new: API entities/:uuid/versions

sadiqkhoja · sadiqkhoja · commit ab0f6be9538c · 2023-04-12T18:55:51.000-04:00
diff --git a/lib/model/query/entities.js b/lib/model/query/entities.js
@@ -173,6 +173,47 @@ const getAll = (datasetId, options = QueryOptions.none) => ({ all }) =>
   _get(false)(all, options.withCondition({ datasetId }), isTrue(options.argData.deleted))
     .then(map((e) => e.withAux('currentVersion', e.aux.currentVersion.withAux('creator', e.aux.currentVersionCreator))));
 
+const getByUuid = (uuid) => ({ maybeOne }) =>
+  maybeOne(sql`select * from entities where "uuid" = ${uuid} limit 1`)
+    .then(map(construct(Entity)));
+
+////////////////////////////////////////////////////////////////////////////////
+// GETTING ENTITY DEFS
+
+const _getDef = extender(Entity.Def, Submission, Submission.Def.into('submissionDef'), Form)(Actor.into('creator'))((fields, extend, options) => sql`
+  SELECT ${fields} FROM entities
+  JOIN entity_defs ON entities.id = entity_defs."entityId"
+  LEFT JOIN submission_defs ON submission_defs.id = entity_defs."submissionDefId"
+  LEFT JOIN (
+    SELECT submissions.*, submission_defs."userAgent" FROM submissions
+    JOIN submission_defs ON submissions.id = submission_defs."submissionId" AND root
+  ) submissions ON submissions.id = submission_defs."submissionId"
+  LEFT JOIN forms ON submissions."formId" = forms.id
+  ${extend||sql`
+    LEFT JOIN actors ON actors.id=entities."creatorId"
+    LEFT JOIN actors current_version_actors ON current_version_actors.id=entity_defs."creatorId"
+  `}
+  where ${equals(options.condition)} AND entities."deletedAt" IS NULL
+  order by entity_defs."createdAt", entity_defs.id
+`);
+
+const getAllDefs = (datasetId, uuid, options = QueryOptions.none) => ({ all }) =>
+  _getDef(all, options.withCondition({ datasetId, uuid }))
+    .then(map((v) => {
+      const isSourceSubmission = !!v.submissionDefId;
+
+      // TODO: revisit this when working on POST /entities
+      const source = new Entity.Def.Source({
+        type: isSourceSubmission ? 'submission' : 'api',
+        details: isSourceSubmission ? {
+          xmlFormId: v.aux.form.xmlFormId,
+          instanceId: v.aux.submission.instanceId,
+          instanceName: v.aux.submissionDef.instanceName
+        } : null
+      });
+
+      return new Entity.Def(v, { creator: v.aux.creator, source });
+    }));
 
 // This will check for an entity related to any def of the same submission
 // as the one specified. Used when trying to reapprove an edited submission.
@@ -183,9 +224,6 @@ const getDefBySubmissionId = (submissionId) => ({ maybeOne }) =>
   where s.id = ${submissionId} limit 1`)
     .then(map(construct(Entity.Def)));
 
-const getByUuid = (uuid) => ({ maybeOne }) =>
-  maybeOne(sql`select * from entities where "uuid" = ${uuid} limit 1`)
-    .then(map(construct(Entity)));
 
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -217,5 +255,5 @@ module.exports = {
   processSubmissionEvent, streamForExport,
   getDefBySubmissionId, getByUuid,
   countByDatasetId, getById,
-  getAll
+  getAll, getAllDefs
 };
diff --git a/lib/resources/entities.js b/lib/resources/entities.js
@@ -7,9 +7,10 @@
 // including this file, may be copied, modified, propagated, or distributed
 // except according to the terms contained in the LICENSE file.
 
-const { getOrNotFound } = require('../util/promise');
+const { getOrNotFound, reject } = require('../util/promise');
 const { mergeLeft } = require('ramda');
 const { success } = require('../util/http');
+const Problem = require('../util/problem');
 
 const getActor = () => ({
   id: 1,
@@ -56,28 +57,18 @@ module.exports = (service, endpoint) => {
     return Entities.getById(dataset.id, params.uuid, queryOptions).then(getOrNotFound);
   }));
 
-  service.get('/projects/:id/datasets/:name/entities/:uuid/versions', endpoint(async ({ Projects }, { params, queryOptions }) => {
+  service.get('/projects/:projectId/datasets/:name/entities/:uuid/versions', endpoint(async ({ Datasets, Entities }, { params, auth, queryOptions }) => {
 
-    await Projects.getById(params.id, queryOptions).then(getOrNotFound);
+    const dataset = await Datasets.get(params.projectId, params.name, true).then(getOrNotFound);
 
-    const versions = ['John Doe', 'Jane Doe', 'Richard Roe', 'Janie Doe', 'Baby Roe'].map((name, i) => ({
-      ...getEntityDef(),
-      current: i === 4,
-      source: {
-        type: 'api',
-        details: null
-      },
-      data: {
-        firstName: name.split(' ')[0],
-        lastName: name.split(' ')[1],
-        city: 'Toronto'
-      },
-      versionNumber: i+1,
-      label: name,
-      createdAt: new Date()
-    }));
+    await auth.canOrReject('entity.read', dataset);
+
+    const defs = await Entities.getAllDefs(dataset.id, params.uuid, queryOptions);
+
+    // it means there's no entity with the provided UUID
+    if (defs.length === 0) return reject(Problem.user.notFound());
 
-    return versions;
+    return defs;
   }));
 
   // May not be needed for now
diff --git a/test/integration/api/entities.js b/test/integration/api/entities.js
@@ -201,10 +201,36 @@ describe('Entities API', () => {
   });
 
   describe('GET /datasets/:name/entities/:uuid/versions', () => {
-    it('should return all versions of the Entity', testService(async (service) => {
+    it('should return notfound if the dataset does not exist', testEntities(async (service) => {
+      const asAlice = await service.login('alice');
+
+      await asAlice.get('/v1/projects/1/datasets/nonexistent/entities/123/versions')
+        .expect(404);
+    }));
+
+    it('should return notfound if the entity does not exist', testEntities(async (service) => {
+      const asAlice = await service.login('alice');
+
+      await asAlice.get('/v1/projects/1/datasets/people/entities/123/versions')
+        .expect(404);
+    }));
+
+    it('should reject if the user cannot read', testEntities(async (service) => {
+      const asChelsea = await service.login('chelsea');
+
+      await asChelsea.get('/v1/projects/1/datasets/people/entities/12345678-1234-4123-8234-123456789abc')
+        .expect(403);
+    }));
+
+    it('should return all versions of the Entity', testEntities(async (service, container) => {
       const asAlice = await service.login('alice');
 
-      await asAlice.get('/v1/projects/1/datasets/People/entities/00000000-0000-0000-0000-000000000001/versions')
+      await container.db.any(sql`UPDATE entity_defs SET current = false;`);
+      await container.db.any(sql`
+        INSERT INTO entity_defs ("entityId", "createdAt", "current", "submissionDefId", "data", "creatorId", "userAgent", "label")
+        SELECT "entityId", clock_timestamp(), TRUE, NULL, "data", "creatorId", 'postman', "label" || ' updated' FROM entity_defs`);
+
+      await asAlice.get('/v1/projects/1/datasets/people/entities/12345678-1234-4123-8234-123456789abc/versions')
         .expect(200)
         .then(({ body: versions }) => {
           versions.forEach(v => {
