Merge ae2ba1e into 0f9080e

Cavdy · Apr 15, 2019 · 6fe91ad · 6fe91ad
2 parents 0f9080e + ae2ba1e
commit 6fe91ad
Show file tree

Hide file tree

Showing 7 changed files with 366 additions and 88 deletions.
diff --git a/api/v1/app.js b/api/v1/app.js
@@ -13,7 +13,7 @@ import UsersRoute from './routes/users';
 
 // instantiate expressjs
 const app = express();
-const PORT = process.env.PORT || 5900;
+const PORT = process.env.PORT || 5100;
 
 app.use(cors());
 

diff --git a/api/v1/controllers/createAccount.js b/api/v1/controllers/createAccount.js
@@ -7,10 +7,7 @@ const CreateAccountController = {
     // verify jwt token
     jwt.verify(req.token, '5634', (err, authorizedData) => {
       if (err) {
-        return res.json({
-          status: 403,
-          data: 'You must be logged in to create an account',
-        }).status(403);
+        return res.sendStatus(403);
       }
       const createdAccount = CreateAccountService.createAccount(accountData, authorizedData);
       return res.json({

diff --git a/api/v1/services/transaction.js b/api/v1/services/transaction.js
@@ -8,7 +8,7 @@ const { transactions } = transactionsData;
 
 const TransactionService = {
   debitTransaction(accountNumber, loggedInUser, transactionData) {
-    if (loggedInUser.loggedUser.type === 'staff') {
+    if (loggedInUser.loggedUser.type === 'staff' || loggedInUser.loggedUser.isAdmin === true) {
       // eslint-disable-next-line no-plusplus
       for (let i = 0; i <= accounts.length - 1; i++) {
         // eslint-disable-next-line eqeqeq
@@ -34,7 +34,7 @@ const TransactionService = {
     return 'you must be a staff to perform this transaction';
   },
   creditTransaction(accountNumber, loggedInUser, transactionData) {
-    if (loggedInUser.loggedUser.type === 'staff') {
+    if (loggedInUser.loggedUser.type === 'staff' || loggedInUser.loggedUser.isAdmin === true) {
       // eslint-disable-next-line no-plusplus
       for (let i = 0; i <= accounts.length - 1; i++) {
         // eslint-disable-next-line eqeqeq

diff --git a/api/v1/test/accounts.js b/api/v1/test/accounts.js
@@ -11,69 +11,120 @@ describe('Testing Accounts Controller', () => {
     it(
       'accounts should have all required details',
       (done) => {
+        const signinUrl = '/api/auth/signin';
         chai.request(app)
-          .post('/api/v1/accounts/')
+          .post(signinUrl)
           .send({
-            type: 'savings',
+            email: 'banka@banka.com',
+            password: 'passworD1@',
           })
           .end((error, response) => {
-            expect(response.body).to.be.an('object');
-            // fails to test due to route being protected but everything is working fine
-            //   expect(response.body.status).to.equal('success');
-            //   expect(response.body.data).to.have.property('id');
-            //   expect(response.body.data).to.have.property('firstName');
-            //   expect(response.body.data).to.have.property('lastName');
-            //   expect(response.body.data).to.have.property('email');
-            //   expect(response.body.data).to.have.property('accountNumber');
-            //   expect(response.body.data).to.have.property('createdOn');
-            //   expect(response.body.data).to.have.property('owner');
-            //   expect(response.body.data).to.have.property('status');
-            //   expect(response.body.data).to.have.property('type');
-            //   expect(response.body.data).to.have.property('balance');
+            const { token } = response.body.data;
+            chai.request(app)
+              .post('/api/v1/accounts')
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                status: 'dormant',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.have.property('id');
+                expect(res.body.data).to.have.property('firstName');
+                expect(res.body.data).to.have.property('lastName');
+                expect(res.body.data).to.have.property('email');
+                expect(res.body.data).to.have.property('accountNumber');
+                expect(res.body.data).to.have.property('createdOn');
+                expect(res.body.data).to.have.property('owner');
+                expect(res.body.data).to.have.property('balance');
+              });
             done();
           });
       },
     );
 
-    it('should be able to patch account', (done) => {
-      chai.request(app)
-        .patch('/api/v1/accounts/306363789207')
-        .send({
-          status: 'dormant',
-        })
-        .end((error, response) => {
-          expect(response.body).to.be.an('object');
-          // remove the checkToken from app.js to test this
-          //   expect(response.body.status).to.equal('success');
-          //   expect(response.body.data.status).to.equal('dormant');
-          done();
-        });
-    });
+    it(
+      'should not patch account if not staff or admin',
+      (done) => {
+        const signinUrl = '/api/auth/signin';
+        chai.request(app)
+          .post(signinUrl)
+          .send({
+            email: 'banka@banka.com',
+            password: 'passworD1@',
+          })
+          .end((error, response) => {
+            const { token } = response.body.data;
+            chai.request(app)
+              .patch('/api/v1/accounts/306363789207')
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                status: 'dormant',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task');
+              });
+            done();
+          });
+      },
+    );
 
-    it('should be able to delete account', (done) => {
-      chai.request(app)
-        .delete('/api/v1/accounts/307363789207')
-        .send()
-        .end((error, response) => {
-          expect(response.body).to.be.an('object');
-          // remove the checkToken from app.js to test this
-          //   expect(response.body.status).to.equal('success');
-          //   expect(response.body.data).to.equal('account deleted');
-          done();
-        });
-    });
+    it(
+      'should not delete account if not staff or admin',
+      (done) => {
+        const signinUrl = '/api/auth/signin';
+        chai.request(app)
+          .post(signinUrl)
+          .send({
+            email: 'banka@banka.com',
+            password: 'passworD1@',
+          })
+          .end((error, response) => {
+            const { token } = response.body.data;
+            chai.request(app)
+              .delete('/api/v1/accounts/306363789207')
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                status: 'dormant',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task');
+              });
+            done();
+          });
+      },
+    );
 
-    it('should notify when account does not exist', (done) => {
-      chai.request(app)
-        .delete('/api/v1/accounts/306363789299')
-        .send()
-        .end((error, response) => {
-          expect(response.body).to.be.an('object');
-          // remove the checkToken from app.js to test this
-          //   expect(response.body.status).to.equal('success');
-          //   expect(response.body.data).to.equal('no account found or account has been deleted');
-          done();
-        });
-    });
+    it(
+      'should notify when account does not exist',
+      (done) => {
+        const signinUrl = '/api/auth/signin';
+        chai.request(app)
+          .post(signinUrl)
+          .send({
+            email: 'banka3@banka.com',
+            password: 'passworD3@',
+          })
+          .end((error, response) => {
+            const { token } = response.body.data;
+            chai.request(app)
+              .delete('/api/v1/accounts/306363789299')
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                status: 'dormant',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.equal('no account found or account has been deleted');
+              });
+            done();
+          });
+      },
+    );
   });
 });
diff --git a/api/v1/test/signup.js b/api/v1/test/signup.js
@@ -9,6 +9,7 @@ chai.use(chaiHttp);
 describe('Testing User Controller', () => {
   describe('Testing signup controller', () => {
     const signupUrl = '/api/auth/signup';
+    const signupStaffUrl = '/api/auth/addstaff';
     it(
       'should register a new user when all the parameters are given',
       (done) => {
@@ -131,5 +132,71 @@ describe('Testing User Controller', () => {
           done();
         });
     });
+
+    it(
+      'should not create staffs if not admin',
+      (done) => {
+        const signinUrl = '/api/auth/signin';
+        chai.request(app)
+          .post(signinUrl)
+          .send({
+            email: 'banka2@banka.com',
+            password: 'passworD2@',
+          })
+          .end((error, response) => {
+            const { token } = response.body.data;
+            chai.request(app)
+              .post(signupStaffUrl)
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                firstName: 'cavdy',
+                lastName: 'isaiah',
+                email: 'banka4@banka.com',
+                password: 'passworD4@',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.equal('You must be an admin to create staffs');
+              });
+            done();
+          });
+      },
+    );
+
+    it(
+      'should create staffs if admin',
+      (done) => {
+        const signinUrl = '/api/auth/signin';
+        chai.request(app)
+          .post(signinUrl)
+          .send({
+            email: 'banka3@banka.com',
+            password: 'passworD3@',
+          })
+          .end((error, response) => {
+            const { token } = response.body.data;
+            chai.request(app)
+              .post(signupStaffUrl)
+              .set('Authorization', `Bearer ${token}`)
+              .send({
+                firstName: 'cavdy',
+                lastName: 'isaiah',
+                email: 'banka4@banka.com',
+                password: 'passworD4@',
+              })
+              .end((err, res) => {
+                expect(res.body).to.be.an('object');
+                expect(res.body.status).to.equal('success');
+                expect(res.body.data).to.be.a('object');
+                expect(res.body.data).to.have.property('id');
+                expect(res.body.data).to.have.property('firstName');
+                expect(res.body.data).to.have.property('lastName');
+                expect(res.body.data).to.have.property('email');
+              });
+            done();
+          });
+      },
+    );
   });
 });