Merge pull request #50 from akhilome/ft-update-order-status-160870247

#160870247 Admin can update the status of an existing order
akhilome · Oct 3, 2018 · 2b35ba0 · 2b35ba0
2 parents c3a79e9 + 6d3128d
commit 2b35ba0
Show file tree

Hide file tree

Showing 17 changed files with 125 additions and 260 deletions.
diff --git a/package.json b/package.json
@@ -8,6 +8,7 @@
     "build": "babel ./server -d dist",
     "test": "export NODE_ENV=test && nyc --reporter=lcov mocha --recursive ./tests/* --require babel-register --exit",
     "cover": "nyc report --reporter=text-lcov | coveralls",
+    "coverage": "export NODE_ENV=test && nyc mocha --recursive ./tests/* --require babel-register --exit",
     "dev": "nodemon --exec babel-node ./server/index.js",
     "purge-db": "echo 'DROP DATABASE IF EXISTS fastfoodfast;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast;' | psql -U postgres",
     "setup-schema": "psql -U postgres fastfoodfast < ./server/db/schema.sql",

diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
@@ -1,28 +1,17 @@
-import orders from '../db/orders';
 import pool from '../db/config';
+import orderFormatter from '../middleware/formatter';
 
 class OrderController {
   static async getAllOrders(req, res) {
     try {
       const dbQuery = 'SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id';
       const allOrders = (await pool.query(dbQuery)).rows;
-
-      const userOrders = allOrders.map((order) => {
-        const formattedOrder = {
-          id: order.id,
-          author: order.name,
-          title: order.food_name,
-          date: order.date,
-          status: order.status,
-        };
-
-        return formattedOrder;
-      });
+      const formattedOrders = orderFormatter(allOrders);
 
       res.status(200).json({
         status: 'success',
         message: 'orders fetched successfully',
-        orders: userOrders,
+        orders: formattedOrders,
       });
     } catch (error) {
       res.status(500).json();
@@ -42,18 +31,8 @@ class OrderController {
     try {
       const allOrders = (await pool.query('SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id')).rows;
 
-      const targetOrder = allOrders
-        .map((foundOrder) => {
-          const formatted = {
-            id: foundOrder.id,
-            author: foundOrder.name,
-            title: foundOrder.food_name,
-            date: foundOrder.date,
-            status: foundOrder.status,
-          };
-          return formatted;
-        })
-        .find(order => order.id === Number(id));
+      const formattedOrders = orderFormatter(allOrders);
+      const targetOrder = formattedOrders.find(order => order.id === Number(id));
 
       if (!targetOrder) {
         return res.status(404).json({
@@ -124,27 +103,32 @@ class OrderController {
     }
   }
 
-  static updateOrder(req, res) {
-    const { orderIndex } = req;
-    const { status } = req.body;
+  static async updateOrder(req, res) {
+    const { id } = req.params;
 
-    if (orderIndex === -1) {
-      return res.status(404).json({
-        error: 'no such order exists',
+    if (!Number(id)) {
+      return res.status(400).json({
+        status: 'error',
+        message: 'invalid order id provided',
       });
     }
 
-    if (!status) {
-      return res.status(400).json({
-        error: 'no new status specified',
+    try {
+      const dbQuery = 'UPDATE orders SET status=$1 WHERE id=$2';
+      await pool.query(dbQuery, [req.status, Number(id)]);
+
+      const updatedOrders = (await pool.query('SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id')).rows;
+
+      const formattedOrders = orderFormatter(updatedOrders);
+      const targetOrder = formattedOrders.find(order => order.id === Number(id));
+      return res.status(200).json({
+        status: 'success',
+        message: 'order status updated successfully',
+        order: targetOrder,
       });
+    } catch (error) {
+      return res.status(500).json();
     }
-
-    orders[orderIndex].status = status;
-    return res.status(201).json({
-      message: 'order status updated successfully',
-      order: orders[orderIndex],
-    });
   }
 
   static async getAllUserOrders(req, res) {

diff --git a/server/db/config.js b/server/db/config.js
@@ -4,13 +4,7 @@ import { Pool } from 'pg';
 dotenv.config();
 
 const env = process.env.NODE_ENV || 'development';
-/* eslint-disable */
-let pool;
 
-if (env === 'test') {
-  pool = new Pool({ connectionString: process.env.TEST_DATABASE_URL });
-} else {
-  pool = new Pool({ connectionString: process.env.DATABASE_URL });
-}
+const pool = env === 'test' ? new Pool({ connectionString: process.env.TEST_DATABASE_URL }) : new Pool({ connectionString: process.env.DATABASE_URL });
 
 export default pool;
diff --git a/server/index.js b/server/index.js
@@ -1,7 +1,7 @@
 import express from 'express';
 import bodyParser from 'body-parser';
 import dotenv from 'dotenv';
-import router from './routes/routes';
+
 import authRouter from './routes/authRouter';
 import ordersRouter from './routes/ordersRouter';
 import menuRouter from './routes/menuRouter';
@@ -18,8 +18,6 @@ app.get('/', (req, res) => {
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 
-app.use('/api/v1', router);
-
 // Orders routes
 app.use('/api/v1', ordersRouter);
 

diff --git a/server/middleware/findSingleOrder.js b/server/middleware/findSingleOrder.js
diff --git a/server/middleware/formatter.js b/server/middleware/formatter.js
@@ -0,0 +1,16 @@
+const formatOrders = (orders) => {
+  const formattedOrder = orders.map((foundOrder) => {
+    const formatted = {
+      id: foundOrder.id,
+      author: foundOrder.name,
+      title: foundOrder.food_name,
+      date: foundOrder.date,
+      status: foundOrder.status,
+    };
+    return formatted;
+  });
+
+  return formattedOrder;
+};
+
+export default formatOrders;
diff --git a/server/middleware/sanitizer.js b/server/middleware/sanitizer.js
@@ -60,6 +60,25 @@ class Sanitize {
     req.password = password.trim();
     return next();
   }
+
+  static updateStatus(req, res, next) {
+    const { status } = req.body;
+
+    if (
+      status !== 'complete'
+      && status !== 'processing'
+      && status !== 'cancelled'
+    ) {
+      return res.status(400).json({
+        status: 'error',
+        message: 'incorrect status type provided',
+      });
+    }
+
+    req.status = status;
+
+    return next();
+  }
 }
 
 export default Sanitize;
diff --git a/server/models/Order.js b/server/models/Order.js
diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js
@@ -1,12 +1,27 @@
 import { Router } from 'express';
 import AuthHandler from '../middleware/authHandler';
 import OrderController from '../controllers/orderController';
+import Sanitize from '../middleware/sanitizer';
 
 const router = new Router();
 
 router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
 router.post('/orders', AuthHandler.authorize, OrderController.newOrder);
 router.get('/orders', AuthHandler.authorize, AuthHandler.authorizeAdmin, OrderController.getAllOrders);
-router.get('/orders/:id', AuthHandler.authorize, AuthHandler.authorizeAdmin, OrderController.getOrder);
+
+router.get(
+  '/orders/:id',
+  AuthHandler.authorize,
+  AuthHandler.authorizeAdmin,
+  OrderController.getOrder,
+);
+
+router.put(
+  '/orders/:id',
+  AuthHandler.authorize,
+  AuthHandler.authorizeAdmin,
+  Sanitize.updateStatus,
+  OrderController.updateOrder,
+);
 
 export default router;
diff --git a/server/routes/routes.js b/server/routes/routes.js
diff --git a/server/utils/date.js b/server/utils/date.js
diff --git a/server/utils/padding.js b/server/utils/padding.js
diff --git a/tests/models/Order.spec.js b/tests/models/Order.spec.js
diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
@@ -226,3 +226,49 @@ describe('GET /orders/:id', () => {
 
   // TODO: test for successfully fetched order
 });
+
+describe('PUT /orders/:id', () => {
+  it('should not allow non admin users update order status', (done) => {
+    chai.request(app)
+      .put('/api/v1/orders/1')
+      .set('x-auth', generateValidToken(seedData.users.validUser))
+      .send({ status: 'complete' })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(403);
+        done();
+      });
+  });
+
+  it('should return a 400 if invalid order id is provided', (done) => {
+    chai.request(app)
+      .put('/api/v1/orders/invalidstuff')
+      .set('x-auth', generateValidToken(seedData.users.admin))
+      .send({ status: 'complete' })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+
+  it('should not allow any text to be set as status', (done) => {
+    chai.request(app)
+      .put('/api/v1/orders/1')
+      .set('x-auth', generateValidToken(seedData.users.admin))
+      .send({ status: 'this is wrong' })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.status.should.eql('error');
+        res.body.message.should.eql('incorrect status type provided');
+        done();
+      });
+  });
+
+  // TODO: test for successfully updated order
+});