#167750059 Build out the Trip-Request endpoints [CRUD]

[feobaby]

What does this PR do?
This PR holds the built out CRUD endpoints for [Travel-Requests]

Description of tasks
The following endpoints should be working;

• POST /api/v1/request/:departmentId [for users to create a request]
• DELETE /api/v1/request/:id [for users to delete a request, when it is still pending]
• GET /api/v1/request/:id [for users to get a request]
• GET /api/v1/request [for users to get all requests]
• POST /api/v1/trip/:requestId [for users to create a trip under a request]
• PUT /api/v1/trip/:requestId/:tripId [for users to update a trip only when it is pending]
• DELETE /api/v1/request/:id [for users to delete a request, when it is still pending]
• GET /api/v1/request/manager [for a manager to get all requests,made by any member of his department only]

after

• building out the controllers, middle-wares and services
• creating routes to access the endpoints
• writing tests for each of the endpoints

How should this be manually tested/checked?
let's get started

• Clone this PR using git fetch origin pull/24/head:ft-make-trip-request-167750058
• run npm install
• Drop your databases for the test & dev environment and run npm pre-dev and npm pre-test
• Start your server.
• Now go to postman and place in this route: localhost:3000/api/v1/users/signin
• send this POST request:

{
    "email" : "[email protected]",
    "password" : "kelechi"
}

• copy the token generated, have it handy

TO CREATE A REQUEST

• look up to get a proper idea of the api endpoints
• place in this route :
• localhost:3000/api/v1/request/36da1ce3-8e1f-4b0f-8e15-1189d8231ef2 on postman
  NOTE: 36da1ce3-8e1f-4b0f-8e15-1189d8231ef2 is a dept. ID which is already in our db when we seeded.
• send this POST request of the line manager mail:

{
	"lineManagerMail": "<whatever-mail>"
}

• copy the token generated from sign in and place it in your Bearer Token Authorization tab
• then hit send, a response should be generated.

TO CREATE A TRIP

• MAKE sure the token you used in signing in and creating a request is maintained
• open another tab on postman and place in this route- localhost:3000/api/v1/trip/<request-id>NOTE: the ID of the request you created.
• send this POST request

{
	"origin": "lagos",
	"destination": "nairobi",
	"departureDate": "2019-09-09 01:33:28.862+00",
	 "returnDate": "2019-09-09 01:33:28.862+00",
	"travelReasons": "To get away.",
	"typeOfTrip": "Return",
	"roomId": "5402e279-9447-4ac6-98c8-44cf10e27f4e",
	"accommodationId": "777f640e-a2ff-45ee-9ce1-bf37645c42d6"
}

Now, TO UPDATE THE TRIP YOU CREATED, when it is still pending

• Maintain your token please
• Open another tab on postman and place in this route - localhost:3000/api/v1/trip/<request-id>/<trip-id> both the ids we got when we created a request and a trip
• Now send this PUT request

{
	"origin": "lagos",
	"destination": "uganda",
	"departureDate": "2019-09-09 01:33:28.862+00",
	"travelReasons": "To get away.",
	"typeOfTrip": "One Way",
	"roomId": "5402e279-9447-4ac6-98c8-44cf10e27f4e",
	"accommodationId": "777f640e-a2ff-45ee-9ce1-bf37645c42d6"
}

NOW TO GET THE REQUEST YOU CREATED, since we have created a trip with the request ticket and even updated it.

• Maintain your token
• Open another tab on postman and place in this route - localhost:3000/api/v1/request<request-id> (the id of the request that was created)

NOW TO GET ALL THE REQUESTS YOU HAVE CREATED, which is actually just one yet.

• Maintain your token
• Open another tab on postman and place in this route - localhost:3000/api/v1/request

NOW, TO DELETE A REQUEST(TRIP) that is still pending

• Maintain your token please
• Open another tab on postman and place in this route- localhost:3000/api/v1/<request-id> (the id of the request we created

NOW, FOR A MANAGER TO GET ALL REQUESTS

• open another tab on postman and place in this route: localhost:3000/api/v1/users/signin
• send this POST request to log in a manager

{
    "email" : "[email protected]",
    "password" : "funmi1234"
}

• Now, get the token generated and open another tab on postman, add the token to the Bearer Token field, and place in this route - localhost:3000/api/v1/request/manager
• send a GET request with the route above to get the information
  To query the status of any request state as a manager:
  for example:
  GET
  localhost:3000/api/v1/request/manager?status=pending

---

Let us do some security checks, shall we?
1.
for manager getting requests

• Adeleke Gbolahan is a manager and kelechi is not.
• send this POST request using the route localhost:3000/api/v1/users/signin

{
    "email" : "[email protected]",
    "password" : "kelechi"
}

• get the token and try to access this route: localhost:3000/api/v1/request/manager
• you should get a response denying your access.
• But anybody logged in that is a super admin will

---

Trying to delete a trip-request that is still pending

• sign in this user:

{
    "email" : "[email protected]",
    "password" : "funmi1234"
}

• get the token from the sign in and place it in the Bearer Token tab, also place this route on postman- localhost:3000/api/v1/delete and try to delete
• the response will deny you an access.

---

Other security checks you can do:

• a user trying to update a trip when the status is not pending
• a user trying to get a/all request(s) that she did not create
• a user trying to create a request with a department that does not exist.

---

Any background context you want to provide?

• Make sure to drop both dbs and run npm run pre-dev and npm run pre-test
• few changes were made to the models;
• typeOfTrip was added to the trip models
• the accommodationId and association that sat on the Requests table was moved and associated to the Trips (so the definition makes more sense)
• an email field was added to the Requests table for a requester to include the line manager's mail for notifications

What are the relevant pivotal tracker stories?
#167750058

[darasimiolaifa]

Waoh! @funmi5 I like your PR description style. Orderly and detailed. Almost like a conversation. Well done. But please, the total coverage test is dropping by 0.2%. Could you quickly look into that? I'm sure you'll fix it quick enough. Well done.

[feobaby]

Waoh! @funmi5 I like your PR description style. Orderly and detailed. Almost like a conversation. Well done. But please, the total coverage test is dropping by 0.2%. Could you quickly look into that? I'm sure you'll fix it quick enough. Well done.

Thank you so much for that comment, I really appreciate it, yes I will fix it.. I was so tired yesterday night..
I was hoping that as people are reviewing, I can keep fixing the tests along. The tests are not holding reviews back. :)

[darasimiolaifa]

Waoh! @funmi5 I like your PR description style. Orderly and detailed. Almost like a conversation. Well done. But please, the total coverage test is dropping by 0.2%. Could you quickly look into that? I'm sure you'll fix it quick enough. Well done.

Thank you so much for that comment, I really appreciate it, yes I will fix it.. I was so tired yesterday night..
I was hoping that as people are reviewing, I can keep fixing the tests along. The tests are not holding reviews back. :)

I think I helped locate where the issue is. Check lines 193, 194, 195 of the Authenticate.js file. I'm sure if you fix that, you'll be good to go. I'll check other reviews too. Well done.

[feobaby]

Waoh! @funmi5 I like your PR description style. Orderly and detailed. Almost like a conversation. Well done. But please, the total coverage test is dropping by 0.2%. Could you quickly look into that? I'm sure you'll fix it quick enough. Well done.

Thank you so much for that comment, I really appreciate it, yes I will fix it.. I was so tired yesterday night..
I was hoping that as people are reviewing, I can keep fixing the tests along. The tests are not holding reviews back. :)

I think I helped locate where the issue is. Check lines 193, 194, 195 of the Authenticate.js file. I'm sure if you fix that, you'll be good to go. I'll check other reviews too. Well done.

Oh.. Thanks for pointing it out. I'll do that as soon as I can.

[sa-ma]

@funmi5 Please remove the console.log() statements in this file

[feobaby]

Oh yea I will, I was trying to resolve a failing test for rooms.

[sa-ma]

@funmi5 you should also remove this commented code out

[feobaby]

OK.

[sa-ma]

@funmi5 the seeded user you gave doesn't have access to the create request route. Also the error code for unauthorized should be 403 not 404. 404 means the resource was not found.

[feobaby]

@funmi5 the seeded user you gave doesn't have access to the create request route. Also the error code for unauthorized should be 403 not 404. 404 means the resource was not found.

The seeded user is kelechi and has access to the create-request route

@funmi5 the seeded user you gave doesn't have access to the create request route. Also the error code for unauthorized should be 403 not 404. 404 means the resource was not found.

• the user to create-request is a seeded user(kelechi), pls, check again, following the parameters I gave.
• Also 404 is linked to access 401, so if an unauthorised user is trying to access a resource that isn't his - it will be not found.