diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js index e535709..e81e90e 100644 --- a/server/controllers/orderController.js +++ b/server/controllers/orderController.js @@ -2,8 +2,31 @@ import orders from '../db/orders'; import pool from '../db/config'; class OrderController { - static getAllOrders(req, res) { - res.status(200).json({ orders }); + static async getAllOrders(req, res) { + try { + const dbQuery = 'SELECT orders.id, menu.food_name, users.name, orders.date, orders.status FROM orders JOIN menu ON orders.item = menu.id JOIN users ON orders.author = users.id'; + const allOrders = (await pool.query(dbQuery)).rows; + + const userOrders = allOrders.map((order) => { + const formattedOrder = { + id: order.id, + author: order.name, + title: order.food_name, + date: order.date, + status: order.status, + }; + + return formattedOrder; + }); + + res.status(200).json({ + status: 'success', + message: 'orders fetched successfully', + orders: userOrders, + }); + } catch (error) { + res.status(500).json(); + } } static getOrder(req, res) { diff --git a/server/middleware/authHandler.js b/server/middleware/authHandler.js index cd6ad0c..30347c0 100644 --- a/server/middleware/authHandler.js +++ b/server/middleware/authHandler.js @@ -46,7 +46,7 @@ class AuthHandler { static authorizeAdmin(req, res, next) { if (req.userStatus !== 'admin') { - return res.status(401).json({ + return res.status(403).json({ status: 'error', message: 'only admins can use this route', }); diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js index d466dca..26017f1 100644 --- a/server/routes/ordersRouter.js +++ b/server/routes/ordersRouter.js @@ -6,5 +6,6 @@ const router = new Router(); router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders); router.post('/orders', AuthHandler.authorize, OrderController.newOrder); +router.get('/orders', AuthHandler.authorize, AuthHandler.authorizeAdmin, OrderController.getAllOrders); export default router; diff --git a/server/routes/routes.js b/server/routes/routes.js index 1161841..ee15c1e 100644 --- a/server/routes/routes.js +++ b/server/routes/routes.js @@ -10,7 +10,6 @@ router.get('/', (req, res) => { }); }); -router.get('/orders', OrderController.getAllOrders); router.get('/orders/:id', findOrder, OrderController.getOrder); router.put('/orders/:id', findOrder, OrderController.updateOrder); diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js index 1b49c65..e56e1d0 100644 --- a/tests/routes/orders.spec.js +++ b/tests/routes/orders.spec.js @@ -142,3 +142,40 @@ describe('POST /orders', () => { }); }); }); + +describe('GET /orders', () => { + before(async () => { + await emptyTablesPromise; + await Promise.all([populateUsersTablePromise, populateMenuTablePromise]); + await populateOrdersTablePromise; + }); + + const { admin, validUser } = seedData.users; + it('should get all user order if requester is admin', (done) => { + chai.request(app) + .get('/api/v1/orders') + .set('x-auth', generateValidToken(admin)) + .end((err, res) => { + if (err) done(err); + + res.status.should.eql(200); + res.body.should.have.keys(['status', 'message', 'orders']); + res.body.orders.should.be.an('array'); + done(); + // TODO: make more assertions + }); + }); + + it('should not get orders if user is not admin', (done) => { + chai.request(app) + .get('/api/v1/orders') + .set('x-auth', generateValidToken(validUser)) + .end((err, res) => { + if (err) done(err); + + res.status.should.eql(403); + res.body.status.should.eql('error'); + done(); + }); + }); +}); diff --git a/tests/routes/routes.spec.js b/tests/routes/routes.spec.js index 7389aa4..844f190 100644 --- a/tests/routes/routes.spec.js +++ b/tests/routes/routes.spec.js @@ -35,36 +35,6 @@ describe('GET /api/v1/', () => { }); }); -describe('GET /api/v1/orders/', () => { - it('should respond with status 200', (done) => { - chai.request(app) - .get('/api/v1/orders/') - .end((err, res) => { - res.should.have.a.status(200); - done(); - }); - }); - - it('should return an object with an "orders" property which should be an array', (done) => { - chai.request(app) - .get('/api/v1/orders/') - .end((err, res) => { - res.body.should.be.an('object').which.has.a.property('orders'); - res.body.orders.should.be.an('array'); - done(); - }); - }); - - it('should respond with an object having an array with correct data', (done) => { - chai.request(app) - .get('/api/v1/orders/') - .end((err, res) => { - res.body.orders[res.body.orders.length - 1].should.have.all.keys(keys); - done(); - }); - }); -}); - describe('GET /api/v1/orders/', () => { it('should respond with status 200 if order is found', (done) => { chai.request(app)