Merge pull request #48 from akhilome/ft-admin-get-orders-160870053

#160870053 Admin (caterer) that is logged in can see a list of all orders

server/controllers/orderController.js

@@ -2,8 +2,31 @@ import orders from '../db/orders';
 import pool from '../db/config';
 
 class OrderController {
-  static getAllOrders(req, res) {
-    res.status(200).json({ orders });
+  static async getAllOrders(req, res) {
+    try {
+      const dbQuery = 'SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id';
+      const allOrders = (await pool.query(dbQuery)).rows;
+
+      const userOrders = allOrders.map((order) => {
+        const formattedOrder = {
+          id: order.id,
+          author: order.name,
+          title: order.food_name,
+          date: order.date,
+          status: order.status,
+        };
+
+        return formattedOrder;
+      });
+
+      res.status(200).json({
+        status: 'success',
+        message: 'orders fetched successfully',
+        orders: userOrders,
+      });
+    } catch (error) {
+      res.status(500).json();
+    }
   }
 
   static getOrder(req, res) {

server/middleware/authHandler.js

@@ -46,7 +46,7 @@ class AuthHandler {
 
   static authorizeAdmin(req, res, next) {
     if (req.userStatus !== 'admin') {
-      return res.status(401).json({
+      return res.status(403).json({
         status: 'error',
         message: 'only admins can use this route',
       });

server/routes/ordersRouter.js

@@ -6,5 +6,6 @@ const router = new Router();
 
 router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
 router.post('/orders', AuthHandler.authorize, OrderController.newOrder);
+router.get('/orders', AuthHandler.authorize, AuthHandler.authorizeAdmin, OrderController.getAllOrders);
 
 export default router;

server/routes/routes.js

@@ -10,7 +10,6 @@ router.get('/', (req, res) => {
   });
 });
 
-router.get('/orders', OrderController.getAllOrders);
 router.get('/orders/:id', findOrder, OrderController.getOrder);
 router.put('/orders/:id', findOrder, OrderController.updateOrder);
 

tests/routes/orders.spec.js

@@ -142,3 +142,40 @@ describe('POST /orders', () => {
       });
   });
 });
+
+describe('GET /orders', () => {
+  before(async () => {
+    await emptyTablesPromise;
+    await Promise.all([populateUsersTablePromise, populateMenuTablePromise]);
+    await populateOrdersTablePromise;
+  });
+
+  const { admin, validUser } = seedData.users;
+  it('should get all user order if requester is admin', (done) => {
+    chai.request(app)
+      .get('/api/v1/orders')
+      .set('x-auth', generateValidToken(admin))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(200);
+        res.body.should.have.keys(['status', 'message', 'orders']);
+        res.body.orders.should.be.an('array');
+        done();
+        // TODO: make more assertions
+      });
+  });
+
+  it('should not get orders if user is not admin', (done) => {
+    chai.request(app)
+      .get('/api/v1/orders')
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(403);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+});

tests/routes/routes.spec.js

@@ -35,36 +35,6 @@ describe('GET /api/v1/', () => {
   });
 });
 
-describe('GET /api/v1/orders/', () => {
-  it('should respond with status 200', (done) => {
-    chai.request(app)
-      .get('/api/v1/orders/')
-      .end((err, res) => {
-        res.should.have.a.status(200);
-        done();
-      });
-  });
-
-  it('should return an object with an "orders" property which should be an array', (done) => {
-    chai.request(app)
-      .get('/api/v1/orders/')
-      .end((err, res) => {
-        res.body.should.be.an('object').which.has.a.property('orders');
-        res.body.orders.should.be.an('array');
-        done();
-      });
-  });
-
-  it('should respond with an object having an array with correct data', (done) => {
-    chai.request(app)
-      .get('/api/v1/orders/')
-      .end((err, res) => {
-        res.body.orders[res.body.orders.length - 1].should.have.all.keys(keys);
-        done();
-      });
-  });
-});
-
 describe('GET /api/v1/orders/<orderId>', () => {
   it('should respond with status 200 if order is found', (done) => {
     chai.request(app)