DELETE method

2020-05-12 17:37:01 +02:00
parent ff36b49cc5
commit 5bce7a1e98
3 changed files with 94 additions and 3 deletions
--- a/src/routes/measurement.spec.ts
+++ b/src/routes/measurement.spec.ts
@@ -223,6 +223,81 @@ describe('/measurement', () => {
    });
  });

+  describe('DELETE /measurement/{id}', () => {
+    it('sets the status to deleted', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({status: 'OK'});
+        MeasurementModel.findById('800000000000000000000001').lean().exec((err, data) => {
+          if (err) return done(err);
+          should(data).have.property('status', -1);
+          done();
+        });
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {key: 'janedoe'},
+        httpStatus: 401,
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'user'},
+        httpStatus: 403,
+      });
+    });
+    it('rejects deleting a measurement for a write user who did not create this measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000003',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+      });
+    });
+    it('accepts deleting a measurement of another user for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {status: 'OK'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000h00000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/000000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        httpStatus: 401,
+      });
+    });
+  });
+
  describe('POST /measurement/new', () => {
    it('returns the right measurement', done => {
      TestHelper.request(server, done, {
--- a/src/routes/measurement.ts
+++ b/src/routes/measurement.ts
@@ -55,6 +55,22 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
  });
 });

+router.delete('/measurement/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  MeasurementModel.findById(req.params.id).lean().exec(async (err, data) => {
+    if (err) return next(err);
+    if (!data) {
+      res.status(404).json({status: 'Not found'});
+    }
+    if (!await conditionIdCheck(data, req, res, next)) return;
+    await MeasurementModel.findByIdAndUpdate(req.params.id, {status: -1}).lean().exec(async err => {
+      if (err) return next(err);
+      res.json({status: 'OK'});
+    });
+  });
+});
+
 router.post('/measurement/new', async (req, res, next) => {
  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;