Skip to content

Lock sites #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TomPed wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Lock sites #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5ac0f56
first :lock:
TomPed Dec 5, 2016
4d8c884
test for lock down
TomPed Dec 5, 2016
b096a2b
merged develop in
TomPed Dec 5, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,11 +84,6 @@ app.route('/sites')
makeResponse(res, sites.createSite(req));
});

app.route('/accounts/:account_id/sites')
.get(function(req, res, next) {
makeResponse(res, sites.getSitesByAccount(req));
});

app.route('/sites/:site_id')
.get(function(req, res, next) {
makeResponse(res, sites.getSite(req));
Expand Down
4 changes: 2 additions & 2 deletions lib/utils.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,9 @@ function getAccountID(auth0_id) {
.then(function(data) {
if (data.length === 1) {
return data[0].acct_id;
} else {
return Promise.reject({status: 403, message: 'Invalid Auth0 ID'});
}

return Promise.reject({status: 403, message: 'Invalid Auth0 ID'});
});
}

Expand Down
44 changes: 39 additions & 5 deletions routes/sites.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ const Promise = require('bluebird');
const utils = require('../lib/utils');
const query = utils.query;
const defined = utils.defined;
const getAccountID = utils.getAccountID;

/**
* Gets all sites.
Expand All @@ -12,17 +13,24 @@ const defined = utils.defined;
* @return {Promise} The promise
*/
function getSites(req) {
return query('SELECT * FROM Site');
if (req.user.authorization === 'Admin' || req.user.authorization === 'Staff') {
return query('SELECT * FROM Site');
}

return getAccountID(req.user.auth0_id)
.then(function(data) {
return getSitesByAccount(data);
});
}

/**
* Gets all sites for given account.
*
* @param {Object} req The given request object
* @param {Number} accountID The given account id
* @return {Promise} The promise
*/
function getSitesByAccount(req) {
return query('SELECT site_id, site_name, site_address FROM Acct NATURAL JOIN AcctToProgram NATURAL JOIN Program NATURAL JOIN Site WHERE acct_id = ?', [req.params.account_id]);
function getSitesByAccount(accountID) {
return query('SELECT site_id, site_name, site_address FROM Acct NATURAL JOIN AcctToProgram NATURAL JOIN Program NATURAL JOIN Site WHERE acct_id = ?', [accountID]);
}

/**
Expand All @@ -32,6 +40,10 @@ function getSitesByAccount(req) {
* @return {Promise} The promise
*/
function createSite(req) {
if (req.user.authorization == 'Coach' || req.user.authorization == 'Volunteer') {
return Promise.reject({status: 403, message: 'Access denied'});
}

if (!defined(req.body) || !defined(req.body.site_name) || !defined(req.body.site_address)) {
return Promise.reject({
status: 406,
Expand Down Expand Up @@ -59,7 +71,21 @@ function createSite(req) {
* @return {Promise} The promise
*/
function getSite(req) {
return query('SELECT * FROM Site WHERE site_id = ?', [req.params.site_id]);
var site_id = req.params.site_id;
if (req.user.authorization === 'Admin' || req.user.authorization === 'Staff') {
return query('SELECT * FROM Site WHERE site_id = ?', [site_id]);
}

return getAccountID(req.user.auth0_id)
.then(function(data) {
return query('SELECT site_id, site_name, site_address FROM Acct NATURAL JOIN AcctToProgram NATURAL JOIN Program NATURAL JOIN Site WHERE acct_id = ? AND Site.site_id = ?', [data, site_id]);
})
.then(function(data) {
if (data.length !== 1) {
return Promise.reject({status: 403, message: 'Access denied or site not found'});
}
return data;
});
}

/**
Expand All @@ -69,6 +95,10 @@ function getSite(req) {
* @return {Promise} The promise
*/
function updateSite(req) {
if (req.user.authorization == 'Coach' || req.user.authorization == 'Volunteer') {
return Promise.reject({status: 403, message: 'Access denied'});
}

if (!defined(req.body) || (!defined(req.body.site_name) && !defined(req.body.site_address))) {
return Promise.reject({
status: 406,
Expand Down Expand Up @@ -96,6 +126,10 @@ function updateSite(req) {
* @return {Promise} The promise
*/
function deleteSite(req) {
if (req.user.authorization !== 'Admin') {
return Promise.reject({status: 403, message: 'Access denied'});
}

return query('DELETE FROM Site WHERE site_id = ?', [req.params.site_id]);
}

Expand Down
11 changes: 3 additions & 8 deletions routes/students.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

const Promise = require('bluebird');
const utils = require('../lib/utils');
const constants = require('../lib/constants');
const query = utils.query;
const defined = utils.defined;

Expand Down Expand Up @@ -124,14 +125,8 @@ function getStudentsBySite(req) {
// Check if the id is an integer > 0
if (isPositiveInteger(id)) {
// Check if the id is in the related table
return sites.getSite({
params: {
site_id: id
},
user: {
authorization: 'Admin'
}
})
req.user = constants.admin;
return sites.getSite(req)
.then(function(data) {
if (data.length > 0) {
return query(queryString, [id]);
Expand Down
15 changes: 0 additions & 15 deletions test/app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,6 @@ describe('app.js', function() {

describe('sites endpoint', function() {
var getSitesStub;
var getSitesByAccountStub;
var createSiteStub;
var getSiteStub;
var updateSiteStub;
Expand All @@ -186,9 +185,6 @@ describe('app.js', function() {
getSitesStub = sinon.stub(sites, 'getSites', function() {
return Promise.resolve('got the sites');
});
getSitesByAccountStub = sinon.stub(sites, 'getSitesByAccount', function() {
return Promise.resolve('got the students for an account');
});
createSiteStub = sinon.stub(sites, 'createSite', function() {
return Promise.resolve('create a site');
});
Expand All @@ -205,7 +201,6 @@ describe('app.js', function() {

after(function() {
sites.getSites.restore();
sites.getSitesByAccount.restore();
sites.createSite.restore();
sites.getSite.restore();
sites.updateSite.restore();
Expand All @@ -222,16 +217,6 @@ describe('app.js', function() {
});
});

it('GET /accounts/:account_id/sites', function(done) {
request(app)
.get('/accounts/:account_id/sites')
.expect('got the sites for an account', 200)
.end(function() {
assert.isTrue(getSitesByAccountStub.called);
done();
});
});

it('POST /sites', function(done) {
request(app)
.post('/sites')
Expand Down
Loading