Skip to content

Commit

Permalink
Merge branch 'dev' into fix-api-route-accessible
Browse files Browse the repository at this point in the history
  • Loading branch information
Suboyyy authored Oct 7, 2024
2 parents 3eaf681 + c59d028 commit 5f31096
Show file tree
Hide file tree
Showing 12 changed files with 90 additions and 13 deletions.
3 changes: 2 additions & 1 deletion seed.sql
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ INSERT INTO `items` (`id`, `name`, `category`, `attribute`, `price`, `reducedPri
INSERT INTO `settings` (`id`, `value`) VALUES
('login', 0),
('shop', 0),
('trombi', 0);
('trombi', 0),
('tickets', 0);

INSERT INTO `tournaments` (`id`, `name`, `maxPlayers`, `playersPerTeam`, `coachesPerTeam`, `cashprize`, `position`) VALUES
('lol', 'League of Legends', 160, 5, 2, 0, 1),
Expand Down
3 changes: 2 additions & 1 deletion seed.test.sql
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ INSERT INTO `items` (`id`, `name`, `category`, `attribute`, `price`, `reducedPri
INSERT INTO `settings` (`id`, `value`) VALUES
('login', 0),
('shop', 0),
('trombi', 0);
('trombi', 0),
('tickets', 0);

INSERT INTO `commission` (`id`, `name`, `nameOnBadge`, `position`, `color`, `masterCommissionId`) VALUES
('animation', 'Animation', 'Anim', 1, '#123456', NULL),
Expand Down
4 changes: 0 additions & 4 deletions src/controllers/admin/badges/generateBadges.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,6 @@ const getCommisionPermission = (commissionRole: string, commissionId: string) =>
if (commissionRole === 'respo') return 'fullaccess';
}

case 'ssl': {
if (commissionRole === 'respo') return 'fullaccess';
}

default: {
return 'orgaprice';
}
Expand Down
6 changes: 5 additions & 1 deletion src/controllers/admin/settings/updateSetting.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { hasPermission } from '../../../middlewares/authentication';
import { validateBody } from '../../../middlewares/validation';
import { notFound, success } from '../../../utils/responses';
import { Error, Permission } from '../../../types';
import { setTrombiAllowed, setLoginAllowed, setShopAllowed } from '../../../operations/settings';
import { setTrombiAllowed, setLoginAllowed, setShopAllowed, setTicketsAllowed } from '../../../operations/settings';

export default [
// Middlewares
Expand Down Expand Up @@ -32,6 +32,10 @@ export default [
result = await setTrombiAllowed(request.body.value);
break;
}
case 'tickets': {
result = await setTicketsAllowed(request.body.value);
break;
}
default: {
return notFound(response, Error.NotFound);
}
Expand Down
6 changes: 6 additions & 0 deletions src/controllers/tickets/getTicket.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { Error, ItemCategory, TransactionState, UserType } from '../../types';
import { generateTicket } from '../../utils/ticket';
import { forbidden, notFound } from '../../utils/responses';
import { getRequestInfo } from '../../utils/users';
import { fetchSetting } from '../../operations/settings';

export default [
// Middlewares
Expand All @@ -16,6 +17,11 @@ export default [
// Controller
async (request: Request, response: Response, next: NextFunction) => {
try {
const ticketsAllowed = (await fetchSetting('tickets')).value;
if (!ticketsAllowed) {
return forbidden(response, Error.TicketsNotAllowed);
}

const { cartItemId } = request.params;
const { user } = getRequestInfo(response);
const team = user.teamId && (await fetchTeam(user.teamId));
Expand Down
3 changes: 2 additions & 1 deletion src/operations/settings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { Setting } from '../types';

export const fetchSettings = (): PrismaPromise<Setting[]> => database.setting.findMany();

export const fetchSetting = (id: 'login' | 'shop' | 'trombi'): PrismaPromise<Setting> =>
export const fetchSetting = (id: 'login' | 'shop' | 'trombi' | 'tickets'): PrismaPromise<Setting> =>
database.setting.findUnique({ where: { id } });

const setSettingAllowed = (id: string, allowed: boolean): PrismaPromise<Setting> =>
Expand All @@ -20,3 +20,4 @@ const setSettingAllowed = (id: string, allowed: boolean): PrismaPromise<Setting>
export const setLoginAllowed = (allowed: boolean): PrismaPromise<Setting> => setSettingAllowed('login', allowed);
export const setShopAllowed = (allowed: boolean): PrismaPromise<Setting> => setSettingAllowed('shop', allowed);
export const setTrombiAllowed = (allowed: boolean): PrismaPromise<Setting> => setSettingAllowed('trombi', allowed);
export const setTicketsAllowed = (allowed: boolean): PrismaPromise<Setting> => setSettingAllowed('tickets', allowed);
1 change: 1 addition & 0 deletions src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ export const enum Error {
UserAlreadyScanned = "L'utilisateur a déjà scanné son billet",
NotPaid = "Le billet n'a pas été payé",
LoginNotAllowed = 'Tu ne peux pas te connecter actuellement',
TicketsNotAllowed = 'Tu ne peux pas voir ton billet actuellement',
NotAdmin = "Tu n'es pas administrateur",
ShopNotAllowed = 'La billetterie est fermée',
TrombiNotAllowed = "Le trombinoscope n'est pas encore disponible",
Expand Down
15 changes: 14 additions & 1 deletion tests/admin/settings/updateSetting.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { sandbox } from '../../setup';
import * as settingsOperations from '../../../src/operations/settings';
import database from '../../../src/services/database';
import { Error, Permission, User, UserType } from '../../../src/types';
import { setLoginAllowed, setShopAllowed, setTrombiAllowed } from '../../../src/operations/settings';
import { setLoginAllowed, setShopAllowed, setTrombiAllowed, setTicketsAllowed } from '../../../src/operations/settings';
import { createFakeUser } from '../../utils';
import { generateToken } from '../../../src/utils/users';

Expand All @@ -19,6 +19,7 @@ describe('PATCH /admin/settings', () => {
await setLoginAllowed(true);
await setShopAllowed(true);
await setTrombiAllowed(true);
await setTicketsAllowed(true);
await database.orga.deleteMany();
await database.user.deleteMany();
});
Expand All @@ -27,6 +28,7 @@ describe('PATCH /admin/settings', () => {
await setLoginAllowed(true);
await setShopAllowed(false);
await setTrombiAllowed(false);
await setTicketsAllowed(false);
admin = await createFakeUser({ permissions: [Permission.admin] });
orga = await createFakeUser({ permissions: [Permission.orga] });
nonAdminUser = await createFakeUser({ type: UserType.player });
Expand Down Expand Up @@ -99,6 +101,12 @@ describe('PATCH /admin/settings', () => {
.set('Authorization', `Bearer ${adminToken}`)
.expect(200, { id: 'trombi', value: false });

await request(app)
.patch('/admin/settings/tickets')
.send({ value: false })
.set('Authorization', `Bearer ${adminToken}`)
.expect(200, { id: 'tickets', value: false });

const login = await settingsOperations.fetchSetting('login');

expect(login.id).to.be.equal('login');
Expand All @@ -113,5 +121,10 @@ describe('PATCH /admin/settings', () => {

expect(trombi.id).to.be.equal('trombi');
expect(trombi.value).to.be.equal(false);

const tickets = await settingsOperations.fetchSetting('tickets');

expect(tickets.id).to.be.equal('tickets');
expect(tickets.value).to.be.equal(false);
});
});
6 changes: 4 additions & 2 deletions tests/root/settings.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,18 @@ describe('GET /settings', () => {
await settingsOperations.setLoginAllowed(false);
await settingsOperations.setShopAllowed(false);
await settingsOperations.setTrombiAllowed(false);
await settingsOperations.setTicketsAllowed(false);

await request(app).get('/settings').expect(200, { shop: false, login: false, trombi: false });
await request(app).get('/settings').expect(200, { shop: false, login: false, trombi: false, tickets: false });
});

it('should return the updated value', async () => {
await settingsOperations.setLoginAllowed(true);
await settingsOperations.setShopAllowed(true);
await settingsOperations.setTrombiAllowed(true);
await settingsOperations.setTicketsAllowed(true);

await request(app).get('/settings').expect(200, { shop: true, login: true, trombi: true });
await request(app).get('/settings').expect(200, { shop: true, login: true, trombi: true, tickets: true });
});

it('should return an internal server error', async () => {
Expand Down
4 changes: 3 additions & 1 deletion tests/setup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import chai, { expect } from 'chai';
import chaiString from 'chai-string';
import sinon from 'sinon';
import database from '../src/services/database';
import { setLoginAllowed, setShopAllowed, setTrombiAllowed } from '../src/operations/settings';
import { setLoginAllowed, setShopAllowed, setTicketsAllowed, setTrombiAllowed } from '../src/operations/settings';
import { transporter } from '../src/services/email';
import { disableFakeDiscordApi, enableFakeDiscordApi } from './discord';
import { disableFakeUploadApi, enableFakeUploadApi } from './upload';
Expand All @@ -33,6 +33,7 @@ before(async () => {
await setLoginAllowed(true);
await setShopAllowed(true);
await setTrombiAllowed(true);
await setTicketsAllowed(true);

enableFakeDiscordApi();
enableFakeUploadApi();
Expand All @@ -55,6 +56,7 @@ after(async () => {
// Reset the database at it was
await setLoginAllowed(false);
await setShopAllowed(false);
await setTicketsAllowed(false);

// Check that there is all tests where cleaning all their data. It is to prevent data concurrency
// We check only tables that have dynamic data. (not seeded staticly)
Expand Down
14 changes: 13 additions & 1 deletion tests/tickets/getTicket.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ import { generateToken } from '../../src/utils/users';
import { createCart, fetchCarts, updateCart } from '../../src/operations/carts';
import { fetchAllItems } from '../../src/operations/item';
import { fetchUser } from '../../src/operations/user';
import { setTicketsAllowed } from '../../src/operations/settings';

describe('POST /users/:userId/carts', () => {
describe('GET /tickets', () => {
let user: User;
let token: string;
let team: Team;
Expand Down Expand Up @@ -58,6 +59,17 @@ describe('POST /users/:userId/carts', () => {
await database.user.deleteMany();
});

it('should fail because tickets are not allowed', async () => {
await setTicketsAllowed(false);

await request(app)
.get(`/tickets/${ticket.id}`)
.set('Authorization', `Bearer ${token}`)
.expect(403, { error: Error.TicketsNotAllowed });

await setTicketsAllowed(true);
});

it("should fail because cart item doesn't belong to the user", async () => {
const otherUser = await createFakeUser({ type: UserType.player });
const otherToken = generateToken(otherUser);
Expand Down
38 changes: 38 additions & 0 deletions tests/users/createCart.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,24 @@ describe('POST /users/current/carts', () => {
.expect(404, { error: Error.ItemNotFound });
});

it('should fail as the user is not a player or a coach or a spectator', async () => {
const attendantUser = await createFakeUser({ type: UserType.attendant });

await request(app)
.post(`/users/current/carts`)
.set('Authorization', `Bearer ${token}`)
.send({
tickets: { userIds: [attendantUser.id] },
supplements: [],
})
.expect(403, { error: Error.NotPlayerOrCoachOrSpectator });

// Delete the user to not make the results wrong for the success test
await database.cartItem.deleteMany({ where: { forUserId: attendantUser.id } });
await database.cart.deleteMany({ where: { userId: attendantUser.id } });
await database.user.delete({ where: { id: attendantUser.id } });
});

it('should fail as the user is already paid', async () => {
const paidUser = await createFakeUser({ paid: true, type: UserType.player });

Expand All @@ -327,6 +345,26 @@ describe('POST /users/current/carts', () => {
await database.user.delete({ where: { id: paidUser.id } });
});

it('should fail as the user is not in the same team', async () => {
const otherTeam = await createFakeTeam({ members: 1, tournament: 'ssbu', name: 'reallydontcare' });
const userInOtherTeam = getCaptain(otherTeam);

await request(app)
.post(`/users/current/carts`)
.set('Authorization', `Bearer ${token}`)
.send({
tickets: { userIds: [userInOtherTeam.id] },
supplements: [],
})
.expect(403, { error: Error.NotInSameTeam });

// Delete the user to not make the results wrong for the success test
await database.cartItem.deleteMany({ where: { forUserId: userInOtherTeam.id } });
await database.cart.deleteMany({ where: { userId: userInOtherTeam.id } });
await database.team.delete({ where: { captainId: userInOtherTeam.id } });
await database.user.delete({ where: { id: userInOtherTeam.id } });
});

it('should fail with an internal server error (inner try/catch)', () => {
sandbox.stub(cartOperations, 'createCart').throws('Unexpected error');

Expand Down

0 comments on commit 5f31096

Please sign in to comment.