diff --git a/server/v1/controllers/createAccount.js b/server/v1/controllers/createAccount.js index 179e238..a48ffcb 100644 --- a/server/v1/controllers/createAccount.js +++ b/server/v1/controllers/createAccount.js @@ -22,6 +22,17 @@ const CreateAccountController = { }).status(201); }, + // specific account + async specificAccounts(req, res) { + const { accountNumber } = req.params; + const specificAccounts = await CreateAccountService + .specificAccounts(accountNumber); + return res.json({ + status: 'success', + data: specificAccounts, + }).status(201); + }, + // get transaction history async allAccountTransaction(req, res) { const { accountNumber } = req.params; diff --git a/server/v1/controllers/users.js b/server/v1/controllers/users.js index 9c7a878..98d0dbd 100644 --- a/server/v1/controllers/users.js +++ b/server/v1/controllers/users.js @@ -1,17 +1,26 @@ import UserService from '../services/users'; const UsersController = { - getAllUsers(req, res) { - const allUsers = UserService.getAllUsers(req.authorizedData); + async getAllUsers(req, res) { + const allUsers = await UserService.getAllUsers(req.authorizedData); return res.json({ status: 'success', data: allUsers, }).status(201); }, - deleteUser(req, res) { + async getUsersAccounts(req, res) { + const { email } = req.params; + const getUsersAccounts = await UserService.getUsersAccounts(email); + return res.json({ + status: 'success', + data: getUsersAccounts, + }).status(201); + }, + + async deleteUser(req, res) { const { id } = req.params; - const deleteUser = UserService.deleteUser(id, req.authorizedData); + const deleteUser = await UserService.deleteUser(id, req.authorizedData); return res.json({ status: 'success', data: deleteUser, diff --git a/server/v1/routes/createAccount.js b/server/v1/routes/createAccount.js index 53b0d74..9baac62 100644 --- a/server/v1/routes/createAccount.js +++ b/server/v1/routes/createAccount.js @@ -6,6 +6,7 @@ const router = express.Router(); // creating our routes router.get('/', jwtMiddleware.verifyJwt, CreateAccountController.allAccounts); +router.get('/:accountNumber', jwtMiddleware.verifyJwt, CreateAccountController.specificAccounts); router.get('/:accountNumber/transactions', jwtMiddleware.verifyJwt, CreateAccountController.allAccountTransaction); router.post('/', jwtMiddleware.verifyJwt, CreateAccountController.createAccount); router.patch('/:accountNumber', jwtMiddleware.verifyJwt, CreateAccountController.patchAccount); diff --git a/server/v1/routes/users.js b/server/v1/routes/users.js index f396f7f..69d30cc 100644 --- a/server/v1/routes/users.js +++ b/server/v1/routes/users.js @@ -6,6 +6,7 @@ const router = express.Router(); // creating our routes router.get('/', jwtMiddleware.verifyJwt, UsersController.getAllUsers); +router.get('/:email/accounts', jwtMiddleware.verifyJwt, UsersController.getUsersAccounts); router.delete('/:id', jwtMiddleware.verifyJwt, UsersController.deleteUser); export default router; diff --git a/server/v1/services/createAccount.js b/server/v1/services/createAccount.js index 35503d9..6cba5ae 100644 --- a/server/v1/services/createAccount.js +++ b/server/v1/services/createAccount.js @@ -55,6 +55,15 @@ const CreateAccountService = { return 'no account found'; }, + async specificAccounts(accountNumber) { + const userAccount = await dbConnection + .dbConnect('SELECT * from accounts WHERE accountnumber=$1', [accountNumber]); + if (userAccount.rows.length > 0) { + return userAccount.rows[0]; + } + return 'no transaction found'; + }, + async allAccountTransaction(accountNumber) { const userTransaction = await dbConnection .dbConnect('SELECT * from transactions WHERE accountnumber=$1', [accountNumber]); diff --git a/server/v1/services/users.js b/server/v1/services/users.js index 0280c13..ee72cce 100644 --- a/server/v1/services/users.js +++ b/server/v1/services/users.js @@ -1,34 +1,49 @@ -import dummyUsers from '../../dummyJson/users'; - -const { users } = dummyUsers; +import dbConnection from '../config/database'; const UsersServices = { - getAllUsers(staff) { - if (staff.loggedUser.type === 'staff' || staff.loggedUser.isAdmin === true) { - return users.map((user) => { - return user; - }); + async getAllUsers(staff) { + // check the users table + const userDetails = await dbConnection + .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', [staff.email]); + const { type, isadmin } = userDetails.rows[0]; + + if (type === 'staff' || isadmin === true) { + const allAccounts = await dbConnection + .dbConnect('SELECT * from users'); + return allAccounts.rows; } return 'You don\'t have permission to view this page'; }, - deleteUser(id, staff) { - let deleteMsg; - if (staff.loggedUser.type === 'staff') { - const User = users.find(user => user.id == id && user.type != 'staff'); - if (typeof User === 'undefined') { - deleteMsg = 'Sorry you can not delete a staff'; + async getUsersAccounts(email) { + const allAccounts = await dbConnection + .dbConnect('SELECT email from users WHERE email=$1', [email]); + if (allAccounts.rows.length > 0) { + const accountDbData = await dbConnection + .dbConnect('SELECT * from accounts WHERE email=$1', [email]); + return accountDbData.rows; + } + return 'no account found'; + }, + + async deleteUser(id, staff) { + // check the users table + const userDetails = await dbConnection + .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', [staff.email]); + const { type, isadmin } = userDetails.rows[0]; + + if (type === 'staff' || isadmin === true) { + const checkusers = await dbConnection + .dbConnect('SELECT id FROM users WHERE id=$1', [id]); + if (checkusers.rows.length > 0) { + const accountDbData = await dbConnection + .dbConnect('DELETE FROM users WHERE id=$1', [id]); + if (accountDbData.command === 'DELETE') return 'Account successfully deleted'; } else { - users.splice(User.id - 1, 1); - deleteMsg = 'deleted'; + return 'no account found'; } - } else if (staff.loggedUser.isAdmin === true) { - const User = users.find(user => user.id == id); - users.splice(User.id - 1, 1); - } else { - deleteMsg = 'You don\'t have permission to do this task'; } - return deleteMsg; + return 'You don\'t have permission to view this page'; }, }; diff --git a/server/v1/test/users.js b/server/v1/test/users.js index d16ebb3..200befc 100644 --- a/server/v1/test/users.js +++ b/server/v1/test/users.js @@ -1,121 +1,85 @@ -// /* eslint-disable no-undef */ -// import chaiHttp from 'chai-http'; -// import chai, { expect } from 'chai'; +/* eslint-disable no-undef */ +import chaiHttp from 'chai-http'; +import chai, { expect } from 'chai'; +import dbConnection from '../config/database'; -// import app from '../app'; +import app from '../app'; -// chai.use(chaiHttp); +chai.use(chaiHttp); -// describe('Testing All Users Controller', () => { -// describe('Testing all accounts controller', () => { -// it( -// 'users should have all required details', -// (done) => { -// const signinUrl = '/api/auth/signin'; -// chai.request(app) -// .post(signinUrl) -// .send({ -// email: 'banka3@banka.com', -// password: 'passworD3@', -// }) -// .end((error, response) => { -// const { token } = response.body.data; -// chai.request(app) -// .get('/api/v1/users') -// .set('Authorization', `Bearer ${token}`) -// .send() -// .end((err, res) => { -// expect(res.body).to.be.an('object'); -// expect(res.body.status).to.equal('success'); -// expect(res.body.data[0]).to.have.property('id'); -// expect(res.body.data[0]).to.have.property('firstName'); -// expect(res.body.data[0]).to.have.property('lastName'); -// expect(res.body.data[0]).to.have.property('email'); -// expect(res.body.data[0]).to.have.property('password'); -// expect(res.body.data[0]).to.have.property('type'); -// expect(res.body.data[0]).to.have.property('isAdmin'); -// }); -// done(); -// }); -// }, -// ); +describe('Testing All Users Controller', () => { + before(async () => { + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', ['staff@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', false]); + }); + describe('Testing all accounts controller', () => { + it( + 'users should have all required details', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data[0]; + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('firstname'); + expect(res.body.data[0]).to.have.property('lastname'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('password'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('isadmin'); + }, + ); -// it( -// 'only staffs and admin can view all users', -// (done) => { -// const signinUrl = '/api/auth/signin'; -// chai.request(app) -// .post(signinUrl) -// .send({ -// email: 'banka@banka.com', -// password: 'passworD1@', -// }) -// .end((error, response) => { -// const { token } = response.body.data; -// chai.request(app) -// .get('/api/v1/users') -// .set('Authorization', `Bearer ${token}`) -// .send() -// .end((err, res) => { -// expect(res.body).to.be.an('object'); -// expect(res.body.status).to.equal('success'); -// expect(res.body.data).to.equal('You don\'t have permission to view this page'); -// }); -// done(); -// }); -// }, -// ); + it( + 'should not see all users if not admin or staff', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data[0]; + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('You don\'t have permission to view this page'); + }, + ); -// it( -// 'only staffs and admin can delete users', -// (done) => { -// const signinUrl = '/api/auth/signin'; -// chai.request(app) -// .post(signinUrl) -// .send({ -// email: 'banka@banka.com', -// password: 'passworD1@', -// }) -// .end((error, response) => { -// const { token } = response.body.data; -// chai.request(app) -// .delete('/api/v1/users/1') -// .set('Authorization', `Bearer ${token}`) -// .send() -// .end((err, res) => { -// expect(res.body).to.be.an('object'); -// expect(res.body.status).to.equal('success'); -// expect(res.body.data).to.equal('You don\'t have permission to do this task'); -// }); -// done(); -// }); -// }, -// ); - -// it( -// 'only admin can delete staffs', -// (done) => { -// const signinUrl = '/api/auth/signin'; -// chai.request(app) -// .post(signinUrl) -// .send({ -// email: 'banka2@banka.com', -// password: 'passworD2@', -// }) -// .end((error, response) => { -// const { token } = response.body.data; -// chai.request(app) -// .delete('/api/v1/users/2') -// .set('Authorization', `Bearer ${token}`) -// .send() -// .end((err, res) => { -// expect(res.body).to.be.an('object'); -// expect(res.body.status).to.equal('success'); -// expect(res.body.data).to.equal('Sorry you can not delete a staff'); -// }); -// done(); -// }); -// }, -// ); -// }); -// }); + it( + 'only staffs and admin can delete users', + async () => { + const signinUrl = '/api/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { id, token } = response.body.data[0]; + const res = await chai.request(app) + .delete(`/api/v1/users/${id}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('You don\'t have permission to view this page'); + }, + ); + }); +});