From 498b1be6bc0836b68e90307a2d87fbfd53c705ab Mon Sep 17 00:00:00 2001 From: alexd-bes <129009580+alexd-bes@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:59:48 +1200 Subject: [PATCH] Remove task comments endpoints --- packages/central-server/src/apiV2/index.js | 3 - .../apiV2/taskComments/CreateTaskComment.js | 41 ----- .../src/apiV2/taskComments/GETTaskComments.js | 38 ----- .../assertTaskCommentPermissions.js | 38 ----- .../src/apiV2/taskComments/index.js | 7 - .../taskComments/CreateTaskComment.test.js | 159 ------------------ .../taskComments/GETTaskComments.test.js | 149 ---------------- 7 files changed, 435 deletions(-) delete mode 100644 packages/central-server/src/apiV2/taskComments/CreateTaskComment.js delete mode 100644 packages/central-server/src/apiV2/taskComments/GETTaskComments.js delete mode 100644 packages/central-server/src/apiV2/taskComments/assertTaskCommentPermissions.js delete mode 100644 packages/central-server/src/apiV2/taskComments/index.js delete mode 100644 packages/central-server/src/tests/apiV2/taskComments/CreateTaskComment.test.js delete mode 100644 packages/central-server/src/tests/apiV2/taskComments/GETTaskComments.test.js diff --git a/packages/central-server/src/apiV2/index.js b/packages/central-server/src/apiV2/index.js index 1535c0158a..bf2a97dc7f 100644 --- a/packages/central-server/src/apiV2/index.js +++ b/packages/central-server/src/apiV2/index.js @@ -145,7 +145,6 @@ import { } from './dashboardMailingListEntries'; import { EditEntityHierarchy, GETEntityHierarchy } from './entityHierarchy'; import { CreateTask, EditTask, GETTasks } from './tasks'; -import { CreateTaskComment, GETTaskComments } from './taskComments'; // quick and dirty permission wrapper for open endpoints const allowAnyone = routeHandler => (req, res, next) => { @@ -270,7 +269,6 @@ apiV2.get('/entityHierarchy/:recordId?', useRouteHandler(GETEntityHierarchy)); apiV2.get('/landingPages/:recordId?', useRouteHandler(GETLandingPages)); apiV2.get('/suggestSurveyCode', catchAsyncErrors(suggestSurveyCode)); apiV2.get('/tasks/:recordId?', useRouteHandler(GETTasks)); -apiV2.get('/tasks/:parentRecordId/taskComments', useRouteHandler(GETTaskComments)); /** * POST routes */ @@ -318,7 +316,6 @@ apiV2.post('/surveys', multipartJson(), useRouteHandler(CreateSurvey)); apiV2.post('/dhisInstances', useRouteHandler(BESAdminCreateHandler)); apiV2.post('/supersetInstances', useRouteHandler(BESAdminCreateHandler)); apiV2.post('/tasks', useRouteHandler(CreateTask)); -apiV2.post('/tasks/:parentRecordId/taskComments', useRouteHandler(CreateTaskComment)); /** * PUT routes */ diff --git a/packages/central-server/src/apiV2/taskComments/CreateTaskComment.js b/packages/central-server/src/apiV2/taskComments/CreateTaskComment.js deleted file mode 100644 index d131fec8ee..0000000000 --- a/packages/central-server/src/apiV2/taskComments/CreateTaskComment.js +++ /dev/null @@ -1,41 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ -import { RECORDS } from '@tupaia/database'; -import { CreateHandler } from '../CreateHandler'; -import { assertAnyPermissions, assertBESAdminAccess } from '../../permissions'; -import { assertUserHasTaskPermissions } from '../tasks/assertTaskPermissions'; - -/** - * Handles POST endpoints: - * - /tasks/:parentRecordId/taskComments - */ - -export class CreateTaskComment extends CreateHandler { - parentRecordType = RECORDS.TASK; - - async assertUserHasAccess() { - const createPermissionChecker = accessPolicy => - assertUserHasTaskPermissions(accessPolicy, this.models, this.parentRecordId); - - await this.assertPermissions( - assertAnyPermissions([assertBESAdminAccess, createPermissionChecker]), - ); - } - - async createRecord() { - const { id: userId } = this.req.user; - const user = await this.models.user.findById(userId); // Check if user exists - if (!user) { - throw new Error(`User with id ${userId} not found`); - } - - const { full_name: userFullName } = user; - this.newRecordData.user_id = userId; - this.newRecordData.user_name = userFullName; - this.newRecordData.task_id = this.parentRecordId; - - return this.insertRecord(); - } -} diff --git a/packages/central-server/src/apiV2/taskComments/GETTaskComments.js b/packages/central-server/src/apiV2/taskComments/GETTaskComments.js deleted file mode 100644 index e0e4838fd4..0000000000 --- a/packages/central-server/src/apiV2/taskComments/GETTaskComments.js +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ - -import { assertAnyPermissions, assertBESAdminAccess } from '../../permissions'; -import { GETHandler } from '../GETHandler'; -import { assertUserHasTaskPermissions } from '../tasks/assertTaskPermissions'; -import { createTaskCommentDBFilter } from './assertTaskCommentPermissions'; - -/** - * Handles endpoints: - * - /tasks/:taskId/comments - */ - -export class GETTaskComments extends GETHandler { - permissionsFilteredInternally = true; - - async getPermissionsFilter(criteria, options) { - return createTaskCommentDBFilter(this.accessPolicy, this.models, criteria, options); - } - - async getPermissionsViaParentFilter(criteria, options) { - const taskPermissionsChecker = accessPolicy => - assertUserHasTaskPermissions(accessPolicy, this.models, this.parentRecordId); - await this.assertPermissions( - assertAnyPermissions([assertBESAdminAccess, taskPermissionsChecker]), - ); - // Filter by parent - const dbConditions = { 'task_comment.task_id': this.parentRecordId, ...criteria }; - - // Apply regular permissions - return { - dbConditions, - dbOptions: options, - }; - } -} diff --git a/packages/central-server/src/apiV2/taskComments/assertTaskCommentPermissions.js b/packages/central-server/src/apiV2/taskComments/assertTaskCommentPermissions.js deleted file mode 100644 index 3136b4f049..0000000000 --- a/packages/central-server/src/apiV2/taskComments/assertTaskCommentPermissions.js +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ - -import { hasBESAdminAccess } from '../../permissions'; -import { createTaskDBFilter } from '../tasks/assertTaskPermissions'; - -export const createTaskCommentDBFilter = async (accessPolicy, models, criteria, options) => { - if (hasBESAdminAccess(accessPolicy)) { - return { dbConditions: criteria, dbOptions: options }; - } - const { dbConditions } = await createTaskDBFilter(accessPolicy, models, criteria, options); - - const taskIds = await models.task.find( - { - ...dbConditions, - id: criteria.task_id ?? undefined, - }, - { columns: ['task.id'] }, - ); - - if (!taskIds.length) { - // if the user doesn't have access to any tasks, return a condition that will return no results - return { dbConditions: { id: -1 }, dbOptions: options }; - } - - return { - dbConditions: { - ...criteria, - task_id: { - comparator: 'IN', - comparisonValue: taskIds.map(task => task.id), // this will include any task_id filters because the list of tasks was already filtered by the dbConditions - }, - }, - dbOptions: options, - }; -}; diff --git a/packages/central-server/src/apiV2/taskComments/index.js b/packages/central-server/src/apiV2/taskComments/index.js deleted file mode 100644 index e6c87c1220..0000000000 --- a/packages/central-server/src/apiV2/taskComments/index.js +++ /dev/null @@ -1,7 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ - -export { GETTaskComments } from './GETTaskComments'; -export { CreateTaskComment } from './CreateTaskComment'; diff --git a/packages/central-server/src/tests/apiV2/taskComments/CreateTaskComment.test.js b/packages/central-server/src/tests/apiV2/taskComments/CreateTaskComment.test.js deleted file mode 100644 index 3d8f83b49d..0000000000 --- a/packages/central-server/src/tests/apiV2/taskComments/CreateTaskComment.test.js +++ /dev/null @@ -1,159 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ - -import { expect } from 'chai'; -import { - buildAndInsertSurvey, - findOrCreateDummyCountryEntity, - findOrCreateDummyRecord, - generateId, -} from '@tupaia/database'; -import { TestableApp, resetTestData } from '../../testUtilities'; -import { BES_ADMIN_PERMISSION_GROUP } from '../../../permissions'; - -describe('Permissions checker for CreateTaskComment', async () => { - const BES_ADMIN_POLICY = { - DL: [BES_ADMIN_PERMISSION_GROUP], - }; - - const DEFAULT_POLICY = { - DL: ['Donor'], - }; - - const PUBLIC_POLICY = { - DL: ['Public'], - }; - - const app = new TestableApp(); - const { models } = app; - - const BASE_COMMENT = { - message: 'This is a test comment', - type: 'user', - }; - - const generateData = async () => { - const { country: dlCountry } = await findOrCreateDummyCountryEntity(models, { - code: 'DL', - name: 'Demo Land', - }); - - const donorPermission = await findOrCreateDummyRecord(models.permissionGroup, { - name: 'Donor', - }); - - const facility = { - id: generateId(), - code: 'TEST_FACILITY_2', - name: 'Test Facility 2', - country_code: dlCountry.code, - }; - - await findOrCreateDummyRecord(models.entity, facility); - - const { survey } = await buildAndInsertSurvey(models, { - code: 'TEST_SURVEY_1', - name: 'Test Survey 1', - permission_group_id: donorPermission.id, - country_ids: [dlCountry.id], - }); - - const user = { - id: generateId(), - first_name: 'Minnie', - last_name: 'Mouse', - }; - - await findOrCreateDummyRecord(models.user, user); - - const dueDate = new Date('2021-12-31'); - - const task = { - id: generateId(), - survey_id: survey.id, - entity_id: facility.id, - due_date: dueDate, - status: 'to_do', - repeat_schedule: null, - }; - - await findOrCreateDummyRecord( - models.task, - { - 'task.id': task.id, - }, - task, - ); - - return { - task, - user, - }; - }; - - let task; - - before(async () => { - const data = await generateData(); - task = data.task; - }); - - afterEach(() => { - app.revokeAccess(); - }); - - after(async () => { - await resetTestData(); - }); - - describe('POST /taskComments', async () => { - it('Sufficient permissions: allows a user to create a task comment if they have BES Admin permission', async () => { - await app.grantAccess(BES_ADMIN_POLICY); - const { body: result } = await app.post(`tasks/${task.id}/taskComments`, { - body: BASE_COMMENT, - }); - - expect(result.message).to.equal('Successfully created taskComments'); - const taskComment = await models.taskComment.findOne({ - task_id: task.id, - message: BASE_COMMENT.message, - }); - - expect(taskComment).to.not.be.undefined; - - expect(taskComment.type).to.equal(BASE_COMMENT.type); - expect(taskComment.user_name).to.equal('Test User'); - expect(taskComment.task_id).to.equal(task.id); - }); - - it('Sufficient permissions: allows a user to create a task comment if they have access to the task', async () => { - await app.grantAccess(DEFAULT_POLICY); - const { body: result } = await app.post(`tasks/${task.id}/taskComments`, { - body: BASE_COMMENT, - }); - - expect(result.message).to.equal('Successfully created taskComments'); - const taskComment = await models.taskComment.findOne({ - task_id: task.id, - message: BASE_COMMENT.message, - }); - - expect(taskComment).to.not.be.undefined; - - expect(taskComment.type).to.equal(BASE_COMMENT.type); - expect(taskComment.user_name).to.equal('Test User'); - expect(taskComment.task_id).to.equal(task.id); - }); - - it('Insufficient permissions: throws an error if the user does not have access to the task', async () => { - await app.grantAccess(PUBLIC_POLICY); - const { body: result } = await app.post(`tasks/${task.id}/taskComments`, { - body: BASE_COMMENT, - }); - - expect(result).to.have.keys('error'); - }); - }); -}); diff --git a/packages/central-server/src/tests/apiV2/taskComments/GETTaskComments.test.js b/packages/central-server/src/tests/apiV2/taskComments/GETTaskComments.test.js deleted file mode 100644 index 7b3be0dfc8..0000000000 --- a/packages/central-server/src/tests/apiV2/taskComments/GETTaskComments.test.js +++ /dev/null @@ -1,149 +0,0 @@ -/** - * Tupaia - * Copyright (c) 2017 - 2024 Beyond Essential Systems Pty Ltd - */ - -import { expect } from 'chai'; -import { - buildAndInsertSurvey, - findOrCreateDummyCountryEntity, - findOrCreateDummyRecord, - generateId, -} from '@tupaia/database'; -import { TestableApp, resetTestData } from '../../testUtilities'; -import { BES_ADMIN_PERMISSION_GROUP } from '../../../permissions'; - -describe('Permissions checker for GETTaskComments', async () => { - const BES_ADMIN_POLICY = { - TO: [BES_ADMIN_PERMISSION_GROUP], - }; - - const DEFAULT_POLICY = { - TO: ['Donor'], - }; - - const PUBLIC_POLICY = { - TO: ['Public'], - }; - - const app = new TestableApp(); - const { models } = app; - - const generateData = async () => { - const { country: tongaCountry } = await findOrCreateDummyCountryEntity(models, { - code: 'TO', - name: 'Tonga', - }); - - const donorPermission = await findOrCreateDummyRecord(models.permissionGroup, { - name: 'Donor', - }); - - const facility = { - id: generateId(), - code: 'TEST_FACILITY_1', - name: 'Test Facility 1', - country_code: tongaCountry.code, - }; - - await findOrCreateDummyRecord(models.entity, facility); - - const { survey } = await buildAndInsertSurvey(models, { - code: 'TEST_SURVEY_1', - name: 'Test Survey 1', - permission_group_id: donorPermission.id, - country_ids: [tongaCountry.id], - }); - - const user = { - id: generateId(), - first_name: 'Minnie', - last_name: 'Mouse', - }; - await findOrCreateDummyRecord(models.user, user); - - const dueDate = new Date('2021-12-31'); - - const task = { - id: generateId(), - survey_id: survey.id, - entity_id: facility.id, - due_date: dueDate, - status: 'to_do', - repeat_schedule: null, - }; - - const comment = { - id: generateId(), - task_id: task.id, - user_id: user.id, - user_name: 'Minnie Mouse', - type: 'user', - message: 'Comment 1', - created_at: new Date('2021-01-01'), - }; - - await findOrCreateDummyRecord( - models.task, - { - 'task.id': task.id, - }, - task, - ); - - await findOrCreateDummyRecord( - models.taskComment, - { - 'task_comment.id': comment.id, - }, - comment, - ); - return { - task, - user, - comment, - }; - }; - - let task; - let comment; - - before(async () => { - const { task: createdTask, comment: createdComment } = await generateData(); - task = createdTask; - comment = createdComment; - }); - - afterEach(() => { - app.revokeAccess(); - }); - - after(async () => { - await resetTestData(); - }); - - describe('GET /tasks/:parentRecordId/taskComments', async () => { - it('Sufficient permissions: returns comments if the user has BES admin access', async () => { - await app.grantAccess(BES_ADMIN_POLICY); - const { body: results } = await app.get(`tasks/${task.id}/taskComments`); - expect(results.length).to.equal(1); - - expect(results[0].id).to.equal(comment.id); - }); - - it('Sufficient permissions: returns comments for the task if user has access to it', async () => { - await app.grantAccess(DEFAULT_POLICY); - const { body: results } = await app.get(`tasks/${task.id}/taskComments`); - - expect(results.length).to.equal(1); - expect(results[0].id).to.equal(comment.id); - }); - - it('Insufficient permissions: throws an error if the user does not have access to the task', async () => { - await app.grantAccess(PUBLIC_POLICY); - const { body: results } = await app.get(`tasks/${task.id}/taskComments`); - - expect(results).to.have.keys('error'); - }); - }); -});