From 400b38c19e8df0bee19b2e7524f8fe31b8c927ab Mon Sep 17 00:00:00 2001 From: cavdy Date: Wed, 17 Apr 2019 23:14:07 +0100 Subject: [PATCH] feature(connect patch and delete to database): connect patch and delete to database [Starts #165431071] --- server/v1/config/user.sql | 5 +- server/v1/controllers/createAccount.js | 11 +- server/v1/services/createAccount.js | 48 +++++--- server/v1/test/accounts.js | 162 ++++++++++++------------- 4 files changed, 125 insertions(+), 101 deletions(-) diff --git a/server/v1/config/user.sql b/server/v1/config/user.sql index 2b634ce..22a415d 100644 --- a/server/v1/config/user.sql +++ b/server/v1/config/user.sql @@ -21,4 +21,7 @@ SELECT email FROM users WHERE email=$1, ['email'] INSERT into users values($1), ['value'] -- delete from users table -DELETE FROM users; \ No newline at end of file +DELETE FROM users; + +-- admin +INSERT into users(email, firstName, lastName, password, type, isAdmin) values('admin@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', true) \ No newline at end of file diff --git a/server/v1/controllers/createAccount.js b/server/v1/controllers/createAccount.js index c40c840..94c7b49 100644 --- a/server/v1/controllers/createAccount.js +++ b/server/v1/controllers/createAccount.js @@ -10,21 +10,24 @@ const CreateAccountController = { data: createdAccount, }).status(201); }, + // patchAccount - patchAccount(req, res) { + async patchAccount(req, res) { const { accountNumber } = req.params; const accountStatus = req.body; - const updatedAccount = CreateAccountService + const updatedAccount = await CreateAccountService .patchAccount(accountNumber, accountStatus, req.authorizedData); return res.json({ status: 'success', data: updatedAccount, }).status(201); }, + // deleteAccount - deleteAccount(req, res) { + async deleteAccount(req, res) { const { accountNumber } = req.params; - const deleteAccount = CreateAccountService.deleteAccount(accountNumber, req.authorizedData); + const deleteAccount = await CreateAccountService + .deleteAccount(accountNumber, req.authorizedData); return res.json({ status: 'success', data: deleteAccount, diff --git a/server/v1/services/createAccount.js b/server/v1/services/createAccount.js index 58eaf5f..9853bcb 100644 --- a/server/v1/services/createAccount.js +++ b/server/v1/services/createAccount.js @@ -23,7 +23,7 @@ const CreateAccountService = { [userData.email, firstname, lastname, accountNumberGenerator, createdOn, id, accountData.type, status, balance]); if (response.command === 'INSERT') { const accountDbData = await dbConnection - .dbConnect('SELECT id, accountnumber, createdon, owner, type, status, balance FROM accounts WHERE accountNumber=$1', [accountNumberGenerator]); + .dbConnect('SELECT id, accountnumber, createdon, owner, type, status, balance FROM accounts WHERE accountnumber=$1', [accountNumberGenerator]); const account = new AccountModel(); account.id = accountDbData.rows[0].id; account.accountNumber = accountDbData.rows[0].accountnumber; @@ -40,16 +40,28 @@ const CreateAccountService = { return accountOutput; }, - patchAccount(accountNumber, accountUpdate, staff) { + + async patchAccount(accountNumber, accountUpdate, staff) { let account; - if (staff.loggedUser.type === 'staff' || staff.loggedUser.isAdmin === true) { + // pulling users data from database + const userDetails = await dbConnection + .dbConnect('SELECT type, isadmin FROM users WHERE email=$1', [staff.email]); + const { type, isadmin } = userDetails.rows[0]; + + if (type === 'staff' || isadmin === true) { // eslint-disable-next-line no-plusplus - for (let i = 0; i <= accounts.length - 1; i++) { - // eslint-disable-next-line eqeqeq - if (accounts[i].accountNumber == accountNumber) { - accounts[i].status = accountUpdate.status; - account = accounts[i]; + const accountDbData = await dbConnection + .dbConnect('SELECT accountnumber FROM accounts WHERE accountnumber=$1', [accountNumber]); + if (accountDbData.rows.length > 0) { + const updateAccount = await dbConnection + .dbConnect('UPDATE accounts SET status=$1 WHERE accountnumber=$2', [accountUpdate.status, accountNumber]); + if (updateAccount.command === 'UPDATE') { + const userDbData = await dbConnection.dbConnect('SELECT accountnumber, status FROM accounts WHERE accountnumber=$1', [accountNumber]); + const { accountnumber, status } = userDbData.rows[0]; + account = { accountnumber, status }; + } else { + account = 'Something wrong happened'; } } } else { @@ -57,17 +69,23 @@ const CreateAccountService = { } return account; }, - deleteAccount(accountNumber, staff) { + + async deleteAccount(accountNumber, staff) { let account; - if (staff.loggedUser.type === 'staff' || staff.loggedUser.isAdmin === true) { - const Account = accounts.find(mAccount => mAccount.accountNumber == accountNumber); + const userDetails = await dbConnection + .dbConnect('SELECT type, isadmin FROM users WHERE email=$1', [staff.email]); + const { type, isadmin } = userDetails.rows[0]; - if (typeof Account !== 'undefined') { - accounts.splice(Account.id - 1, 1); - account = 'account deleted'; + if (type === 'staff' || isadmin === true) { + const checkAccount = await dbConnection + .dbConnect('SELECT accountnumber FROM accounts WHERE accountnumber=$1', [accountNumber]); + if (checkAccount.rows.length > 0) { + const accountDbData = await dbConnection + .dbConnect('DELETE FROM accounts WHERE accountnumber=$1', [accountNumber]); + if (accountDbData.command === 'DELETE') account = 'Account successfully deleted'; } else { - account = 'no account found or account has been deleted'; + account = 'no account found'; } } else { account = 'Sorry you don\'t have permission to perform this task'; diff --git a/server/v1/test/accounts.js b/server/v1/test/accounts.js index 55c80f0..e402757 100644 --- a/server/v1/test/accounts.js +++ b/server/v1/test/accounts.js @@ -1,12 +1,17 @@ /* eslint-disable no-undef */ import chaiHttp from 'chai-http'; import chai, { expect } from 'chai'; +import dbConnection from '../config/database'; import app from '../app'; chai.use(chaiHttp); describe('Testing Accounts Controller', () => { + before(async () => { + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', ['admin@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', true]); + }); describe('Testing accounts controller', () => { it( 'accounts should have all required details', @@ -37,88 +42,83 @@ describe('Testing Accounts Controller', () => { }, ); - // it( - // 'should not patch account if not staff or admin', - // (done) => { - // const signinUrl = '/api/auth/signin'; - // chai.request(app) - // .post(signinUrl) - // .send({ - // email: 'banka@banka.com', - // password: 'passworD1@', - // }) - // .end((error, response) => { - // const { token } = response.body.data; - // chai.request(app) - // .patch('/api/v1/accounts/306363789207') - // .set('Authorization', `Bearer ${token}`) - // .send({ - // status: 'dormant', - // }) - // .end((err, res) => { - // expect(res.body).to.be.an('object'); - // expect(res.body.status).to.equal('success'); - // expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task'); - // }); - // done(); - // }); - // }, - // ); + it( + 'should not patch account if not staff or admin', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data[0]; + const res = await chai.request(app) + .post('/api/v1/accounts') + .set('Authorization', `Bearer ${token}`) + .send({ + type: 'savings', + }); + const { accountnumber } = res.body.data; + const res1 = await chai.request(app) + .patch(`/api/v1/accounts/${accountnumber}`) + .set('Authorization', `Bearer ${token}`) + .send({ + status: 'dormant', + }); + expect(res1.body).to.be.an('object'); + expect(res1.body.status).to.equal('success'); + expect(res1.body.data).to.equal('Sorry you don\'t have permission to perform this task'); + }, + ); - // it( - // 'should not delete account if not staff or admin', - // (done) => { - // const signinUrl = '/api/auth/signin'; - // chai.request(app) - // .post(signinUrl) - // .send({ - // email: 'banka@banka.com', - // password: 'passworD1@', - // }) - // .end((error, response) => { - // const { token } = response.body.data; - // chai.request(app) - // .delete('/api/v1/accounts/306363789207') - // .set('Authorization', `Bearer ${token}`) - // .send({ - // status: 'dormant', - // }) - // .end((err, res) => { - // expect(res.body).to.be.an('object'); - // expect(res.body.status).to.equal('success'); - // expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task'); - // }); - // done(); - // }); - // }, - // ); + it( + 'should not delete account if not staff or admin', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data[0]; + const res = await chai.request(app) + .post('/api/v1/accounts') + .set('Authorization', `Bearer ${token}`) + .send({ + type: 'savings', + }); + const { accountnumber } = res.body.data; + const res1 = await chai.request(app) + .delete(`/api/v1/accounts/${accountnumber}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res1.body).to.be.an('object'); + expect(res1.body.status).to.equal('success'); + expect(res1.body.data).to.equal('Sorry you don\'t have permission to perform this task'); + }, + ); - // it( - // 'should notify when account does not exist', - // (done) => { - // const signinUrl = '/api/auth/signin'; - // chai.request(app) - // .post(signinUrl) - // .send({ - // email: 'banka3@banka.com', - // password: 'passworD3@', - // }) - // .end((error, response) => { - // const { token } = response.body.data; - // chai.request(app) - // .delete('/api/v1/accounts/306363789299') - // .set('Authorization', `Bearer ${token}`) - // .send({ - // status: 'dormant', - // }) - // .end((err, res) => { - // expect(res.body).to.be.an('object'); - // expect(res.body.status).to.equal('success'); - // expect(res.body.data).to.equal('no account found or account has been deleted'); - // }); - // done(); - // }); - // }, - // ); + it( + 'should notify when account does not exist', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data[0]; + const res = await chai.request(app) + .delete('/api/v1/accounts/883939378372') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('no account found'); + }, + ); }); });