Updated UsersStatus /:userId PATCH Endpoint (#2313)

* Updated the userId Patch endpoint to allow authenticated User patch

* added one test case for unauthorized user and superuser

Author: vikasosmium

controllers/userStatus.js

@@ -4,6 +4,9 @@ const { INTERNAL_SERVER_ERROR } = require("../constants/errorMessages");
 const dataAccess = require("../services/dataAccessLayer");
 const userStatusModel = require("../models/userStatus");
 const { userState, CANCEL_OOO } = require("../constants/userStatus");
+const ROLES = require("../constants/roles");
+const firestore = require("../utils/firestore");
+const usersCollection = firestore.collection("users");
 
 /**
  * Deletes a new User Status
@@ -107,6 +110,11 @@ const getAllUserStatus = async (req, res) => {
 const updateUserStatus = async (req, res) => {
   try {
     const userId = getUserIdBasedOnRoute(req);
+    const userDoc = await usersCollection.doc(userId).get();
+    if (!userDoc.exists) {
+      return res.boom.notFound("The User doesn't exist.");
+    }
+
     if (userId) {
       const dataToUpdate = req.body;
       const updateStatus = await userStatusModel.updateUserStatus(userId, dataToUpdate);
@@ -240,6 +248,26 @@ const updateUserStatusController = async (req, res, next) => {
   }
 };
 
+const updateUserStatuses = async (req, res, next) => {
+  try {
+    const { id: currentUserId, roles = {} } = req.userData;
+    const isSelf = req.params.userId === currentUserId;
+    const isSuperUser = roles[ROLES.SUPERUSER];
+
+    if (isSelf || isSuperUser) {
+      if (isSelf && Object.keys(req.body).includes(CANCEL_OOO)) {
+        return await cancelOOOStatus(req, res, next);
+      }
+      return await updateUserStatus(req, res, next);
+    }
+
+    return res.boom.unauthorized("You are not authorized to perform this action.");
+  } catch (err) {
+    logger.error(`Error in updateUserStatusController: ${err}`);
+    return res.boom.badImplementation("An unexpected error occurred.");
+  }
+};
+
 module.exports = {
   deleteUserStatus,
   getUserStatus,
@@ -250,4 +278,5 @@ module.exports = {
   getUserStatusControllers,
   batchUpdateUsersStatus,
   updateUserStatusController,
+  updateUserStatuses,
 };

routes/userStatus.js

@@ -2,7 +2,7 @@ const express = require("express");
 const {
   deleteUserStatus,
   getUserStatus,
-  updateUserStatus,
+  updateUserStatuses,
   updateAllUserStatus,
   batchUpdateUsersStatus,
   getUserStatusControllers,
@@ -24,15 +24,15 @@ const { Services } = require("../constants/bot");
 router.get("/", validateGetQueryParams, getUserStatusControllers);
 router.get("/self", authenticate, getUserStatus);
 router.get("/:userId", getUserStatus);
-router.patch("/self", authenticate, validateUserStatus, updateUserStatusController);
+router.patch("/self", authenticate, validateUserStatus, updateUserStatusController); // this route is being deprecated, please use /users/status/:userId PATCH endpoint instead.
 router.patch("/update", authorizeAndAuthenticate([ROLES.SUPERUSER], [Services.CRON_JOB_HANDLER]), updateAllUserStatus);
 router.patch(
   "/batch",
   authorizeAndAuthenticate([ROLES.SUPERUSER], [Services.CRON_JOB_HANDLER]),
   validateMassUpdate,
   batchUpdateUsersStatus
 );
-router.patch("/:userId", authenticate, authorizeRoles([SUPERUSER]), validateUserStatus, updateUserStatus);
+router.patch("/:userId", authenticate, validateUserStatus, updateUserStatuses);
 router.delete("/:userId", authenticate, authorizeRoles([SUPERUSER]), deleteUserStatus);
 
 module.exports = router;

test/integration/userStatus.test.js

@@ -296,7 +296,7 @@ describe("UserStatus", function () {
     it("Should store the User Status in the collection", function (done) {
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("Cookie", `${cookieName}=${testUserJwt}`)
         .send(userStatusDataForOooState)
         .end((err, res) => {
@@ -329,6 +329,24 @@ describe("UserStatus", function () {
         });
     });
 
+    it("Should store the User Status in the collection when requested by User", function (done) {
+      chai
+        .request(app)
+        .patch(`/users/status/${testUserId}`)
+        .set("Cookie", `${cookieName}=${testUserJwt}`)
+        .send(userStatusDataForOooState)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+          expect(res).to.have.status(201);
+          expect(res.body).to.be.a("object");
+          expect(res.body.message).to.equal("User Status created successfully.");
+          expect(res.body.data.currentStatus.state).to.equal("OOO");
+          return done();
+        });
+    });
+
     // Skipping this as the users are not allowed to mark them as active or idle. Will remove the test while removing the feature flag.
     // eslint-disable-next-line mocha/no-skipped-tests
     it.skip("Should update the User Status", function (done) {
@@ -350,7 +368,7 @@ describe("UserStatus", function () {
     it("Should update the User Status without reason for short duration", function (done) {
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${userId}`)
         .set("cookie", `${cookieName}=${jwt}`)
         .send(oooStatusDataForShortDuration)
         .end((err, res) => {
@@ -398,10 +416,27 @@ describe("UserStatus", function () {
         });
     });
 
+    it("Should return 401 for unauthorized request for user and superuser", function (done) {
+      chai
+        .request(app)
+        .patch(`/users/status/${testUserId}`)
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send(userStatusDataForOooState)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+          expect(res).to.have.status(401);
+          expect(res.body).to.be.a("object");
+          expect(res.body.message).to.equal("You are not authorized to perform this action.");
+          return done();
+        });
+    });
+
     it("Should return 400 for incorrect state value", function (done) {
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("IN_OFFICE", Date.now(), Date.now()))
         .end((err, res) => {
@@ -421,7 +456,7 @@ describe("UserStatus", function () {
       const untilDate = Date.now() + 4 * 24 * 60 * 60 * 1000;
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), Date.now(), untilDate, ""))
         .end((err, res) => {
@@ -442,7 +477,7 @@ describe("UserStatus", function () {
       const fromDate = Date.now() - 4 * 24 * 60 * 60 * 1000;
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, "", ""))
         .end((err, res) => {
@@ -464,7 +499,7 @@ describe("UserStatus", function () {
       const untilDate = Date.now() + 5 * 24 * 60 * 60 * 1000;
       chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, untilDate, "Semester Exams"))
         .end((err, res) => {
@@ -493,7 +528,7 @@ describe("UserStatus", function () {
       let untilDateInUTC = convertTimestampToUTCStartOrEndOfDay(untilDate, true);
       const response2 = await chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("Cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, untilDate, "Vacation Trip"));
       expect(response2).to.have.status(200);
@@ -510,7 +545,7 @@ describe("UserStatus", function () {
       untilDateInUTC = convertTimestampToUTCStartOrEndOfDay(untilDate, true);
       const response3 = await chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("Cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, untilDate, "New plan for vacation Trip"));
       expect(response3).to.have.status(200);
@@ -521,7 +556,10 @@ describe("UserStatus", function () {
       expect(response3.body.data.futureStatus.until).to.equal(untilDateInUTC); // 5th Dec 2022
 
       // Checking the current status
-      const response4 = await chai.request(app).get(`/users/status/self`).set("Cookie", `${cookieName}=${testUserJwt}`);
+      const response4 = await chai
+        .request(app)
+        .get(`/users/status/${testUserId}`)
+        .set("Cookie", `${cookieName}=${testUserJwt}`);
       expect(response4).to.have.status(200);
       expect(response4.body).to.be.a("object");
       expect(response4.body.message).to.equal("User Status found successfully.");
@@ -541,7 +579,7 @@ describe("UserStatus", function () {
       let untilDateInUTC = convertTimestampToUTCStartOrEndOfDay(untilDate, true);
       const response1 = await chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("Cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, untilDate, "Vacation Trip"));
       expect(response1).to.have.status(201);
@@ -558,7 +596,7 @@ describe("UserStatus", function () {
       untilDateInUTC = convertTimestampToUTCStartOrEndOfDay(untilDate, true);
       const response2 = await chai
         .request(app)
-        .patch(`/users/status/self`)
+        .patch(`/users/status/${testUserId}`)
         .set("Cookie", `${cookieName}=${testUserJwt}`)
         .send(generateUserStatusData("OOO", Date.now(), fromDate, untilDate, "Changed plan for vacation Trip"));
       expect(response2).to.have.status(200);