Merge pull request #47 from akhilome/ft-auth-new-order-160819984

#160819984 Customer with authorization can place new food orders
akhilome · Oct 2, 2018 · 6ceb6f4 · 6ceb6f4
2 parents 322b557 + f787207
commit 6ceb6f4
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 39 deletions.
diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
@@ -1,5 +1,4 @@
 import orders from '../db/orders';
-import Order from '../models/Order';
 import pool from '../db/config';
 
 class OrderController {
@@ -19,20 +18,56 @@ class OrderController {
     return res.status(200).json(order);
   }
 
-  static newOrder(req, res) {
-    const { author, title } = req.body;
-    if (!author || !title) {
+  static async newOrder(req, res) {
+    const { foodId } = req.body;
+    if (!foodId) {
       return res.status(400).json({
-        error: 'incomplete data',
+        status: 'error',
+        message: 'incomplete data',
       });
     }
 
-    const order = new Order(orders.length + 1, author, title);
-    orders.push(order);
-    return res.status(201).json({
-      message: 'order placed',
-      order,
-    });
+    if (typeof foodId !== 'number') {
+      return res.status(400).json({
+        status: 'error',
+        message: 'invalid data provided',
+      });
+    }
+    try {
+      const foodExists = (await pool.query('SELECT * FROM menu WHERE id=$1', [foodId])).rowCount;
+
+      if (!foodExists) {
+        return res.status(400).json({
+          status: 'error',
+          message: 'no such food exists',
+        });
+      }
+    } catch (error) {
+      res.status(500).json();
+    }
+
+    const dbInsertQuery = 'INSERT INTO orders(item, author) VALUES($1, $2)';
+    const dbSelectQuery = 'SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id';
+
+    try {
+      await pool.query(dbInsertQuery, [foodId, req.userId]);
+      const allOrders = (await pool.query(dbSelectQuery));
+      const newOrder = allOrders.rows[allOrders.rowCount - 1];
+
+      return res.status(201).json({
+        status: 'success',
+        message: 'new order placed successfully',
+        order: {
+          id: newOrder.id,
+          author: newOrder.name,
+          title: newOrder.food_name,
+          date: newOrder.date,
+          status: newOrder.status,
+        },
+      });
+    } catch (error) {
+      return res.status(500).json();
+    }
   }
 
   static updateOrder(req, res) {

diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js
@@ -5,5 +5,6 @@ import OrderController from '../controllers/orderController';
 const router = new Router();
 
 router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
+router.post('/orders', AuthHandler.authorize, OrderController.newOrder);
 
 export default router;
diff --git a/server/routes/routes.js b/server/routes/routes.js
@@ -12,7 +12,6 @@ router.get('/', (req, res) => {
 
 router.get('/orders', OrderController.getAllOrders);
 router.get('/orders/:id', findOrder, OrderController.getOrder);
-router.post('/orders', OrderController.newOrder);
 router.put('/orders/:id', findOrder, OrderController.updateOrder);
 
 export default router;
diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
@@ -98,3 +98,47 @@ describe('GET /users/<userId>/orders', () => {
       });
   });
 });
+
+describe('POST /orders', () => {
+  beforeEach(async () => {
+    await emptyTablesPromise;
+    await populateMenuTablePromise;
+    await populateUsersTablePromise;
+  });
+
+  const { validUser } = seedData.users;
+  const validFoodId = Math.ceil(seedData.menu.length * Math.random());
+  const invalidFoodId = validFoodId * 2;
+
+  // TODO: test for successful order creation
+
+  it('should not place order if provided food id doesn\'t exist', (done) => {
+    chai.request(app)
+      .post('/api/v1/orders')
+      .set('x-auth', generateValidToken(validUser))
+      .send({ foodId: invalidFoodId })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.should.not.have.keys(['order']);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+
+  it('should respond with an error on provision of invalid data types', (done) => {
+    chai.request(app)
+      .post('/api/v1/orders')
+      .set('x-auth', generateValidToken(validUser))
+      .send({ foodId: 'something weird', authorId: '??' })
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.should.not.have.keys(['order']);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+});
diff --git a/tests/routes/routes.spec.js b/tests/routes/routes.spec.js
@@ -95,33 +95,6 @@ describe('GET /api/v1/orders/<orderId>', () => {
   });
 });
 
-describe('POST /api/v1/orders', () => {
-  const completeData = { author: 'Kizito', title: 'Turkey' };
-  const incompleteData = { author: 'Kizito' };
-
-  it('should return a 400 error and a message if data is incomplete', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .send(incompleteData)
-      .end((err, res) => {
-        res.should.have.status(400);
-        res.body.should.be.an('object').which.has.a.property('error');
-        done();
-      });
-  });
-
-  it('should add the order to the database and respond with 201 if data is complete', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .send(completeData)
-      .end((err, res) => {
-        res.should.have.status(201);
-        res.body.should.be.an('object').which.has.a.property('message');
-        done();
-      });
-  });
-});
-
 describe('PUT /api/v1/orders/<orderId>', () => {
   it('should respond with an error if no status is provided', (done) => {
     chai.request(app)