chore(manager can comment): add manager

- add manager can comment on his assigned requester trip request [Starts #170621308]
andela · Jan 9, 2020 · 00319f9 · 00319f9
1 parent 97371dd
commit 00319f9
Show file tree

Hide file tree

Showing 5 changed files with 120 additions and 8 deletions.
diff --git a/src/routes/trip.route.js b/src/routes/trip.route.js
@@ -15,6 +15,6 @@ router.post('/return-trip', authMiddleware.checkUserLoggedIn, TripValidation, Tr
 router.get('/requests/:userId', authMiddleware.checkUserLoggedIn, requestValidation, TripController.userTripRequestList); // user request list route
 router.post('/multi-city-trips', authMiddleware.checkUserLoggedIn, multiCityTripValidation, TripController.requestMultiCityTrip);
 router.get('/locations', authMiddleware.checkUserLoggedIn, TripController.viewAvailableLocations);
-router.post('/trips/:tripId/comment', authMiddleware.checkUserLoggedIn, UserValidation.validateUserComment, CommentController.addCommentOnTripRequest); // user comment on request trip route
+router.post('/trip-requests/:tripId/comments', authMiddleware.checkUserLoggedIn, UserValidation.validateUserComment, CommentController.addCommentOnTripRequest); // user comment on request trip route
 
 export default router;
diff --git a/src/swagger/trip.swagger.js b/src/swagger/trip.swagger.js
@@ -303,3 +303,50 @@
  *         description: No valid token supplied
  *
  */
+
+/**
+ * @swagger
+ * definitions:
+ *   comments:
+ *     type: object
+ *     properties:
+ *       comment:
+ *         type: string
+ *       required:
+ *         - comment
+ */
+
+
+/**
+ * @swagger
+ * /api/trip-requests/{tripId}/comments:
+ *   post:
+ *     tags:
+ *       - trips
+ *     name: Comment on requests trips
+ *     summary: User should be able to comment on requested trip
+ *     produces:
+ *       - application/json
+ *     consumes:
+ *       - application/json
+ *     parameters:
+ *       - in: header
+ *         name: Authorization
+ *         required: true
+ *         type: string
+ *       - name: tripId
+ *         in: path
+ *       - name: comment
+ *         in: body
+ *         schema:
+ *           $ref: '#/definitions/comments'
+ *           type: object
+ *     responses:
+ *       '201':
+ *         description: Your comment was submitted successfully
+ *       '401':
+ *         description: You are not authorized to perform this activity
+ *       '404':
+ *         description: Trip ID doesn't exists
+ *
+ */
diff --git a/src/tests/fixtures/users.fixture.js b/src/tests/fixtures/users.fixture.js
@@ -53,6 +53,7 @@ export const loggedInUser = {
   lastName: faker.name.lastName(),
   email: faker.internet.email(),
   password: BcryptService.hashPassword(userPassword),
+  lineManagerId: 31,
   isVerified: true,
   createdAt: new Date(),
   updatedAt: new Date(),
@@ -79,13 +80,45 @@ export const createUser = {
   updatedAt: new Date(),
 };
 
+export const lineManager = {
+  id: 31,
+  firstName: faker.name.firstName(),
+  lastName: faker.name.lastName(),
+  email: realUser,
+  password: BcryptService.hashPassword(userPassword),
+  role: 'manager',
+  isVerified: true,
+  createdAt: new Date(),
+  updatedAt: new Date(),
+};
+
+export const notAllowedManager = {
+  id: 32,
+  firstName: faker.name.firstName(),
+  lastName: faker.name.lastName(),
+  email: realUser,
+  password: BcryptService.hashPassword(userPassword),
+  role: 'manager',
+  isVerified: true,
+  createdAt: new Date(),
+  updatedAt: new Date(),
+};
+
+export const tokenOfNotAllowedManager = JwtService.generateToken({
+  id: notAllowedManager.id,
+  firstName: notAllowedManager.firstName,
+  lastName: notAllowedManager.lastName,
+  email: notAllowedManager.email,
+});
+
 // create a user who does not have a trip
 export const userWithNoTrip = {
   id: 29,
   firstName: faker.name.firstName(),
   lastName: faker.name.lastName(),
   email: faker.internet.email(),
   password: BcryptService.hashPassword(userPassword),
+  lineManagerId: 6,
   isVerified: true,
   createdAt: new Date(),
   updatedAt: new Date(),
@@ -126,6 +159,8 @@ export const createUsers = async () => {
   await Users.create(activeUser);
   await Users.create(createUser);
   await Users.create({ ...loggedInUser, token: loggedInToken });
+  await Users.create(lineManager);
+  await Users.create({ ...notAllowedManager, token: tokenOfNotAllowedManager });
   await Users.create({ ...userWithNoTrip, token: userWithNoTripToken });
 };
 export const cleanDb = async () => {

diff --git a/src/tests/trip/comments.test.js b/src/tests/trip/comments.test.js
@@ -1,7 +1,7 @@
 import chai from 'chai';
 import chaiHttp from 'chai-http';
 import app from '../../app';
-import { loggedInToken, userWithNoTripToken, createUsers } from '../fixtures/users.fixture';
+import { loggedInToken, userWithNoTripToken, tokenOfNotAllowedManager, createUsers } from '../fixtures/users.fixture';
 import { newComment, badRequest, noTripFound, createTrip } from '../fixtures/comments.fixture';
 
 chai.should();
@@ -14,7 +14,7 @@ describe('/POST create comment on trip request', () => {
   });
   it('Should allow user to create comments when provided successfully, userId, subjectId, subjectType and comment', (done) => {
     chai.request(app)
-      .post('/api/trips/1/comment')
+      .post('/api/trip-requests/1/comments')
       .set('Authorization', loggedInToken)
       .send(newComment)
       .end((err, res) => {
@@ -31,7 +31,7 @@ describe('/POST create comment on trip request', () => {
 
   it('Should check when user do a bad request', (done) => {
     chai.request(app)
-      .post('/api/trips/NaN/comment')
+      .post('/api/trip-requests/NaN/comments')
       .set('Authorization', loggedInToken)
       .send(badRequest)
       .end((err, res) => {
@@ -44,7 +44,7 @@ describe('/POST create comment on trip request', () => {
 
   it('Should not allow user to comment when trip ID does not exist', (done) => {
     chai.request(app)
-      .post('/api/trips/99/comment')
+      .post('/api/trip-requests/99/comments')
       .set('Authorization', loggedInToken)
       .send(noTripFound)
       .end((err, res) => {
@@ -57,7 +57,7 @@ describe('/POST create comment on trip request', () => {
 
   it('Should not allow unauthorized user to comment', (done) => {
     chai.request(app)
-      .post('/api/trips/1/comment')
+      .post('/api/trip-requests/1/comments')
       .set('Authorization', userWithNoTripToken)
       .send(newComment)
       .end((err, res) => {
@@ -67,4 +67,30 @@ describe('/POST create comment on trip request', () => {
         done();
       });
   });
+
+  it('Should not authorize a requester who is not the owner of the trip request to comment', (done) => {
+    chai.request(app)
+      .post('/api/trip-requests/1/comments')
+      .set('Authorization', userWithNoTripToken)
+      .send(newComment)
+      .end((err, res) => {
+        res.body.should.be.an('object');
+        res.status.should.be.equal(401);
+        res.body.should.have.property('message');
+        done();
+      });
+  });
+
+  it('Should not authorize a manager who is not assigned to a user to comment', (done) => {
+    chai.request(app)
+      .post('/api/trip-requests/1/comments')
+      .set('Authorization', tokenOfNotAllowedManager)
+      .send(newComment)
+      .end((err, res) => {
+        res.body.should.be.an('object');
+        res.status.should.be.equal(401);
+        res.body.should.have.property('message');
+        done();
+      });
+  });
 });
diff --git a/src/validations/user.validation.js b/src/validations/user.validation.js
@@ -121,14 +121,18 @@ class UserValidation {
 
     const findTrip = await TripService.findTripByProperty({ id });
     const signInUser = JwtService.verifyToken(req.headers.authorization);
+    // user from the signed in ID to give you all user information
+    const user = await UserService.findUserByProperty({ id: signInUser.id });
 
     if (!findTrip) {
       ResponseService.setError(404, `Trip with ID ${id} doesn't exists`);
       return ResponseService.send(res);
     }
+    // line manager for a user who created a trip
+    const lineManger = await UserService.findUserByProperty({ id: findTrip.userId });
 
-    if (signInUser.id !== findTrip.userId) {
-      ResponseService.setError(401, 'You are not allowed to comment on this trip request');
+    if ((user.role === 'requester' && signInUser.id !== findTrip.userId) || (user.role === 'manager' && lineManger.lineManagerId !== signInUser.id)) {
+      ResponseService.setError(401, 'You are not authorized to perform this activity');
       return ResponseService.send(res);
     }
     req.signInUser = signInUser;