arthurarty · arthurarty · Aug 28, 2018 · Aug 28, 2018 · Aug 28, 2018
diff --git a/app/__init__.py b/app/__init__.py
@@ -80,7 +80,7 @@ def fetch_all_questions():
         output = db_conn.query_all("questions")
         return jsonify(output), 200
 
-    @app.route('/v1/questions/<int:question_id>/')
+    @app.route('/v1/questions/<int:question_id>/', methods=['GET'])
     @jwt_required
     def fetch_single_question(question_id):
         """fetch_single_questions method returns single question with input being of the type int. 
@@ -94,6 +94,23 @@ def fetch_single_question(question_id):
         answers = db_conn.query_all_where_id("answers", "question_id", question_id)
         return jsonify(output, answers), 200
 
+    @app.route('/v1/questions/<int:question_id>/delete', methods=['DELETE'])
+    @jwt_required
+    def delete_question(question_id):
+        """delete question and corresponding answers 
+        """
+        output = db_conn.return_user_id_question(question_id)
+        if not output:
+            output = {
+                'message': 'Question Not Found: ' + request.url,
+            }
+            return jsonify(output), 404
+        current_user = get_jwt_identity()
+        if current_user[0] in output:
+            db_conn.delete_question(question_id)
+            return jsonify({'message':'Question Deleted'}), 200
+        return jsonify({'message':'No rights to delete question'}), 401
+
     @app.route('/v1/questions/<int:question_id>/answers', methods=['POST'])
     @jwt_required
     def add_answer_to_question(question_id):

diff --git a/app/database.py b/app/database.py
@@ -85,6 +85,17 @@ def drop_all_tables(self):
         self.drop_table("questions")
         self.drop_table("users")
 
+    def delete_question(self, question_id):
+        delete_answers = "DELETE FROM answers WHERE question_id = %s" % (question_id)
+        self.cursor.execute(delete_answers)
+        delete_command = "DELETE FROM questions WHERE question_id = %s" % (question_id)
+        self.cursor.execute(delete_command)
+
+    def return_user_id_question(self, question_id):
+        user_id_command = "SELECT user_id FROM questions WHERE question_id = %s" % (question_id)
+        self.cursor.execute(user_id_command)
+        user_id = self.cursor.fetchone()
+        return user_id
+
 #db = Database()
-#db.create_all_tables()
-#db.drop_all_tables()
+#print(db.return_user_id_question(2))
diff --git a/app/models/question.py b/app/models/question.py
@@ -28,4 +28,5 @@ def insert_new_record(self):
             output = { 
                 'message': '%s' % e,
             }
-            return jsonify(output), 404
+            return jsonify(output), 404
+
diff --git a/tests/test_login.py b/tests/test_login.py
@@ -18,6 +18,26 @@ def json_of_response(response):
     """Decode json from response"""
     return json.loads(response.data.decode('utf8'))
 
+def signin(client):
+    resp = post_json(client, '/auth/signin', { 
+	"email": "test@test.com",
+	"password":"test"})
+    access = json_of_response(resp)
+    access_token = access[1]['access_token']
+    return access_token
+
+def user_two(client):
+    resp = post_json(client, '/auth/signup', { 
+	"email": "user@test.com",
+    "name": "user",
+	"password":"user"})
+    resp = post_json(client, '/auth/signin', { 
+	"email": "user@test.com",
+	"password":"user"})
+    access = json_of_response(resp)
+    access_token = access[1]['access_token']
+    return access_token
+
 def test_user_creation(client):
     resp = post_json(client, '/auth/signup', { 
 	"email": "test@test.com",
@@ -33,41 +53,31 @@ def test_user_login(client):
     assert b'Successful login' in resp.data
     assert resp.status_code == 200
 
-
 def test_add_question(client):
-    resp = post_json(client, '/auth/signin', { 
-	"email": "test@test.com",
-	"password":"test"})
-    access = json_of_response(resp)
-    access_token = access[1]['access_token']
-    resp = client.post('/v1/questions', headers={'Authorization': 'Bearer ' + access_token}, 
+    resp = client.post('/v1/questions', headers={'Authorization': 'Bearer ' + signin(client)}, 
     data=dict( title= "big man",))
     assert resp.status_code == 201
 
 def test_get_questiosn(client):
-    resp = post_json(client, '/auth/signin', { 
-	"email": "test@test.com",
-	"password":"test"})
-    access = json_of_response(resp)
-    access_token = access[1]['access_token']
-    resp = client.get('/v1/questions', headers={'Authorization': 'Bearer ' + access_token})
+    resp = client.get('/v1/questions', headers={'Authorization': 'Bearer ' + signin(client)})
     assert resp.status_code == 200
 
 def test_get_single_question(client):
-    resp = post_json(client, '/auth/signin', { 
-	"email": "test@test.com",
-	"password":"test"})
-    access = json_of_response(resp)
-    access_token = access[1]['access_token']
-    resp = client.get('/v1/questions/1', headers={'Authorization': 'Bearer ' + access_token})
+    resp = client.get('/v1/questions/1', headers={'Authorization': 'Bearer ' + signin(client)})
     assert b'title' in resp.data
 
 def test_post_answer(client):
-    resp = post_json(client, '/auth/signin', { 
-	"email": "test@test.com",
-	"password":"test"})
-    access = json_of_response(resp)
-    access_token = access[1]['access_token']
-    resp = client.post('/v1/questions/1/answers', headers={'Authorization': 'Bearer ' + access_token}, 
+    resp = client.post('/v1/questions/1/answers', headers={'Authorization': 'Bearer ' + signin(client)}, 
     data=dict( title= "how to do this thing",))
-    assert resp.status_code == 201
+    assert resp.status_code == 201
+
+def test_delete_question_by_another_user(client):
+    resp = client.delete('/v1/questions/1/delete', headers={'Authorization': 'Bearer ' + user_two(client)})
+    assert resp.status_code == 401
+    assert b'No rights to delete question' in resp.data
+
+def test_delete_question(client):
+    resp = client.delete('/v1/questions/1/delete', headers={'Authorization': 'Bearer ' + signin(client)})
+    assert resp.status_code == 200
+    assert b'Question Deleted' in resp.data
+