Merge branch 'master' into addSubjectIdAspcectId

salesforce · Apr 11, 2017 · d2e4e16 · d2e4e16
2 parents 16d7549 + f48b749
commit d2e4e16
Show file tree

Hide file tree

Showing 12 changed files with 213 additions and 105 deletions.
diff --git a/api/v1/controllers/aspects.js b/api/v1/controllers/aspects.js
@@ -61,7 +61,7 @@ function validateTags(requestBody, params) {
  * @param  {Object} req - The request object
  */
 function validateRequest(req) {
-  utils.noReadOnlyFieldsInReq(req, helper);
+  utils.noReadOnlyFieldsInReq(req, helper.readOnlyFields);
   validateTags(req.body);
 } // validateRequest
 

diff --git a/api/v1/controllers/samples.js b/api/v1/controllers/samples.js
@@ -12,7 +12,7 @@
 'use strict'; // eslint-disable-line strict
 
 const featureToggles = require('feature-toggles');
-
+const apiErrors = require('../apiErrors');
 const helper = require('../helpers/nouns/samples');
 const subHelper = require('../helpers/nouns/subjects');
 const doDelete = require('../helpers/verbs/doDelete');
@@ -28,6 +28,7 @@ const sampleStoreConstants = sampleStore.constants;
 const redisModelSample = require('../../../cache/models/samples');
 const utils = require('./utils');
 const publisher = u.publisher;
+
 module.exports = {
 
   /**
@@ -98,7 +99,7 @@ module.exports = {
    * @param {Function} next - The next middleware function in the stack
    */
   patchSample(req, res, next) {
-    utils.noReadOnlyFieldsInReq(req, helper);
+    utils.noReadOnlyFieldsInReq(req, helper.readOnlyFields);
     doPatch(req, res, next, helper);
   },
 
@@ -112,7 +113,7 @@ module.exports = {
    * @param {Function} next - The next middleware function in the stack
    */
   postSample(req, res, next) {
-    utils.noReadOnlyFieldsInReq(req, helper);
+    utils.noReadOnlyFieldsInReq(req, helper.readOnlyFields);
     doPost(req, res, next, helper);
   },
 
@@ -127,7 +128,7 @@ module.exports = {
    * @param {Function} next - The next middleware function in the stack
    */
   putSample(req, res, next) {
-    utils.noReadOnlyFieldsInReq(req, helper);
+    utils.noReadOnlyFieldsInReq(req, helper.readOnlyFields);
     doPut(req, res, next, helper);
   },
 
@@ -143,11 +144,14 @@ module.exports = {
    * @param {Function} next - The next middleware function in the stack
    */
   upsertSample(req, res, next) {
-    utils.noReadOnlyFieldsInReq(req, helper);
+
+    // make the name post-able
+    const readOnlyFields = helper.readOnlyFields.filter((field) => field !== 'name');
+    utils.noReadOnlyFieldsInReq(req, readOnlyFields);
     const resultObj = { reqStartTime: new Date() };
     const sampleQueryBody = req.swagger.params.queryBody.value;
 
-    u.getUserNameFromToken(req,
+    return u.getUserNameFromToken(req,
       featureToggles.isFeatureEnabled('enforceWritePermission'))
     .then((userName) => {
       if (sampleQueryBody.relatedLinks) {
@@ -197,7 +201,7 @@ module.exports = {
    *  bulk upsert request has been received.
    */
   bulkUpsertSample(req, res/* , next */) {
-    utils.noReadOnlyFieldsInReq(req, helper);
+
     const resultObj = { reqStartTime: new Date() };
     const reqStartTime = Date.now();
     const value = req.swagger.params.queryBody.value;

diff --git a/api/v1/controllers/subjects.js b/api/v1/controllers/subjects.js
@@ -130,7 +130,7 @@ function validateTags(requestBody, params) {
  * @param  {Object} req - The request object
  */
 function validateRequest(req) {
-  utils.noReadOnlyFieldsInReq(req, helper);
+  utils.noReadOnlyFieldsInReq(req, helper.readOnlyFields);
   validateTags(req.body);
 } // validateRequest
 

diff --git a/api/v1/controllers/utils.js b/api/v1/controllers/utils.js
@@ -62,13 +62,12 @@ function checkReadOnlyFieldInObj(field, obj) {
 /**
  * Throws a validation error if the read-only fields are found in the request.
  * @param  {Object} req - The request object
- * @param  {Object} props - The module containing the properties of the
- *  resource type.
+ * @param  {Array} readOnlyFields - Contains fields to exclude
  */
-function noReadOnlyFieldsInReq(req, props) {
+function noReadOnlyFieldsInReq(req, readOnlyFields) {
   const requestBody = req.body;
-  if (props.readOnlyFields) {
-    props.readOnlyFields.forEach((field) => {
+  if (readOnlyFields) {
+    readOnlyFields.forEach((field) => {
       // if request body is an array, check each object in array.
       if (Array.isArray(requestBody)) {
         requestBody.forEach((reqObj) => {

diff --git a/api/v1/helpers/nouns/samples.js b/api/v1/helpers/nouns/samples.js
@@ -43,6 +43,6 @@ module.exports = {
   },
   readOnlyFields: [
     'id', 'isDeleted', 'status', 'previousStatus',
-    'statusChangedAt', 'createdAt', 'updatedAt',
+    'statusChangedAt', 'createdAt', 'updatedAt', 'name',
   ],
 }; // exports
diff --git a/db/helpers/sampleUtils.js b/db/helpers/sampleUtils.js
@@ -13,7 +13,7 @@
  */
 'use strict'; // eslint-disable-line strict
 const constants = require('../constants');
-const ResourceNotFoundError = require('../dbErrors').ResourceNotFoundError;
+const dbErrors = require('../dbErrors');
 const fourByteBase = 2;
 const fourByteExponent = 31;
 const fourByteLimit = Math.pow(fourByteBase, fourByteExponent);
@@ -160,7 +160,7 @@ function parseName(name) {
     return retval;
   }
 
-  const err = new ResourceNotFoundError();
+  const err = new dbErrors.ResourceNotFoundError();
   err.resourceType = 'Sample';
   err.resourceKey = name;
   throw err;
@@ -212,7 +212,7 @@ function getSubjectAndAspectBySampleName(seq, sampleName, idsOnly) {
         if (s) {
           retval.subject = s;
         } else {
-          const err = new ResourceNotFoundError();
+          const err = new dbErrors.ResourceNotFoundError();
           err.resourceType = 'Subject';
           err.resourceKey = parsedName.subject.absolutePath;
           throw err;
@@ -223,7 +223,7 @@ function getSubjectAndAspectBySampleName(seq, sampleName, idsOnly) {
         if (a) {
           retval.aspect = a;
         } else {
-          const err = new ResourceNotFoundError();
+          const err = new dbErrors.ResourceNotFoundError();
           err.resourceType = 'Aspect';
           err.resourceKey = parsedName.aspect.name;
           throw err;

diff --git a/tests/api/v1/samples/patch.js b/tests/api/v1/samples/patch.js
@@ -51,6 +51,21 @@ describe(`api: PATCH ${path}`, () => {
   afterEach(u.forceDelete);
   after(tu.forceDeleteUser);
 
+  it('reject if name field in request', (done) => {
+    api.patch(`${path}/${sampleName}`)
+    .set('Authorization', token)
+    .send({ name: '2' })
+    .expect(constants.httpStatus.BAD_REQUEST)
+    .end((err, res ) => {
+      if (err) {
+        done(err);
+      }
+
+      expect(res.body.errors[0].type).to.contain('ValidationError');
+      done();
+    });
+  });
+
   it('apiLinks"s href ends with sample name' +
     'updatedAt', (done) => {
     api.patch(`${path}/${sampleName}`)
@@ -151,23 +166,6 @@ describe(`api: PATCH ${path}`, () => {
         done();
       });
     });
-
-    it('updates case sensitive name successfully', (done) => {
-      const name = u.sampleName;
-      const updatedName = name.toUpperCase();
-      api.patch(`${path}/${name}`)
-      .set('Authorization', token)
-      .send({ name: updatedName })
-      .expect(constants.httpStatus.OK)
-      .end((err, res) => {
-        if (err) {
-          done(err);
-        }
-
-        expect(res.body.name).to.equal(updatedName);
-        done();
-      });
-    });
   });
 
   //

diff --git a/tests/api/v1/samples/post.js b/tests/api/v1/samples/post.js
@@ -112,6 +112,22 @@ describe(`api: POST ${path}`, () => {
     });
   });
 
+  it('reject if name field in request', (done) => {
+    sampleToPost.name = '!@#$%^&*(';
+    api.post(path)
+    .set('Authorization', token)
+    .send(sampleToPost)
+    .expect(constants.httpStatus.BAD_REQUEST)
+    .end((err, res ) => {
+      if (err) {
+        done(err);
+      }
+
+      expect(res.body.errors[0].type).to.contain('ValidationError');
+      done();
+    });
+  });
+
   it('basic post /samples', (done) => {
     api.post(path)
     .set('Authorization', token)

diff --git a/tests/api/v1/samples/put.js b/tests/api/v1/samples/put.js
@@ -7,7 +7,7 @@
  */
 
 /**
- * tests/api/v1/samples/get.js
+ * tests/api/v1/samples/put.js
  */
 'use strict';
 
@@ -81,6 +81,21 @@ describe(`api: PUT ${path}`, () => {
     });
   });
 
+  it('reject if name field in request', (done) => {
+    api.put(`${path}/${sampleName}`)
+    .set('Authorization', token)
+    .send({ subjectId, aspectId, value: '2', name: '2' })
+    .expect(constants.httpStatus.BAD_REQUEST)
+    .end((err, res ) => {
+      if (err) {
+        done(err);
+      }
+
+      expect(res.body.errors[0].type).to.contain('ValidationError');
+      done();
+    });
+  });
+
   it('basic succeeds', (done) => {
     api.put(`${path}/${sampleName}`)
     .set('Authorization', token)