Archived
2

Merge pull request #12 in ~VLE2FE/dfop-api from status-handling to develop

* commit 'd924ee5a8cfc9d1f7644ff4af9de2d5f36c71522':
  restore measurements
  restore materials
  restore samples
  adapted /materials
  adapted /measurements
  delete measurements with sample
  adjusted PUT /sample/{id}
This commit is contained in:
Veit Lukas (PEA4-Fe) 2020-05-28 15:09:25 +02:00
commit c7d25bd7cb
11 changed files with 395 additions and 35 deletions

View File

@ -48,7 +48,7 @@
get:
summary: get material details
description: 'Auth: all, levels: read, write, maintain, dev, admin'
x-doc: status handling (accessible (only for maintain/admin))? # TODO after decision
x-doc: deleted samples are available only for maintain/admin
tags:
- /material
responses:
@ -67,7 +67,7 @@
put:
summary: change material
description: 'Auth: basic, levels: write, maintain, dev, admin'
x-doc: status is reset to 0 on any changes
x-doc: status is reset to 0 on any changes, deleted samples cannot be changed
tags:
- /material
security:
@ -117,6 +117,29 @@
500:
$ref: 'api.yaml#/components/responses/500'
/material/restore/{id}:
parameters:
- $ref: 'api.yaml#/components/parameters/Id'
put:
summary: restore material
description: 'Auth: basic, levels: maintain, admin'
x-doc: status is set to 0
tags:
- /material
security:
- BasicAuth: []
responses:
200:
$ref: 'api.yaml#/components/responses/Ok'
401:
$ref: 'api.yaml#/components/responses/401'
403:
$ref: 'api.yaml#/components/responses/403'
404:
$ref: 'api.yaml#/components/responses/404'
500:
$ref: 'api.yaml#/components/responses/500'
/material/new:
post:
summary: add material

View File

@ -4,7 +4,7 @@
get:
summary: measurement values by id
description: 'Auth: all, levels: read, write, maintain, dev, admin'
x-doc: status handling (accessible (only for maintain/admin))? # TODO after decision
x-doc: deleted samples are available only for maintain/admin
tags:
- /measurement
responses:
@ -25,7 +25,7 @@
put:
summary: change measurement
description: 'Auth: basic, levels: write, maintain, dev, admin'
x-doc: status is reset to 0 on any changes
x-doc: status is reset to 0 on any changes, deleted measurements cannot be edited
tags:
- /measurement
security:
@ -77,6 +77,29 @@
500:
$ref: 'api.yaml#/components/responses/500'
/measurement/restore/{id}:
parameters:
- $ref: 'api.yaml#/components/parameters/Id'
put:
summary: restore measurement
description: 'Auth: basic, levels: maintain, admin'
x-doc: status is set to 0
tags:
- /measurement
security:
- BasicAuth: []
responses:
200:
$ref: 'api.yaml#/components/responses/Ok'
401:
$ref: 'api.yaml#/components/responses/401'
403:
$ref: 'api.yaml#/components/responses/403'
404:
$ref: 'api.yaml#/components/responses/404'
500:
$ref: 'api.yaml#/components/responses/500'
/measurement/new:
post:
summary: add measurement

View File

@ -69,7 +69,7 @@
put:
summary: change sample
description: 'Auth: basic, levels: write, maintain, dev, admin <br>Only maintain and admin are allowed to edit samples created by another user'
x-doc: status is reset to 0 on any changes
x-doc: status is reset to 0 on any changes, deleted samples cannot be changed
tags:
- /sample
security:
@ -119,6 +119,29 @@
500:
$ref: 'api.yaml#/components/responses/500'
/sample/restore/{id}:
parameters:
- $ref: 'api.yaml#/components/parameters/Id'
put:
summary: restore sample
description: 'Auth: basic, levels: maintain, admin'
x-doc: status is set to 0
tags:
- /sample
security:
- BasicAuth: []
responses:
200:
$ref: 'api.yaml#/components/responses/Ok'
401:
$ref: 'api.yaml#/components/responses/401'
403:
$ref: 'api.yaml#/components/responses/403'
404:
$ref: 'api.yaml#/components/responses/404'
500:
$ref: 'api.yaml#/components/responses/500'
/sample/new:
post:
summary: add sample

View File

@ -14,6 +14,7 @@ import db from './db';
// TODO: coverage
// TODO: think about the display of deleted/new samples and validation in data and UI
// TODO: improve error coverage
// TODO: guess properties from material name in UI
// tell if server is running in debug or production environment
console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');

View File

@ -202,6 +202,23 @@ describe('/material', () => {
res: {_id: '100000000000000000000007', name: 'Ultramid A4H', supplier: 'BASF', group: 'PA66', mineral: 0, glass_fiber: 0, carbon_fiber: 0, numbers: [{color: 'black', number: ''}]}
});
});
it('returns a deleted material for a maintain/admin user', done => {
TestHelper.request(server, done, {
method: 'get',
url: '/material/100000000000000000000008',
auth: {basic: 'admin'},
httpStatus: 200,
res: {_id: '100000000000000000000008', name: 'Latamid 66 H 2 G 30', supplier: 'LATI', group: 'PA66', mineral: 0, glass_fiber: 30, carbon_fiber: 0, numbers: [{color: 'blue', number: '5513943509'}]}
});
});
it('returns 403 for a write user when requesting a deleted material', done => {
TestHelper.request(server, done, {
method: 'get',
url: '/material/100000000000000000000008',
auth: {basic: 'janedoe'},
httpStatus: 403
});
});
it('rejects an invalid id', done => {
TestHelper.request(server, done, {
method: 'get',
@ -361,6 +378,15 @@ describe('/material', () => {
req: {},
});
});
it('rejects editing a deleted material', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/100000000000000000000008',
auth: {basic: 'janedoe'},
httpStatus: 403,
req: {}
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
@ -468,6 +494,61 @@ describe('/material', () => {
});
});
describe('PUT /material/restore/{id}', () => {
it('sets the status', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/restore/100000000000000000000008',
auth: {basic: 'admin'},
httpStatus: 200,
req: {}
}).end((err, res) => {
if (err) return done (err);
should(res.body).be.eql({status: 'OK'});
MaterialModel.findById('100000000000000000000008').lean().exec((err, data: any) => {
if (err) return done(err);
should(data).have.property('status',globals.status.new);
done();
});
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/restore/100000000000000000000008',
auth: {key: 'admin'},
httpStatus: 401,
req: {}
});
});
it('rejects a write user', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/restore/100000000000000000000008',
auth: {basic: 'janedoe'},
httpStatus: 403,
req: {}
});
});
it('returns 404 for an unknown sample', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/restore/000000000000000000000008',
auth: {basic: 'admin'},
httpStatus: 404,
req: {}
});
});
it('rejects unauthorized requests', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/material/restore/100000000000000000000008',
httpStatus: 401,
req: {}
});
});
});
describe('POST /material/new', () => {
it('returns the right material', done => {
TestHelper.request(server, done, {

View File

@ -34,14 +34,14 @@ router.get('/materials/:group(new|deleted)', (req, res, next) => {
router.get('/material/' + IdValidate.parameter(), (req, res, next) => {
if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'all')) return;
MaterialModel.findById(req.params.id).lean().exec((err, data) => {
MaterialModel.findById(req.params.id).lean().exec((err, data: any) => {
if (err) return next(err);
if (data) {
if (!data) {
return res.status(404).json({status: 'Not found'});
}
if (data.status === globals.status.deleted && !req.auth(res, ['maintain', 'admin'], 'all')) return; // deleted materials only available for maintain/admin
res.json(MaterialValidate.output(data));
}
else {
res.status(404).json({status: 'Not found'});
}
});
});
@ -55,6 +55,9 @@ router.put('/material/' + IdValidate.parameter(), (req, res, next) => {
if (!materialData) {
return res.status(404).json({status: 'Not found'});
}
if (materialData.status === globals.status.deleted) {
return res.status(403).json({status: 'Forbidden'});
}
if (material.hasOwnProperty('name') && material.name !== materialData.name) {
if (!await nameCheck(material, res, next)) return;
}
@ -92,6 +95,19 @@ router.delete('/material/' + IdValidate.parameter(), (req, res, next) => {
});
});
router.put('/material/restore/' + IdValidate.parameter(), (req, res, next) => {
if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
MaterialModel.findByIdAndUpdate(req.params.id, {status: globals.status.new}).lean().exec((err, data) => {
if (err) return next(err);
if (!data) {
return res.status(404).json({status: 'Not found'});
}
res.json({status: 'OK'});
});
});
router.post('/material/new', async (req, res, next) => {
if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;

View File

@ -3,8 +3,6 @@ import MeasurementModel from '../models/measurement';
import TestHelper from "../test/helper";
import globals from '../globals';
// TODO: restore measurements for m/a
describe('/measurement', () => {
let server;
@ -255,6 +253,15 @@ describe('/measurement', () => {
httpStatus: 404
});
});
it('rejects editing a deleted measurement', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/800000000000000000000004',
auth: {basic: 'admin'},
httpStatus: 403,
req: {}
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
@ -358,6 +365,61 @@ describe('/measurement', () => {
});
});
describe('PUT /measurement/restore/{id}', () => {
it('sets the status', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/restore/800000000000000000000004',
auth: {basic: 'admin'},
httpStatus: 200,
req: {}
}).end((err, res) => {
if (err) return done (err);
should(res.body).be.eql({status: 'OK'});
MeasurementModel.findById('800000000000000000000004').lean().exec((err, data: any) => {
if (err) return done(err);
should(data).have.property('status',globals.status.new);
done();
});
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/restore/800000000000000000000004',
auth: {key: 'admin'},
httpStatus: 401,
req: {}
});
});
it('rejects a write user', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/restore/800000000000000000000004',
auth: {basic: 'janedoe'},
httpStatus: 403,
req: {}
});
});
it('returns 404 for an unknown sample', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/restore/000000000000000000000004',
auth: {basic: 'admin'},
httpStatus: 404,
req: {}
});
});
it('rejects unauthorized requests', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/measurement/restore/800000000000000000000004',
httpStatus: 401,
req: {}
});
});
});
describe('POST /measurement/new', () => {
it('returns the right measurement', done => {
TestHelper.request(server, done, {

View File

@ -38,6 +38,9 @@ router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
if (!data) {
return res.status(404).json({status: 'Not found'});
}
if (data.status === globals.status.deleted) {
return res.status(403).json({status: 'Forbidden'});
}
// add properties needed for sampleIdCheck
measurement.measurement_template = data.measurement_template;
@ -75,6 +78,19 @@ router.delete('/measurement/' + IdValidate.parameter(), (req, res, next) => {
});
});
router.put('/measurement/restore/' + IdValidate.parameter(), (req, res, next) => {
if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
MeasurementModel.findByIdAndUpdate(req.params.id, {status: globals.status.new}).lean().exec((err, data) => {
if (err) return next(err);
if (!data) {
return res.status(404).json({status: 'Not found'});
}
res.json({status: 'OK'});
});
});
router.post('/measurement/new', async (req, res, next) => {
if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;

View File

@ -2,15 +2,16 @@ import should from 'should/as-function';
import SampleModel from '../models/sample';
import NoteModel from '../models/note';
import NoteFieldModel from '../models/note_field';
import MeasurementModel from '../models/measurement';
import TestHelper from "../test/helper";
import globals from '../globals';
import mongoose from 'mongoose';
// TODO: generate output for ML in format DPT -> data, implement filtering, field selection
// TODO: generate csv
// TODO: filter by not completely filled/no measurements
// TODO: write script for data import
// TODO: delete everything (measurements, condition) with sample
// TODO: allow adding sample numbers for existing samples
// TODO: Do not allow validation or measurement entry without condition
@ -187,7 +188,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
});
});
it('works with an API key', done => {
TestHelper.request(server, done, {
method: 'get',
@ -197,7 +197,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000003', number: '33', type: 'part', color: 'black', batch: '1704-005', condition: {material: 'copper', weeks: 3, condition_template: '200000000000000000000001'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {comment: '', sample_references: [{sample_id: '400000000000000000000004', relation: 'granulate to sample'}], custom_fields: {'not allowed for new applications': true}}, user: 'admin'}
});
});
it('returns a deleted sample for a maintain/admin user', done => {
TestHelper.request(server, done, {
method: 'get',
@ -207,7 +206,6 @@ describe('/sample', () => {
res: {_id: '400000000000000000000005', number: 'Rng33', type: 'granulate', color: 'black', batch: '1653000308', condition: {condition_template: '200000000000000000000003'}, material: {_id: '100000000000000000000005', name: 'Amodel A 1133 HS', supplier: 'Solvay', group: 'PPA', mineral: 0, glass_fiber: 33, carbon_fiber: 0, numbers: [{color: 'black', number: '5514262406'}]}, notes: {}, user: 'admin'}
});
});
it('returns 403 for a write user when requesting a deleted sample', done => {
TestHelper.request(server, done, {
method: 'get',
@ -216,7 +214,6 @@ describe('/sample', () => {
httpStatus: 403
});
});
it('returns 404 for an unknown sample', done => {
TestHelper.request(server, done, {
method: 'get',
@ -225,7 +222,6 @@ describe('/sample', () => {
httpStatus: 404
});
});
it('rejects an invalid id', done => {
TestHelper.request(server, done, {
method: 'get',
@ -234,7 +230,6 @@ describe('/sample', () => {
httpStatus: 404
});
});
it('rejects unauthorized requests', done => {
TestHelper.request(server, done, {
method: 'get',
@ -589,6 +584,15 @@ describe('/sample', () => {
res: {status: 'Condition template not available'}
});
});
it('rejects editing a deleted sample', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/400000000000000000000005',
auth: {basic: 'admin'},
httpStatus: 403,
req: {}
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
@ -749,6 +753,24 @@ describe('/sample', () => {
});
});
});
it('deletes associated measurements', done => {
TestHelper.request(server, done, {
method: 'delete',
url: '/sample/400000000000000000000001',
auth: {basic: 'janedoe'},
httpStatus: 200
}).end((err, res) => {
if (err) return done(err);
should(res.body).be.eql({status: 'OK'});
MeasurementModel.find({sample_id: mongoose.Types.ObjectId('400000000000000000000001')}).lean().exec((err, data: any) => {
if (err) return done(err);
should(data).matchEach(sample => {
should(sample).have.property('status', -1);
});
done();
});
});
});
it('rejects deleting samples of other users for write users', done => {
TestHelper.request(server, done, {
method: 'delete',
@ -765,7 +787,6 @@ describe('/sample', () => {
httpStatus: 404
});
});
it('rejects deleting a sample referenced by conditions'); // TODO after decision
it('rejects requests from a read user', done => {
TestHelper.request(server, done, {
method: 'delete',
@ -799,6 +820,61 @@ describe('/sample', () => {
});
});
describe('PUT /sample/restore/{id}', () => {
it('sets the status', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/restore/400000000000000000000005',
auth: {basic: 'admin'},
httpStatus: 200,
req: {}
}).end((err, res) => {
if (err) return done (err);
should(res.body).be.eql({status: 'OK'});
SampleModel.findById('400000000000000000000005').lean().exec((err, data: any) => {
if (err) return done(err);
should(data).have.property('status',globals.status.new);
done();
});
});
});
it('rejects an API key', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/restore/400000000000000000000005',
auth: {key: 'admin'},
httpStatus: 401,
req: {}
});
});
it('rejects a write user', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/restore/400000000000000000000005',
auth: {basic: 'janedoe'},
httpStatus: 403,
req: {}
});
});
it('returns 404 for an unknown sample', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/restore/000000000000000000000005',
auth: {basic: 'admin'},
httpStatus: 404,
req: {}
});
});
it('rejects unauthorized requests', done => {
TestHelper.request(server, done, {
method: 'put',
url: '/sample/restore/400000000000000000000005',
httpStatus: 401,
req: {}
});
});
});
describe('POST /sample/new', () => {
it('returns the right sample', done => {
TestHelper.request(server, done, {

View File

@ -10,7 +10,7 @@ import MaterialModel from '../models/material';
import NoteModel from '../models/note';
import NoteFieldModel from '../models/note_field';
import IdValidate from './validate/id';
import mongoose from "mongoose";
import mongoose from 'mongoose';
import ConditionTemplateModel from '../models/condition_template';
import ParametersValidate from './validate/parameters';
import globals from '../globals';
@ -69,6 +69,9 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
if (!sampleData) {
return res.status(404).json({status: 'Not found'});
}
if (sampleData.status === globals.status.deleted) {
return res.status(403).json({status: 'Forbidden'});
}
// only maintain and admin are allowed to edit other user's data
if (sampleData.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return;
@ -138,6 +141,11 @@ router.delete('/sample/' + IdValidate.parameter(), (req, res, next) => {
await SampleModel.findByIdAndUpdate(req.params.id, {status:globals.status.deleted}).lean().exec(err => { // set sample status
if (err) return next(err);
// set status of associated measurements also to deleted
MeasurementModel.update({sample_id: mongoose.Types.ObjectId(req.params.id)}, {status: -1}).lean().exec(err => {
if (err) return next(err);
if (sampleData.note_id !== null) { // handle notes
NoteModel.findById(sampleData.note_id).lean().exec((err, data: any) => { // find notes to update note_fields
if (err) return next(err);
@ -153,6 +161,20 @@ router.delete('/sample/' + IdValidate.parameter(), (req, res, next) => {
});
});
});
});
router.put('/sample/restore/' + IdValidate.parameter(), (req, res, next) => {
if (!req.auth(res, ['maintain', 'admin'], 'basic')) return;
SampleModel.findByIdAndUpdate(req.params.id, {status: globals.status.new}).lean().exec((err, data) => {
if (err) return next(err);
if (!data) {
return res.status(404).json({status: 'Not found'});
}
res.json({status: 'OK'});
});
});
router.post('/sample/new', async (req, res, next) => {
if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;

View File

@ -268,6 +268,23 @@
],
"status": 0,
"__v": 0
},
{
"_id": {"$oid":"100000000000000000000008"},
"name": "Latamid 66 H 2 G 30",
"supplier": "LATI",
"group": "PA66",
"mineral": 0,
"glass_fiber": 30,
"carbon_fiber": 0,
"numbers": [
{
"color": "blue",
"number": "5513943509"
}
],
"status": -1,
"__v": 0
}
],
"measurements": [