Nemcio/meanTorrent
1
0
Fork 0
mirror of https://github.com/taobataoma/meanTorrent.git synced 2026-01-22 07:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1149 from mleanos/bugfix/article-remove-button-show

Browse Source 
fix(articles): Article edit/delete validation
This commit is contained in:
Ilan Biala
2016-02-10 11:06:30 -05:00
parent 46a0a39a3b 69b8a05ea2
commit 7f99fd16d3
3 changed files with 166 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/articles/client/views/view-article.client.view.html
View File

@@ -2,7 +2,7 @@
<div class="page-header">
<h1 ng-bind="vm.article.title"></h1>
</div>
<div class="pull-right" ng-show="vm.authentication.user._id == vm.article.user._id">
<div class="pull-right" ng-show="vm.article.isCurrentUserOwner">
<a class="btn btn-primary" ui-sref="articles.edit({ articleId: vm.article._id })">
<i class="glyphicon glyphicon-edit"></i>
</a>

9
modules/articles/server/controllers/articles.server.controller.js
View File

@@ -30,7 +30,14 @@ exports.create = function (req, res) {
* Show the current article
*/
exports.read = function (req, res) {
res.json(req.article);
// convert mongoose document to JSON
var article = req.article ? req.article.toJSON() : {};
// Add a custom field to the Article, for determining if the current User is the "owner".
// NOTE: This field is NOT persisted to the database, since it doesn't exist in the Article model.
article.isCurrentUserOwner = req.user && article.user && article.user._id.toString() === req.user._id.toString() ? true : false;
res.json(article);
};
/**

157
modules/articles/tests/server/article.server.routes.tests.js
View File

@@ -400,6 +400,163 @@ describe('Article CRUD tests', function () {
});
});
it('should be able to get a single article if signed in and verify the custom "isCurrentUserOwner" field is set to "true"', function (done) {
// Create new article model instance
article.user = user;
var articleObj = new Article(article);
// Save the article
articleObj.save(function () {
agent.post('/api/auth/signin')
.send(credentials)
.expect(200)
.end(function (signinErr, signinRes) {
// Handle signin error
if (signinErr) {
return done(signinErr);
}
// Get the userId
var userId = user.id;
// Save a new article
agent.post('/api/articles')
.send(article)
.expect(200)
.end(function (articleSaveErr, articleSaveRes) {
// Handle article save error
if (articleSaveErr) {
return done(articleSaveErr);
}
// Get the article
agent.get('/api/articles/' + articleSaveRes.body._id)
.expect(200)
.end(function (articleInfoErr, articleInfoRes) {
// Handle article error
if (articleInfoErr) {
return done(articleInfoErr);
}
// Set assertions
(articleInfoRes.body._id).should.equal(articleSaveRes.body._id);
(articleInfoRes.body.title).should.equal(article.title);
// Assert that the "isCurrentUserOwner" field is set to true since the current User created it
(articleInfoRes.body.isCurrentUserOwner).should.equal(true);
// Call the assertion callback
done();
});
});
});
});
});
it('should be able to get a single article if not signed in and verify the custom "isCurrentUserOwner" field is set to "false"', function (done) {
// Create new article model instance
var articleObj = new Article(article);
// Save the article
articleObj.save(function () {
request(app).get('/api/articles/' + articleObj._id)
.end(function (req, res) {
// Set assertion
res.body.should.be.instanceof(Object).and.have.property('title', article.title);
// Assert the custom field "isCurrentUserOwner" is set to false for the un-authenticated User
res.body.should.be.instanceof(Object).and.have.property('isCurrentUserOwner', false);
// Call the assertion callback
done();
});
});
});
it('should be able to get single article, that a different user created, if logged in & verify the "isCurrentUserOwner" field is set to "false"', function (done) {
// Create temporary user creds
var _creds = {
username: 'temp',
password: 'M3@n.jsI$Aw3$0m3'
};
// Create temporary user
var _user = new User({
firstName: 'Full',
lastName: 'Name',
displayName: 'Full Name',
email: 'temp@test.com',
username: _creds.username,
password: _creds.password,
provider: 'local'
});
_user.save(function (err, _user) {
// Handle save error
if (err) {
return done(err);
}
// Sign in with the user that will create the Article
agent.post('/api/auth/signin')
.send(credentials)
.expect(200)
.end(function (signinErr, signinRes) {
// Handle signin error
if (signinErr) {
return done(signinErr);
}
// Get the userId
var userId = user._id;
// Save a new article
agent.post('/api/articles')
.send(article)
.expect(200)
.end(function (articleSaveErr, articleSaveRes) {
// Handle article save error
if (articleSaveErr) {
return done(articleSaveErr);
}
// Set assertions on new article
(articleSaveRes.body.title).should.equal(article.title);
should.exist(articleSaveRes.body.user);
should.equal(articleSaveRes.body.user._id, userId);
// now signin with the temporary user
agent.post('/api/auth/signin')
.send(_creds)
.expect(200)
.end(function (err, res) {
// Handle signin error
if (err) {
return done(err);
}
// Get the article
agent.get('/api/articles/' + articleSaveRes.body._id)
.expect(200)
.end(function (articleInfoErr, articleInfoRes) {
// Handle article error
if (articleInfoErr) {
return done(articleInfoErr);
}
// Set assertions
(articleInfoRes.body._id).should.equal(articleSaveRes.body._id);
(articleInfoRes.body.title).should.equal(article.title);
// Assert that the custom field "isCurrentUserOwner" is set to false since the current User didn't create it
(articleInfoRes.body.isCurrentUserOwner).should.equal(false);
// Call the assertion callback
done();
});
});
});
});
});
});
afterEach(function (done) {
User.remove().exec(function () {
Article.remove().exec(done);