feat(general): adding person to circle

AEGEE · Mar 2, 2020 · bc4aabe · bc4aabe
1 parent 91b92f3
commit bc4aabe
Show file tree

Hide file tree

Showing 3 changed files with 154 additions and 1 deletion.
diff --git a/lib/server.js b/lib/server.js
@@ -106,6 +106,7 @@ JoinRequestsRouter.put('/status', joinRequests.changeRequestStatus);
 CirclesRouter.use(middlewares.maybeAuthorize, middlewares.ensureAuthorized, fetch.fetchCircle);
 CirclesRouter.get('/', circles.getCircle);
 CirclesRouter.put('/parent', circles.setParentCircle);
+CirclesRouter.post('/members/:user_id', circles.createCircleMembership);
 CirclesRouter.put('/', circles.updateCircle);
 CirclesRouter.delete('/', circles.deleteCircle);
 

diff --git a/middlewares/circles.js b/middlewares/circles.js
@@ -1,4 +1,4 @@
-const { Circle } = require('../models');
+const { Circle, User, CircleMembership, BodyMembership } = require('../models');
 const errors = require('../lib/errors');
 const helpers = require('../lib/helpers');
 const { sequelize } = require('../lib/sequelize');
@@ -80,3 +80,37 @@ exports.setParentCircle = async (req, res) => {
         message: 'Circle parent is updated.'
     });
 };
+
+exports.createCircleMembership = async (req, res) => {
+    if (!helpers.isNumber(req.params.user_id)) {
+        return errors.makeBadRequestError(res, 'The user ID is not valid.');
+    }
+
+    const user = await User.findByPk(req.params.user_id);
+    if (!user) {
+        return errors.makeNotFoundError(res, 'The user is not found.');
+    }
+
+    // if a circle is bound, checking if a person is a member
+    if (req.currentCircle.body_id) {
+        const membership = await BodyMembership.findOne({
+            where: {
+                body_id: req.currentCircle.body_id,
+                user_id: req.params.user_id
+            }
+        });
+        if (!membership) {
+            return errors.makeForbiddenError(res, 'The user is not a member of the body circle is bound to.');
+        }
+    }
+
+    const circleMembership = await CircleMembership.create({
+        circle_id: req.currentCircle.id,
+        user_id: user.id
+    });
+
+    return res.json({
+        success: true,
+        data: circleMembership
+    });
+};
diff --git a/test/api/circle-memberships-creating.test.js b/test/api/circle-memberships-creating.test.js
@@ -0,0 +1,118 @@
+const { startServer, stopServer } = require('../../lib/server.js');
+const { request } = require('../scripts/helpers');
+const generator = require('../scripts/generator');
+
+describe('Circle memberships creating', () => {
+    beforeAll(async () => {
+        await startServer();
+    });
+
+    afterAll(async () => {
+        await stopServer();
+    });
+
+    afterEach(async () => {
+        await generator.clearAll();
+    });
+
+    test('should return 400 if the user_id is invalid', async () => {
+        const currentUser = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, currentUser);
+
+        const circle = await generator.createCircle();
+
+        const res = await request({
+            uri: '/circles/' + circle.id + '/members/lalala',
+            method: 'POST',
+            headers: { 'X-Auth-Token': token.value },
+            body: circle
+        });
+
+        expect(res.statusCode).toEqual(400);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should return 404 if the user is not found', async () => {
+        const currentUser = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, currentUser);
+
+        const circle = await generator.createCircle();
+
+        const res = await request({
+            uri: '/circles/' + circle.id + '/members/1337',
+            method: 'POST',
+            headers: { 'X-Auth-Token': token.value },
+            body: circle
+        });
+
+        expect(res.statusCode).toEqual(404);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should fail if the user is not a member of a body', async () => {
+        const currentUser = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, currentUser);
+
+        const body = await generator.createBody();
+        const circle = await generator.createCircle({ body_id: body.id });
+        const user = await generator.createUser();
+
+        const res = await request({
+            uri: '/circles/' + circle.id + '/members/' + user.id,
+            method: 'POST',
+            headers: { 'X-Auth-Token': token.value },
+            body: circle
+        });
+
+        expect(res.statusCode).toEqual(403);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should succeed if everything is okay for a bound circle', async () => {
+        const currentUser = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, currentUser);
+
+        const body = await generator.createBody();
+        const circle = await generator.createCircle({ body_id: body.id });
+        const user = await generator.createUser();
+        await generator.createBodyMembership(body, user);
+
+        const res = await request({
+            uri: '/circles/' + circle.id + '/members/' + user.id,
+            method: 'POST',
+            headers: { 'X-Auth-Token': token.value },
+            body: circle
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errors');
+        expect(res.body).toHaveProperty('data');
+    });
+
+    test('should succeed if everything is okay for a free circle', async () => {
+        const currentUser = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, currentUser);
+
+        const circle = await generator.createCircle();
+        const user = await generator.createUser();
+
+        const res = await request({
+            uri: '/circles/' + circle.id + '/members/' + user.id,
+            method: 'POST',
+            headers: { 'X-Auth-Token': token.value },
+            body: circle
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errors');
+        expect(res.body).toHaveProperty('data');
+    });
+});