feat(new-order): implement route to handle new order requests

- modify POST /orders to make use of authentication [Finishes #160819984]
akhilome · Oct 2, 2018 · f787207 · f787207
1 parent 53df59e
commit f787207
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 71 deletions.
diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
@@ -1,5 +1,4 @@
 import orders from '../db/orders';
-import Order from '../models/Order';
 import pool from '../db/config';
 
 class OrderController {
@@ -19,20 +18,56 @@ class OrderController {
     return res.status(200).json(order);
   }
 
-  static newOrder(req, res) {
-    const { author, title } = req.body;
-    if (!author || !title) {
+  static async newOrder(req, res) {
+    const { foodId } = req.body;
+    if (!foodId) {
       return res.status(400).json({
-        error: 'incomplete data',
+        status: 'error',
+        message: 'incomplete data',
       });
     }
 
-    const order = new Order(orders.length + 1, author, title);
-    orders.push(order);
-    return res.status(201).json({
-      message: 'order placed',
-      order,
-    });
+    if (typeof foodId !== 'number') {
+      return res.status(400).json({
+        status: 'error',
+        message: 'invalid data provided',
+      });
+    }
+    try {
+      const foodExists = (await pool.query('SELECT * FROM menu WHERE id=$1', [foodId])).rowCount;
+
+      if (!foodExists) {
+        return res.status(400).json({
+          status: 'error',
+          message: 'no such food exists',
+        });
+      }
+    } catch (error) {
+      res.status(500).json();
+    }
+
+    const dbInsertQuery = 'INSERT INTO orders(item, author) VALUES($1, $2)';
+    const dbSelectQuery = 'SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id';
+
+    try {
+      await pool.query(dbInsertQuery, [foodId, req.userId]);
+      const allOrders = (await pool.query(dbSelectQuery));
+      const newOrder = allOrders.rows[allOrders.rowCount - 1];
+
+      return res.status(201).json({
+        status: 'success',
+        message: 'new order placed successfully',
+        order: {
+          id: newOrder.id,
+          author: newOrder.name,
+          title: newOrder.food_name,
+          date: newOrder.date,
+          status: newOrder.status,
+        },
+      });
+    } catch (error) {
+      return res.status(500).json();
+    }
   }
 
   static updateOrder(req, res) {

diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js
@@ -5,5 +5,6 @@ import OrderController from '../controllers/orderController';
 const router = new Router();
 
 router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
+router.post('/orders', AuthHandler.authorize, OrderController.newOrder);
 
 export default router;
diff --git a/server/routes/routes.js b/server/routes/routes.js
@@ -12,7 +12,6 @@ router.get('/', (req, res) => {
 
 router.get('/orders', OrderController.getAllOrders);
 router.get('/orders/:id', findOrder, OrderController.getOrder);
-router.post('/orders', OrderController.newOrder);
 router.put('/orders/:id', findOrder, OrderController.updateOrder);
 
 export default router;
diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
@@ -106,32 +106,17 @@ describe('POST /orders', () => {
     await populateUsersTablePromise;
   });
 
-  const { validUser, validUserTwo } = seedData.users;
+  const { validUser } = seedData.users;
   const validFoodId = Math.ceil(seedData.menu.length * Math.random());
   const invalidFoodId = validFoodId * 2;
 
-  it('should successfully place new order on provision of valid data', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .set('x-auth', generateValidToken(validUserTwo))
-      .send({ foodId: validFoodId, authorId: validUserTwo.id })
-      .end((err, res) => {
-        if (err) done(err);
-
-        res.status.should.eql(201);
-        res.body.should.have.all.keys(['status', 'success', 'order']);
-        res.body.order.should.be.an('object').which.has.all.keys(['id', 'author', 'title', 'date', 'status']);
-        res.body.order.food.should.eql(seedData.menu[validFoodId].name);
-        res.body.order.author.should.eql(validUserTwo.name);
-        done();
-      });
-  });
+  // TODO: test for successful order creation
 
   it('should not place order if provided food id doesn\'t exist', (done) => {
     chai.request(app)
       .post('/api/v1/orders')
       .set('x-auth', generateValidToken(validUser))
-      .send({ foodId: invalidFoodId, authorId: validUser.id })
+      .send({ foodId: invalidFoodId })
       .end((err, res) => {
         if (err) done(err);
 
@@ -142,20 +127,6 @@ describe('POST /orders', () => {
       });
   });
 
-  it('should not place orders on behalf of other users', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .set('x-auth', generateValidToken(validUserTwo))
-      .send({ foodId: validFoodId, authorId: validUser.id })
-      .end((err, res) => {
-        if (err) done(err);
-
-        res.status.should.eql(403);
-        res.body.should.not.have.keys(['order']);
-        done();
-      });
-  });
-
   it('should respond with an error on provision of invalid data types', (done) => {
     chai.request(app)
       .post('/api/v1/orders')

diff --git a/tests/routes/routes.spec.js b/tests/routes/routes.spec.js
@@ -95,33 +95,6 @@ describe('GET /api/v1/orders/<orderId>', () => {
   });
 });
 
-describe('POST /api/v1/orders', () => {
-  const completeData = { author: 'Kizito', title: 'Turkey' };
-  const incompleteData = { author: 'Kizito' };
-
-  it('should return a 400 error and a message if data is incomplete', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .send(incompleteData)
-      .end((err, res) => {
-        res.should.have.status(400);
-        res.body.should.be.an('object').which.has.a.property('error');
-        done();
-      });
-  });
-
-  it('should add the order to the database and respond with 201 if data is complete', (done) => {
-    chai.request(app)
-      .post('/api/v1/orders')
-      .send(completeData)
-      .end((err, res) => {
-        res.should.have.status(201);
-        res.body.should.be.an('object').which.has.a.property('message');
-        done();
-      });
-  });
-});
-
 describe('PUT /api/v1/orders/<orderId>', () => {
   it('should respond with an error if no status is provided', (done) => {
     chai.request(app)