Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Tests
- const request = require('supertest');
- const mongoose = require('mongoose');
- const app = require('../src/app');
- const Task = require('../src/models/task');
- const Project = require('../src/models/project');
- const {
- setUpDatabase,
- userOne,
- userTwo,
- taskOne,
- taskTwo,
- listOne,
- listTwo,
- projectOne,
- projectTwo,
- authorizedUserOneToken,
- authorizedUserTwoToken,
- } = require('./setupTests');
- describe('Creating Projects', () => {
- beforeAll(setUpDatabase);
- test('Should create a project for User One', async () => {
- const newProj = {
- _id: new mongoose.Types.ObjectId(),
- name: 'new project for user one',
- };
- const authToken = await authorizedUserOneToken();
- await request(app)
- .post('/projects')
- .set('Authorization', authToken)
- .send(newProj)
- .expect(201);
- const project = await Project.findById(newProj._id);
- expect(project).not.toBeNull();
- });
- test('Should not create a project with blank name', async () => {
- const newProj = {
- _id: new mongoose.Types.ObjectId(),
- name: ' ',
- };
- const authToken = await authorizedUserOneToken();
- await request(app)
- .post('/projects')
- .set('Authorization', authToken)
- .send(newProj)
- .expect(400);
- const project = await Project.findById(newProj._id);
- expect(project).toBeNull();
- });
- });
- describe('Reading Projects', () => {
- beforeAll(setUpDatabase);
- test('Should read project by ID', async () => {
- const authToken = await authorizedUserOneToken();
- const response = await request(app)
- .get(`/projects/${projectOne._id}`)
- .set('Authorization', authToken)
- .expect(200);
- expect(response.body.project.name).toBe(projectOne.name);
- });
- test('Should not read project by ID for a user that is not the owner or team member', async () => {
- const authToken = await authorizedUserOneToken();
- await request(app)
- .get(`/projects/${projectTwo._id}`)
- .set('Authorization', authToken)
- .expect(400);
- });
- test('Should read all projects for user', async () => {
- const authToken = await authorizedUserOneToken();
- const response = await request(app)
- .get(`/projects`)
- .set('Authorization', authToken)
- .expect(200);
- expect(response.body.projects.length).toBe(1);
- });
- });
- describe('Updating Projects', () => {
- beforeEach(setUpDatabase);
- test('Should update name of project by id', async () => {
- const authToken = await authorizedUserOneToken();
- await request(app)
- .patch(`/projects/${projectOne._id}`)
- .set('Authorization', authToken)
- .send({ name: 'new project name' })
- .expect(200);
- const project = await Project.findById(projectOne._id);
- expect(project.name).not.toBe(projectOne.name);
- });
- test('Should not update project if changing unauthorized field like id', async () => {
- const authToken = await authorizedUserOneToken();
- await request(app)
- .patch(`/projects/${projectOne._id}`)
- .set('Authorization', authToken)
- .send({ _id: new mongoose.Types.ObjectId(), name: 'new project name' })
- .expect(400);
- const project = await Project.findById(projectOne._id);
- expect(project.name).toBe(projectOne.name);
- });
- });
- describe('Deleting Projects', () => {
- beforeEach(setUpDatabase);
- test('Should delete project by ID with authorized user', async () => {
- const authToken = await authorizedUserTwoToken();
- await request(app)
- .delete(`/projects/${projectTwo._id}`)
- .set('Authorization', authToken)
- .send()
- .expect(200);
- const project = await Project.findById(projectTwo._id);
- expect(project).toBeNull();
- });
- test('Should not delete project by ID with unauthorized user', async () => {
- const authToken = await authorizedUserTwoToken();
- await request(app)
- .delete(`/projects/${projectOne._id}`)
- .set('Authorization', authToken)
- .send()
- .expect(400);
- const project = await Project.findById(projectOne._id);
- expect(project).not.toBeNull();
- });
- });
- // Project auth middleware
- const Project = require('../models/project');
- const projectAuth = async (req, res, next) => {
- try {
- const project = await Project.findById(req.params.id);
- let isAuthorized = project.owner.toString() === req.user._id.toString();
- // check if teammember
- if (!isAuthorized) {
- throw new Error();
- }
- req.project = project;
- next();
- } catch (error) {
- res.status(400).send();
- }
- };
- module.exports = projectAuth;
- // project router
- const express = require('express');
- const router = express.Router();
- const auth = require('../middleware/auth');
- const projectAuth = require('../middleware/projectAuth');
- const Project = require('../models/project');
- router.post('/projects', auth, async (req, res) => {
- try {
- const project = new Project(req.body);
- project.owner = req.user._id;
- await project.save();
- res.status(201).send(project);
- } catch (error) {
- res.status(400).send();
- }
- });
- router.get('/projects', auth, async (req, res) => {
- try {
- const projects = await Project.find({ owner: req.user._id });
- res.send({ projects });
- } catch (error) {
- res.status(400).send();
- }
- });
- router.get('/projects/:id', auth, projectAuth, (req, res) => {
- try {
- res.send({ project: req.project });
- } catch (error) {
- res.status(400).send();
- }
- });
- router.patch('/projects/:id', auth, projectAuth, async (req, res) => {
- try {
- const updatable = ['name'];
- const updates = Object.keys(req.body);
- const isValidUpdate = updates.every(update => updatable.includes(update));
- if (!isValidUpdate) {
- throw new Error();
- }
- updates.forEach(update => (req.project[update] = req.body[update]));
- await req.project.save();
- res.send({ project: req.project });
- } catch (error) {
- res.status(400).send();
- }
- });
- router.delete('/projects/:id', auth, projectAuth, async (req, res) => {
- try {
- const project = await req.project.remove();
- res.send({ project });
- } catch (error) {
- res.status(400).send();
- }
- });
- module.exports = router;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement