removed maintain user, constrained spctra access

2020-08-05 18:28:27 +02:00
parent 821b2664bd
commit a910371882
22 changed files with 357 additions and 221 deletions
--- a/src/routes/sample.spec.ts
+++ b/src/routes/sample.spec.ts
@ -262,7 +262,7 @@ describe('/sample', () => {
      TestHelper.request(server, done, {
        method: 'get',
        url: '/samples?status=all&fields[]=number&fields[]=measurements.spectrum.dpt',
-        auth: {basic: 'janedoe'},
+        auth: {basic: 'admin'},
        httpStatus: 200
      }).end((err, res) => {
        if (err) return done(err);
@ -379,6 +379,14 @@ describe('/sample', () => {
        done();
      });
    });
+    it('rejects returning spectral data for a write user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/samples?status=all&fields[]=number&fields[]=measurements.spectrum.dpt',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403
+      });
+    });
    it('rejects an invalid JSON string as a filters parameter', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -681,7 +689,25 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 33, carbon_fiber: 0}, numbers: ['5514262406']}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, measurements: [{_id: '800000000000000000000003', sample_id: '400000000000000000000003', values: {val1: 1}, measurement_template: '300000000000000000000003'}], user: 'admin'}
      });
    });
-    it('returns a deleted sample for a maintain/admin user', done => {
+    it ('filters out spectral data for a write user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/sample/400000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        res: {_id: '400000000000000000000001', number: '1', type: 'granulate', color: 'black', batch: '', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {numbers: ['5513933405'], _id: '100000000000000000000004', name: 'Schulamid 66 GF 25 H', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 25, carbon_fiber: 0}, group: 'PA66', supplier: 'Schulmann'}, user: 'janedoe', notes: {}, measurements: [{_id: '800000000000000000000001', sample_id: '400000000000000000000001', values: {device: 'Alpha I'}, measurement_template: '300000000000000000000001'}, {_id: '800000000000000000000007', sample_id: '400000000000000000000001', values: {device: 'Alpha II'}, measurement_template: '300000000000000000000001'}]}
+      });
+    });
+    it ('returns spectral data for an admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/sample/400000000000000000000001',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {_id: '400000000000000000000001', number: '1', type: 'granulate', color: 'black', batch: '', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {numbers: ['5513933405'], _id: '100000000000000000000004', name: 'Schulamid 66 GF 25 H', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 25, carbon_fiber: 0}, group: 'PA66', supplier: 'Schulmann'}, user: 'janedoe', notes: {}, measurements: [{_id: '800000000000000000000001', sample_id: '400000000000000000000001', values: {dpt: [[ 3997.12558, 98.00555 ], [ 3995.08519, 98.03253 ], [ 3993.0448, 98.02657 ]],device: 'Alpha I'}, measurement_template: '300000000000000000000001'}, {_id: '800000000000000000000007', sample_id: '400000000000000000000001', values: {dpt: [[ 3996.12558, 98.00555 ], [ 3995.08519, 98.03253 ], [ 3993.0448, 98.02657 ]], device: 'Alpha II'}, measurement_template: '300000000000000000000001'}]}
+      });
+    });
+    it('returns a deleted sample for a dev/admin user', done => {
      TestHelper.request(server, done, {
        method: 'get',
        url: '/sample/400000000000000000000005',
@ -830,7 +856,7 @@ describe('/sample', () => {
        url: '/sample/400000000000000000000001',
        auth: {basic: 'janedoe'},
        httpStatus: 200,
-        req: {type: 'other', color: 'signalviolet', batch: '114531', condition: {condition_template: '200000000000000000000003'}, material_id: '100000000000000000000002', notes: {comment: 'Testcomment', sample_references: [{sample_id: '400000000000000000000003', relation: 'part to this sample'}]}}
+        req: {type: 'part', color: 'signalviolet', batch: '114531', condition: {condition_template: '200000000000000000000003'}, material_id: '100000000000000000000002', notes: {comment: 'Testcomment', sample_references: [{sample_id: '400000000000000000000003', relation: 'part to this sample'}]}}
      }).end(err => {
        if (err) return done (err);
        SampleModel.findById('400000000000000000000001').lean().exec((err, data: any) => {
@ -839,7 +865,7 @@ describe('/sample', () => {
          should(data).have.property('_id');
          should(data).have.property('number', '1');
          should(data).have.property('color', 'signalviolet');
-          should(data).have.property('type', 'other');
+          should(data).have.property('type', 'part');
          should(data).have.property('batch', '114531');
          should(data).have.property('condition', {condition_template: '200000000000000000000003'});
          should(data.material_id.toString()).be.eql('100000000000000000000002');
@ -1061,7 +1087,7 @@ describe('/sample', () => {
        auth: {basic: 'janedoe'},
        httpStatus: 400,
        req: {type: 'xx'},
-        res: {status: 'Invalid body format', details: '"type" must be one of [granulate, part, tension rod, other]'}
+        res: {status: 'Invalid body format', details: '"type" must be one of [granulate, part, tension rod]'}
      });
    });
    it('allows keeping an empty condition empty', done => {
@ -1131,7 +1157,7 @@ describe('/sample', () => {
        req: {}
      });
    });
-    it('accepts changes for samples from another user for a maintain/admin user', done => {
+    it('accepts changes for samples from another user for a dev/admin user', done => {
      TestHelper.request(server, done, {
        method: 'put',
        url: '/sample/400000000000000000000001',
@ -1270,7 +1296,7 @@ describe('/sample', () => {

      });
    });
-    it('lets admin/maintain users delete samples of other users', done => {
+    it('lets admin/dev users delete samples of other users', done => {
      TestHelper.request(server, done, {
        method: 'delete',
        url: '/sample/400000000000000000000001',
@ -1372,7 +1398,7 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 33, carbon_fiber: 0}, numbers: ['5514262406']}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, measurements: [{_id: '800000000000000000000003', sample_id: '400000000000000000000003', values: {val1: 1}, measurement_template: '300000000000000000000003'}], user: 'admin'}
      });
    });
-    it('returns a deleted sample for a maintain/admin user', done => {
+    it('returns a deleted sample for a dev/admin user', done => {
      TestHelper.request(server, done, {
        method: 'get',
        url: '/sample/number/Rng33',
@ -1381,6 +1407,24 @@ describe('/sample', () => {
        res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 33, carbon_fiber: 0}, numbers: ['5514262406']}, notes: {}, measurements: [], user: 'admin'}
      });
    });
+    it ('filters out spectral data for a write user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/sample/number/1',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        res: {_id: '400000000000000000000001', number: '1', type: 'granulate', color: 'black', batch: '', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {numbers: ['5513933405'], _id: '100000000000000000000004', name: 'Schulamid 66 GF 25 H', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 25, carbon_fiber: 0}, group: 'PA66', supplier: 'Schulmann'}, user: 'janedoe', notes: {}, measurements: [{_id: '800000000000000000000001', sample_id: '400000000000000000000001', values: {device: 'Alpha I'}, measurement_template: '300000000000000000000001'}, {_id: '800000000000000000000007', sample_id: '400000000000000000000001', values: {device: 'Alpha II'}, measurement_template: '300000000000000000000001'}]}
+      });
+    });
+    it ('returns spectral data for an admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/sample/number/1',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {_id: '400000000000000000000001', number: '1', type: 'granulate', color: 'black', batch: '', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {numbers: ['5513933405'], _id: '100000000000000000000004', name: 'Schulamid 66 GF 25 H', properties: {material_template: '130000000000000000000003', mineral: 0, glass_fiber: 25, carbon_fiber: 0}, group: 'PA66', supplier: 'Schulmann'}, user: 'janedoe', notes: {}, measurements: [{_id: '800000000000000000000001', sample_id: '400000000000000000000001', values: {dpt: [[ 3997.12558, 98.00555 ], [ 3995.08519, 98.03253 ], [ 3993.0448, 98.02657 ]],device: 'Alpha I'}, measurement_template: '300000000000000000000001'}, {_id: '800000000000000000000007', sample_id: '400000000000000000000001', values: {dpt: [[ 3996.12558, 98.00555 ], [ 3995.08519, 98.03253 ], [ 3993.0448, 98.02657 ]], device: 'Alpha II'}, measurement_template: '300000000000000000000001'}]}
+      });
+    });
    it('returns 403 for a write user when requesting a deleted sample', done => {
      TestHelper.request(server, done, {
        method: 'get',
@ -1523,24 +1567,38 @@ describe('/sample', () => {
        }
      });
    });
-    it('rejects validating a sample without condition', done => {
+    it('allows validating a sample without condition', done => {
      TestHelper.request(server, done, {
        method: 'put',
        url: '/sample/validate/400000000000000000000006',
        auth: {basic: 'admin'},
-        httpStatus: 400,
-        req: {},
-        res: {status: 'Sample without condition cannot be valid'}
+        httpStatus: 200,
+        req: {}
+      }).end((err, res) => {
+        if (err) return done (err);
+        should(res.body).be.eql({status: 'OK'});
+        SampleModel.findById('400000000000000000000006').lean().exec((err, data: any) => {
+          if (err) return done(err);
+          should(data).have.property('status',globals.status.validated);
+          done();
+        });
      });
    });
-    it('rejects validating a sample without measurements', done => {
+    it('allows validating a sample without measurements', done => {
      TestHelper.request(server, done, {
        method: 'put',
        url: '/sample/validate/400000000000000000000004',
        auth: {basic: 'admin'},
-        httpStatus: 400,
-        req: {},
-        res: {status: 'Sample without measurements cannot be valid'}
+        httpStatus: 200,
+        req: {}
+      }).end((err, res) => {
+        if (err) return done (err);
+        should(res.body).be.eql({status: 'OK'});
+        SampleModel.findById('400000000000000000000004').lean().exec((err, data: any) => {
+          if (err) return done(err);
+          should(data).have.property('status',globals.status.validated);
+          done();
+        });
      });
    });
    it('rejects an API key', done => {
@ -1954,7 +2012,7 @@ describe('/sample', () => {
        auth: {basic: 'janedoe'},
        httpStatus: 400,
        req: {color: 'black', type: 'xx', batch: '1560237365', material_id: '100000000000000000000001', notes: {comment: 'Testcomment'}},
-        res: {status: 'Invalid body format', details: '"type" must be one of [granulate, part, tension rod, other]'}
+        res: {status: 'Invalid body format', details: '"type" must be one of [granulate, part, tension rod]'}
      });
    });
    it('rejects an API key', done => {