurement', done => { TestHelper.request(server, done, { diff --git a/src/routes/measurement.ts b/src/routes/measurement.ts index a340a31..85bea0e 100644 --- a/src/routes/measurement.ts +++ b/src/routes/measurement.ts @@ -55,6 +55,22 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => { }); }); +router.delete('/measurement/' + IdValidate.parameter(), (req, res, next) => { + if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return; + + MeasurementModel.findById(req.params.id).lean().exec(async (err, data) => { + if (err) return next(err); + if (!data) { + res.status(404).json({status: 'Not found'}); + } + if (!await conditionIdCheck(data, req, res, next)) return; + await MeasurementModel.findByIdAndUpdate(req.params.id, {status: -1}).lean().exec(async err => { + if (err) return next(err); + res.json({status: 'OK'}); + }); + }); +}); + router.post('/measurement/new', async (req, res, next) => { if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;