From 90c88983912356e541ebdbf17c8b1bd6dbaa7314 Mon Sep 17 00:00:00 2001 From: VLE2FE Date: Fri, 29 May 2020 12:54:05 +0200 Subject: [PATCH] validation for material --- api/material.yaml | 23 ++++++++++++++++ src/routes/material.spec.ts | 55 +++++++++++++++++++++++++++++++++++++ src/routes/material.ts | 24 +++++++++++----- 3 files changed, 95 insertions(+), 7 deletions(-) diff --git a/api/material.yaml b/api/material.yaml index 3122e32..378628d 100644 --- a/api/material.yaml +++ b/api/material.yaml @@ -140,6 +140,29 @@ 500: $ref: 'api.yaml#/components/responses/500' +/material/validate/{id}: + parameters: + - $ref: 'api.yaml#/components/parameters/Id' + put: + summary: restore material + description: 'Auth: basic, levels: maintain, admin' + x-doc: status is set to 10 + tags: + - /material + security: + - BasicAuth: [] + responses: + 200: + $ref: 'api.yaml#/components/responses/Ok' + 401: + $ref: 'api.yaml#/components/responses/401' + 403: + $ref: 'api.yaml#/components/responses/403' + 404: + $ref: 'api.yaml#/components/responses/404' + 500: + $ref: 'api.yaml#/components/responses/500' + /material/new: post: summary: add material diff --git a/src/routes/material.spec.ts b/src/routes/material.spec.ts index 43a66ae..9645d1b 100644 --- a/src/routes/material.spec.ts +++ b/src/routes/material.spec.ts @@ -574,6 +574,61 @@ describe('/material', () => { }); }); + describe('PUT /material/validate/{id}', () => { + it('sets the status', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/validate/100000000000000000000007', + auth: {basic: 'admin'}, + httpStatus: 200, + req: {} + }).end((err, res) => { + if (err) return done (err); + should(res.body).be.eql({status: 'OK'}); + MaterialModel.findById('100000000000000000000007').lean().exec((err, data: any) => { + if (err) return done(err); + should(data).have.property('status',globals.status.validated); + done(); + }); + }); + }); + it('rejects an API key', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/validate/100000000000000000000007', + auth: {key: 'admin'}, + httpStatus: 401, + req: {} + }); + }); + it('rejects a write user', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/validate/100000000000000000000007', + auth: {basic: 'janedoe'}, + httpStatus: 403, + req: {} + }); + }); + it('returns 404 for an unknown sample', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/validate/000000000000000000000007', + auth: {basic: 'admin'}, + httpStatus: 404, + req: {} + }); + }); + it('rejects unauthorized requests', done => { + TestHelper.request(server, done, { + method: 'put', + url: '/material/validate/100000000000000000000007', + httpStatus: 401, + req: {} + }); + }); + }); + describe('POST /material/new', () => { it('returns the right material', done => { TestHelper.request(server, done, { diff --git a/src/routes/material.ts b/src/routes/material.ts index 2d95607..4be1137 100644 --- a/src/routes/material.ts +++ b/src/routes/material.ts @@ -111,14 +111,13 @@ router.delete('/material/' + IdValidate.parameter(), (req, res, next) => { router.put('/material/restore/' + IdValidate.parameter(), (req, res, next) => { if (!req.auth(res, ['maintain', 'admin'], 'basic')) return; - MaterialModel.findByIdAndUpdate(req.params.id, {status: globals.status.new}).lean().exec((err, data) => { - if (err) return next(err); + setStatus(globals.status.new, req, res, next); +}); - if (!data) { - return res.status(404).json({status: 'Not found'}); - } - res.json({status: 'OK'}); - }); +router.put('/material/validate/' + IdValidate.parameter(), (req, res, next) => { + if (!req.auth(res, ['maintain', 'admin'], 'basic')) return; + + setStatus(globals.status.validated, req, res, next); }); router.post('/material/new', async (req, res, next) => { @@ -191,4 +190,15 @@ async function supplierResolve (material, next) { material.supplier_id = supplierData._id; delete material.supplier; return material; +} + +function setStatus (status, req, res, next) { // set measurement status + MaterialModel.findByIdAndUpdate(req.params.id, {status: status}).lean().exec((err, data) => { + if (err) return next(err); + + if (!data) { + return res.status(404).json({status: 'Not found'}); + } + res.json({status: 'OK'}); + }); } \ No newline at end of file