Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add userProfile controller and PUT /userProfile/:id endpoint #1862

Merged
merged 4 commits into from
Oct 4, 2021
Merged

Add userProfile controller and PUT /userProfile/:id endpoint #1862

merged 4 commits into from
Oct 4, 2021

Conversation

pbn4
Copy link
Contributor

@pbn4 pbn4 commented Sep 22, 2021
edited
Loading

Pull Request Template

Issue

Addresses # (#1655)

  • This change addresses the issue in full
  • This change addresses only certain aspects of the issue
  • This change is a dependency for another issue
  • This change has a dependency from another issue

Description

  • Added new userProfile resource and endpoint PUT /userProfile/:id suited specifically for users updating their own profiles
  • Endpoint PUT /user/:id is admin only now, because it allows edits over entire user table

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Prototype/POC (not to merge)
  • This change is a refactor/address technical debt
  • This change requires a documentation update
  • This change requires a SQL Script

How Can This Be Tested/Reviewed?

Please describe the tests that you ran to verify your changes. Provide instructions so we can review. Please also list any relevant details for your test configuration

  • Desktop View
  • Mobile View
  • Test A
  • Test B

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have reviewed the changes in a desktop view
  • I have reviewed the changes in a mobile view
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have assigned reviewers
  • I have updated the changelog to include a description of my changes
  • I have run yarn generate:client if I made backend changes

@netlify
Copy link

netlify bot commented Sep 22, 2021
edited
Loading

✔️ Deploy Preview for dev-partners-bloom ready!

🔨 Explore the source changes: dfefc7e

🔍 Inspect the deploy log: https://app.netlify.com/sites/dev-partners-bloom/deploys/615b7ecd52f28f000784ab35

😎 Browse the preview: https://deploy-preview-1862--dev-partners-bloom.netlify.app

@netlify
Copy link

netlify bot commented Sep 22, 2021
edited
Loading

✔️ Deploy Preview for dev-bloom ready!

🔨 Explore the source changes: dfefc7e

🔍 Inspect the deploy log: https://app.netlify.com/sites/dev-bloom/deploys/615b7ecd474f2000088dd9e4

😎 Browse the preview: https://deploy-preview-1862--dev-bloom.netlify.app

@pbn4 pbn4 force-pushed the 1655/separate_user_edit_endpoints branch from df5a3ca to f7cbeee Compare September 22, 2021 12:42
@netlify
Copy link

netlify bot commented Sep 22, 2021
edited
Loading

✔️ Deploy Preview for dev-storybook-bloom ready!

🔨 Explore the source changes: dfefc7e

🔍 Inspect the deploy log: https://app.netlify.com/sites/dev-storybook-bloom/deploys/615b7ecd38eb360008ef9c1e

😎 Browse the preview: https://deploy-preview-1862--dev-storybook-bloom.netlify.app

seanmalbert
seanmalbert requested changes Sep 28, 2021
View reviewed changes
Copy link
Collaborator

@seanmalbert seanmalbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pbn4 ,
This looks great. Per my other comment can you please add a few more tests.

backend/core/test/user/user.e2e-spec.ts
Comment on lines +446 to +450
await supertest(app.getHttpServer())
.put(`/userProfile/${userCreateResponse.body.id}`)
.send(userProfileUpdateDto)
.expect(401)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should probably be a separate test for ensuring that an unauthorized person can't access this. Can you add another test that generates two users, A and B, and ensure that A cannot update B's profile. And another with an admin updating a user's profile that isn't their own.

@pbn4 pbn4 force-pushed the 1655/separate_user_edit_endpoints branch from 779d375 to f49561d Compare September 29, 2021 12:57
@pbn4 pbn4 requested a review from seanmalbert October 4, 2021 15:51
@seanmalbert seanmalbert merged commit 6c2afe6 into dev Oct 4, 2021
@plunkettgoogle plunkettgoogle mentioned this pull request Oct 27, 2021
Closed
15 tasks
seanmalbert added a commit to CityOfDetroit/bloom that referenced this pull request Jun 23, 2022
@pbn4 @lint-action @seanmalbert
Add userProfile controller and PUT /userProfile/:id endpoint (bloom-h…
9a1b51c 
…ousing#1862)

* Add userProfile controller and PUT /userProfile/:id endpoint

* Fix userProfile update security hole allowing user's to edit each others profiles

* Fix code style issues with Prettier

Co-authored-by: Lint Action <lint-action@samuelmeuli.com>
Co-authored-by: Sean Albert <smabert@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanmalbert seanmalbert seanmalbert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pbn4 @seanmalbert @lint-action