Merge pull request #17 from andela/ft-admin-create-user-166816124

#166816124 Super admins can create users
andela · Jul 8, 2019 · 3a9ef89 · 3a9ef89
2 parents eb8ebbf + 952feb6
commit 3a9ef89
Show file tree

Hide file tree

Showing 14 changed files with 669 additions and 37 deletions.
diff --git a/package.json b/package.json
@@ -34,6 +34,7 @@
     "faker": "^4.1.0",
     "friendly-mail": "^1.0.0",
     "jsonwebtoken": "^8.5.1",
+    "lint-staged": "^9.0.2",
     "mocha": "^6.1.4",
     "morgan": "^1.9.1",
     "pg": "^7.11.0",
@@ -45,13 +46,25 @@
     "sinon-chai": "^3.3.0",
     "swagger-ui-express": "^4.0.6"
   },
+  "husky": {
+    "hooks": {
+      "pre-commit": "lint-staged"
+    }
+  },
+  "lint-staged": {
+    "*.js": [
+      "prettier --config .prettierrc --write",
+      "git add"
+    ]
+  },
   "devDependencies": {
     "coveralls": "^3.0.4",
     "eslint": "^6.0.0",
     "eslint-config-airbnb-base": "^13.1.0",
     "eslint-config-prettier": "^5.0.0",
     "eslint-plugin-import": "^2.17.3",
     "eslint-plugin-prettier": "^3.1.0",
+    "husky": "^3.0.0",
     "mocha-lcov-reporter": "^1.3.0",
     "nodemon": "^1.19.1",
     "nyc": "^14.1.1",

diff --git a/src/controllers/user.controller.js b/src/controllers/user.controller.js
@@ -1,4 +1,10 @@
-import { getAllUsersService } from '../services/user.services';
+import {
+  getAllUsersService,
+  adminCreateUserService,
+  adminDeleteUserService,
+  adminUpdateUserService
+} from '../services/user.service';
+import { isUserExist } from '../services/auth.service';
 import Helper from '../services/helper';
 
 /**
@@ -20,5 +26,86 @@ const getUsers = async (request, response) => {
     return Helper.failResponse(response, 400, error);
   }
 };
+/**
+ * @method adminCreateUser
+ * - super admin creates a new admin
+ * - validate user input
+ * - returns user data with a generated token
+ * Route: POST: /users/signup
+ *
+ * @param {Object} request request object
+ * @param {Object} response response object
+ *
+ * @returns {Response} response object
+ */
+
+const adminCreateUser = async (request, response) => {
+  try {
+    const result = await isUserExist(request.body.email.toLowerCase());
+    if (result) {
+      return Helper.failResponse(response, 409, 'user already exists');
+    }
+
+    const value = await adminCreateUserService(request.body);
+    return Helper.successResponse(response, 201, value.user);
+  } catch (error) {
+    return Helper.errorResponse(response, 500);
+  }
+};
+
+/**
+ * @method adminUpdateUser
+ * -  admin update profile
+ * - validate user input
+ * - returns user data
+ * Route: POST: /users/signup
+ *
+ * @param {Object} request request object
+ * @param {Object} response response object
+ *
+ * @returns {Response} response object
+ */
+
+const adminUpdateUser = async (request, response, next) => {
+  try {
+    const { userId } = request.params;
+    const userDetails = request.body;
+    const updateUser = await adminUpdateUserService(userId, userDetails);
+
+    if (!updateUser) {
+      return Helper.failResponse(response, 400, 'User not found');
+    }
+    return Helper.successResponse(response, 200, updateUser);
+  } catch (error) {
+    next(error);
+  }
+};
+
+/**
+ * @method adminUpdateUser
+ * -  admin update profile
+ * - validate user input
+ * - returns user data
+ * Route: POST: /users/signup
+ *
+ * @param {Object} request request object
+ * @param {Object} response response object
+ *
+ * @returns {Response} response object
+ */
+
+const adminDeleteUser = async (request, response) => {
+  try {
+    const { userId } = request.params;
+    const value = await adminDeleteUserService(parseInt(userId, Number));
+
+    if (!value) {
+      return Helper.failResponse(response, 400, 'User not found');
+    }
+    return Helper.successResponse(response, 200, value);
+  } catch (error) {
+    return Helper.errorResponse(response, 500);
+  }
+};
 
-export default { getUsers };
+export default { getUsers, adminCreateUser, adminUpdateUser, adminDeleteUser };
diff --git a/src/db/models/user.js b/src/db/models/user.js
@@ -5,18 +5,36 @@ export default (sequelize, DataTypes) => {
       allowNull: {
         args: false,
         msg: 'Please enter your First Name'
+      },
+      validate: {
+        isAlpha: {
+          args: true,
+          msg: 'Please enter a valid character'
+        }
       }
     },
     lastName: {
       type: DataTypes.STRING,
       allowNull: {
         args: false,
         msg: 'Please enter your Last Name'
+      },
+      validate: {
+        isAlpha: {
+          args: true,
+          msg: 'Please enter a valid character'
+        }
       }
     },
     userName: {
       type: DataTypes.STRING,
-      allowNull: true
+      allowNull: true,
+      validate: {
+        isAlphanumeric: {
+          args: true,
+          msg: 'Please enter a valid character'
+        }
+      }
     },
     email: {
       type: DataTypes.STRING,

diff --git a/src/middlewares/auth.middleware.js b/src/middlewares/auth.middleware.js
@@ -96,7 +96,7 @@ export default {
    */
 
   async isAdmin(request, response, next) {
-    if (request.user.role !== 'admin') {
+    if (request.user.roleType !== 'admin') {
       return response.status(403).json({
         message: 'You do not have access to this resource, unauthorized'
       });
@@ -117,11 +117,38 @@ export default {
    */
 
   async isSuperAdmin(request, response, next) {
-    if (request.user.role !== 'super_admin') {
+    if (request.user.roleType !== 'super_admin') {
       return response.status(403).json({
         message: 'You do not have access to this resource, unauthorized'
       });
     }
     next();
+  },
+
+  /**
+   * @method isSuperAdmin
+   * - it checks if user is a super_admin
+   * - returns next()
+   *
+   * @param {Object} request request object
+   * @param {Object} response response object
+   * @param {Function} next function
+   *
+   * @returns {Response} response object
+   */
+
+  async adminCheck(request, response, next) {
+    if (
+      !(
+        request.user.roleType === 'super_admin' ||
+        request.user.roleType === 'admin'
+      )
+    ) {
+      return response.status(403).json({
+        status: 403,
+        message: 'You do not have access to this resource, unauthorized'
+      });
+    }
+    next();
   }
 };
diff --git a/src/routes/v1/index.js b/src/routes/v1/index.js
@@ -1,5 +1,5 @@
 import auth from './auth.route';
-import users from './user.routes';
+import users from './user.route';
 
 export default app => {
   app.use('/api/v1/users', auth);

diff --git a/src/routes/v1/user.route.js b/src/routes/v1/user.route.js
@@ -0,0 +1,45 @@
+import express from 'express';
+import authenticationValidator from '../../validators/user.validator';
+import userController from '../../controllers/user.controller';
+import authorization from '../../middlewares/auth.middleware';
+
+const { validator, checkValidationResult } = authenticationValidator;
+const {
+  getUsers,
+  adminCreateUser,
+  adminUpdateUser,
+  adminDeleteUser
+} = userController;
+
+const { adminCheck, verifyToken, isSuperAdmin } = authorization;
+
+const router = express.Router();
+
+router
+  .get('/', verifyToken, getUsers)
+  .post(
+    '/create_admin',
+    verifyToken,
+    isSuperAdmin,
+    validator('signup'),
+    validator('role'),
+    checkValidationResult,
+    adminCreateUser
+  )
+  .put(
+    '/update/:userId',
+    verifyToken,
+    adminCheck,
+    validator('userId'),
+    checkValidationResult,
+    adminUpdateUser
+  )
+  .delete(
+    '/:userId',
+    verifyToken,
+    adminCheck,
+    validator('userId'),
+    checkValidationResult,
+    adminDeleteUser
+  );
+export default router;
diff --git a/src/routes/v1/user.routes.js b/src/routes/v1/user.routes.js