From c4752d12bad8f50bdc49a42ca01eba05f3c3525e Mon Sep 17 00:00:00 2001
From: VLE2FE <lukas.veit@de.bosch.com>
Date: Thu, 28 May 2020 13:16:15 +0200
Subject: [PATCH] adapted /measurements

---
 api/measurement.yaml           | 4 ++--
 src/routes/measurement.spec.ts | 9 +++++++++
 src/routes/measurement.ts      | 3 +++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/api/measurement.yaml b/api/measurement.yaml
index 298b04e..9116a8c 100644
--- a/api/measurement.yaml
+++ b/api/measurement.yaml
@@ -4,7 +4,7 @@
   get:
     summary: measurement values by id
     description: 'Auth: all, levels: read, write, maintain, dev, admin'
-    x-doc: status handling (accessible (only for maintain/admin))?  # TODO after decision
+    x-doc: deleted samples are available only for maintain/admin
     tags:
       - /measurement
     responses:
@@ -25,7 +25,7 @@
   put:
     summary: change measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
-    x-doc: status is reset to 0 on any changes
+    x-doc: status is reset to 0 on any changes, deleted measurements cannot be edited
     tags:
       - /measurement
     security:
diff --git a/src/routes/measurement.spec.ts b/src/routes/measurement.spec.ts
index 5af91a3..113847f 100644
--- a/src/routes/measurement.spec.ts
+++ b/src/routes/measurement.spec.ts
@@ -255,6 +255,15 @@ describe('/measurement', () => {
         httpStatus: 404
       });
     });
+    it('rejects editing a deleted measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000004',
+        auth: {basic: 'admin'},
+        httpStatus: 403,
+        req: {}
+      });
+    });
     it('rejects an API key', done => {
       TestHelper.request(server, done, {
         method: 'put',
diff --git a/src/routes/measurement.ts b/src/routes/measurement.ts
index 0d0f0f6..ab9d50e 100644
--- a/src/routes/measurement.ts
+++ b/src/routes/measurement.ts
@@ -38,6 +38,9 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
   if (!data) {
     return res.status(404).json({status: 'Not found'});
   }
+  if (data.status === globals.status.deleted) {
+    return res.status(403).json({status: 'Forbidden'});
+  }
 
   // add properties needed for sampleIdCheck
   measurement.measurement_template = data.measurement_template;