bug(only admin should be able to delete staffs):

only admin should be able to delete staffs [Finishes #165461164]
Cavdy · Apr 19, 2019 · e894a2d · e894a2d
1 parent 2327a18
commit e894a2d
Showing 1 changed file with 205 additions and 32 deletions.
diff --git a/server/swagger.json b/server/swagger.json
@@ -8,7 +8,6 @@
   "host": "bankaapp-api.herokuapp.com",
   "basePath": "/api",
   "schemes": [
-    "http",
     "https"
   ],
   "paths": {
@@ -63,21 +62,35 @@
         }
       }
     },
-    "/auth/signin": {
+    "/auth/signup/addstaff": {
       "post": {
         "tags": [
-          "Signin"
+          "Signup"
         ],
-        "summary": "Users can signup",
+        "summary": "Admin can signup staffs",
         "description": "this endpoint uses get request to create users",
-        "operationId": "signin",
+        "operationId": "signupstaff",
         "consumes": [
           "application/x-www-form-urlencoded"
         ],
         "produces": [
           "application/json"
         ],
         "parameters": [
+          {
+            "name": "firstName",
+            "in": "formData",
+            "description": "users firstname",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "lastName",
+            "in": "formData",
+            "description": "users lastname",
+            "required": true,
+            "type": "string"
+          },
           {
             "name": "email",
             "in": "formData",
@@ -91,48 +104,53 @@
             "description": "password",
             "required": true,
             "type": "string"
+          },
+          {
+            "name": "type",
+            "in": "formData",
+            "description": "staff",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "name": "isAdmin",
+            "in": "formData",
+            "description": "isAdmin",
+            "required": true,
+            "type": "boolean"
           }
         ],
         "responses": {
           "405": {
             "description": "Invalid input"
           }
-        }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
       }
     },
-    "/auth/addstaff": {
+    "/auth/signin": {
       "post": {
         "tags": [
-          "Add Staff"
+          "Signin"
         ],
-        "summary": "Admin can add staffs",
-        "description": "this endpoint allows admin to add staffs",
-        "operationId": "addstaff",
+        "summary": "Users can signup",
+        "description": "this endpoint uses get request to create users",
+        "operationId": "signin",
         "consumes": [
           "application/x-www-form-urlencoded"
         ],
         "produces": [
           "application/json"
         ],
         "parameters": [
-          {
-            "name": "firstName",
-            "in": "formData",
-            "description": "staff firstname",
-            "required": true,
-            "type": "string"
-          },
-          {
-            "name": "lastName",
-            "in": "formData",
-            "description": "staff lastname",
-            "required": true,
-            "type": "string"
-          },
           {
             "name": "email",
             "in": "formData",
-            "description": "staff email address",
+            "description": "users email address",
             "required": true,
             "type": "string"
           },
@@ -148,12 +166,7 @@
           "405": {
             "description": "Invalid input"
           }
-        },
-        "security": [
-          {
-            "JWT": []
-          }
-        ]
+        }
       }
     },
     "/v1/accounts": {
@@ -189,6 +202,28 @@
             "JWT": []
           }
         ]
+      },
+      "get": {
+        "tags": [
+          "Accounts"
+        ],
+        "summary": "Returns all accounts",
+        "description": "Staffs and admin can see all accounts",
+        "operationId": "getaccounts",
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [],
+        "responses": {
+          "200": {
+            "description": "successful operation"
+          }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
       }
     },
     "/v1/accounts/{accountNumber}": {
@@ -231,6 +266,109 @@
             "JWT": []
           }
         ]
+      },
+      "delete": {
+        "tags": [
+          "Accounts"
+        ],
+        "summary": "Staff and admin can delete account",
+        "description": "this endpoint allows staff and admin to delete account",
+        "operationId": "deleteaccount",
+        "consumes": [
+          "application/x-www-form-urlencoded"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [
+          {
+            "name": "accountNumber",
+            "in": "path",
+            "description": "users account number",
+            "required": true,
+            "type": "integer"
+          }
+        ],
+        "responses": {
+          "405": {
+            "description": "Invalid input"
+          }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
+      }
+    },
+    "/v1/accounts/{accountNumber}/transactions": {
+      "get": {
+        "tags": [
+          "Accounts"
+        ],
+        "summary": "User can view account transactions",
+        "description": "this endpoint allows allows users to view account transactions",
+        "operationId": "gettransactions",
+        "consumes": [
+          "application/x-www-form-urlencoded"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [
+          {
+            "name": "accountNumber",
+            "in": "path",
+            "description": "users account number",
+            "required": true,
+            "type": "integer"
+          }
+        ],
+        "responses": {
+          "405": {
+            "description": "Invalid input"
+          }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
+      }
+    },
+    "/v1/transactions/{transactionid}": {
+      "get": {
+        "tags": [
+          "Transactions"
+        ],
+        "summary": "User can view transactionid",
+        "description": "this endpoint allows allows users transactionid",
+        "operationId": "transactionid",
+        "consumes": [
+          "application/x-www-form-urlencoded"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [
+          {
+            "name": "transactionid",
+            "in": "path",
+            "description": "transaction id",
+            "required": true,
+            "type": "integer"
+          }
+        ],
+        "responses": {
+          "405": {
+            "description": "Invalid input"
+          }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
       }
     },
     "/v1/transactions/{accountNumber}/debit": {
@@ -341,6 +479,41 @@
         ]
       }
     },
+    "/v1/users/{email}/accounts": {
+      "delete": {
+        "tags": [
+          "Users"
+        ],
+        "summary": "users to view all their accounts",
+        "description": "this endpoint allows users to view all their account",
+        "operationId": "getaccountsbyuser",
+        "consumes": [
+          "application/x-www-form-urlencoded"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "parameters": [
+          {
+            "name": "email",
+            "in": "path",
+            "description": "email",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "responses": {
+          "405": {
+            "description": "Invalid input"
+          }
+        },
+        "security": [
+          {
+            "JWT": []
+          }
+        ]
+      }
+    },
     "/v1/users/{userId}": {
       "delete": {
         "tags": [