Skip to content

Commit

Permalink
Merge pull request #13 from GTBitsOfGood/alexchen/partner-details-query
Browse files Browse the repository at this point in the history 
add partner details query route handler and tests
  • Loading branch information
@kavinphan
kavinphan authored Feb 7, 2025
2 parents 11dd6b8 + c663aa1 commit 50e1431
Show file tree
Hide file tree
Showing 2 changed files with 212 additions and 44 deletions.
138 changes: 132 additions & 6 deletions src/app/api/partnerDetails/[userId]/route.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,132 @@
/* eslint-disable @typescript-eslint/no-explicit-any */
//Lint gets angry when "as any" is used, but it is necessary for mocking Prisma responses using the "select" parameter (for now).
import { testApiHandler } from "next-test-api-route-handler";
import { authMock } from "@/test/authMock";
import { dbMock } from "@/test/dbMock";
import { expect, test, describe } from "@jest/globals";
import { OrganizationType } from "@prisma/client";
import * as appHandler from "./route";

import { expect, test } from "@jest/globals";
import { dbMock } from "@/test/dbMock";
import { authMock } from "@/test/authMock";
import { OrganizationType, UserType } from "@prisma/client";

test("returns 401 on invalid session", async () => {
await testApiHandler({
appHandler,
paramsPatcher: (params) => ({ ...params, userId: "1234" }),
async test({ fetch }) {
// Mock invalid session
authMock.mockReturnValueOnce(null);

const res = await fetch({ method: "GET", body: null });
await expect(res.status).toBe(401);
await expect(res.json()).resolves.toStrictEqual({
message: "Session required",
});
},
});
});

test("returns 403 on unauthorized", async () => {
await testApiHandler({
appHandler,
paramsPatcher: (params) => ({ ...params, userId: "1234" }),
async test({ fetch }) {
// User id different from session user id
authMock.mockReturnValueOnce({
user: { id: "4321", type: UserType.PARTNER },
expires: "",
});

const res = await fetch({ method: "GET", body: null });
await expect(res.status).toBe(403);
await expect(res.json()).resolves.toStrictEqual({
message: "You are not allowed to view this",
});
},
});
});

test("returns 404 on not found", async () => {
await testApiHandler({
appHandler,
paramsPatcher: (params) => ({ ...params, userId: "1234" }),
async test({ fetch }) {
authMock.mockReturnValueOnce({
user: { id: "1234", type: UserType.PARTNER },
expires: "",
});

// Mock record not found
dbMock.partnerDetails.findUnique.mockResolvedValueOnce(null);

const res = await fetch({ method: "GET", body: null });
await expect(res.status).toBe(404);
await expect(res.json()).resolves.toStrictEqual({
message: "Partner details not found",
});
},
});
});

test("returns 200 and correct details on success when partner + id matches", async () => {
await testApiHandler({
appHandler,
paramsPatcher: (params) => ({ ...params, userId: "1234" }),
async test({ fetch }) {
authMock.mockReturnValueOnce({
user: { id: "1234", type: UserType.PARTNER },
expires: "",
});

const exampleDetails = {
numberOfPatients: 10,
organizationType: OrganizationType.NON_PROFIT,
};

// Mock return for partner details
dbMock.partnerDetails.findUnique.mockResolvedValueOnce(
exampleDetails as any
);

const res = await fetch({ method: "GET", body: null });
await expect(res.status).toBe(200);
await expect(res.json()).resolves.toStrictEqual({
numberOfPatients: 10,
organizationType: OrganizationType.NON_PROFIT,
});
},
});
});

test("returns 200 and correct details on success when staff matches", async () => {
await testApiHandler({
appHandler,
paramsPatcher: (params) => ({ ...params, userId: "1234" }),
async test({ fetch }) {
authMock.mockReturnValueOnce({
user: { id: "1111", type: UserType.STAFF },
expires: "",
});

const exampleDetails = {
numberOfPatients: 10,
organizationType: OrganizationType.NON_PROFIT,
};

// Mock return for partner details
dbMock.partnerDetails.findUnique.mockResolvedValueOnce(
exampleDetails as any
);

const res = await fetch({ method: "GET", body: null });
await expect(res.status).toBe(200);
await expect(res.json()).resolves.toStrictEqual({
numberOfPatients: 10,
organizationType: OrganizationType.NON_PROFIT,
});
},
});
});

describe("POST /api/partnerDetails/[userId]", () => {
// No Valid Session (401)
test("returns 401 when there is no valid session", async () => {
Expand Down Expand Up @@ -52,7 +174,9 @@ describe("POST /api/partnerDetails/[userId]", () => {

expect(res.status).toBe(403);
const json = await res.json();
expect(json).toEqual({ message: "You are not allowed to modify this record" });
expect(json).toEqual({
message: "You are not allowed to modify this record",
});
},
});
});
Expand Down Expand Up @@ -97,7 +221,9 @@ describe("POST /api/partnerDetails/[userId]", () => {
numberOfPatients: 8,
organizationType: "FOR_PROFIT" as OrganizationType,
};
dbMock.partnerDetails.findUnique.mockResolvedValueOnce(existingPartnerDetails);
dbMock.partnerDetails.findUnique.mockResolvedValueOnce(
existingPartnerDetails
);

const updatedPartnerDetails = {
...existingPartnerDetails,
Expand Down
118 changes: 80 additions & 38 deletions src/app/api/partnerDetails/[userId]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,67 @@
import { authenticationError, authorizationError, argumentError } from "@/util/responses";
import {
authenticationError,
notFoundError,
authorizationError,
argumentError,
} from "@/util/responses";
import { auth } from "@/auth";
import { db } from "@/db";
import { NextResponse, NextRequest } from "next/server";
import { OrganizationType, UserType } from "@prisma/client";

import { z } from "zod";
import { zfd } from "zod-form-data";
import { db } from "@/db";

interface PartnerDetails {
numberOfPatients: number;
organizationType: OrganizationType;
}

/**
* Retrieves the current user's partner details from the partnerDetails database.
* Parameters are passed via dynamic route segments.
* @params userId: ID of the user to fetch partner details for
* @returns 401 if the request is not authenticated
* @returns 403 if the user is not authorized to view the partner details
* @returns 404 if the partner details with the given ID were not found
* @returns 200
*/
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ userId: string }> }
): Promise<NextResponse> {
const { userId } = await params;
const session = await auth();
if (!session?.user) return authenticationError("Session required");
if (session.user.type === UserType.PARTNER && session.user.id !== userId) {
return authorizationError("You are not allowed to view this");
}

const partnerDetails: PartnerDetails | null =
await db.partnerDetails.findUnique({
where: { userId: parseInt(userId) },
select: { numberOfPatients: true, organizationType: true },
});
if (!partnerDetails) return notFoundError("Partner details not found");
return NextResponse.json(partnerDetails);
}

// Zod schema
const PartnerDetailsFormSchema = zfd.formData({
numberOfPatients: zfd.numeric(z.number().min(1, "Number of patients must be positive")),
numberOfPatients: zfd.numeric(
z.number().min(1, "Number of patients must be positive")
),
organizationType: zfd.text(z.enum(["NON_PROFIT", "FOR_PROFIT", "RELIGIOUS"])),
});

/**
* Updates a user's partner details.
* Parameters are passed as form data.
*
*
* @param numberOfPatients The number of patients associated with the partner
* @param organizationType The type of the organization (NON_PROFIT, FOR_PROFIT, RELIGIOUS)
* @param userId The ID of the user whose partner details are being updated
*
*
* @returns 401 if the request is not authenticated
* @returns 403 if a PARTNER user attempts to modify another user's details
* @returns 404 if no PartnerDetails record is found
Expand All @@ -28,43 +71,42 @@ export async function POST(
req: NextRequest,
{ params }: { params: Promise<{ userId: string }> }
) {
// authenticate the user session
const session = await auth();
if (!session?.user) {
return authenticationError("Session required");
}
const { user } = session;

// authenticate the user session
const session = await auth();
if (!session?.user) {
return authenticationError("Session required");
}
const { user } = session;

// await params and ensure params.userId exists
const { userId } = await params;
if (!userId) {
return argumentError("Missing user ID parameter");
}
// await params and ensure params.userId exists
const { userId } = await params;
if (!userId) {
return argumentError("Missing user ID parameter");
}

// partner users can only modify their own details
if (user.type === "PARTNER" && user.id !== userId) {
return authorizationError("You are not allowed to modify this record");
}
// partner users can only modify their own details
if (user.type === "PARTNER" && user.id !== userId) {
return authorizationError("You are not allowed to modify this record");
}

// parse FormData
const formData = await req.formData();
const parsedData = PartnerDetailsFormSchema.safeParse(formData);
if (!parsedData.success) {
return argumentError("Invalid form data");
}
// parse FormData
const formData = await req.formData();
const parsedData = PartnerDetailsFormSchema.safeParse(formData);
if (!parsedData.success) {
return argumentError("Invalid form data");
}

const { numberOfPatients, organizationType } = parsedData.data;
const { numberOfPatients, organizationType } = parsedData.data;

// update PartnerDetails record
const userIdNumber = Number(userId); //db schema accepts a number
const updatedPartnerDetails = await db.partnerDetails.update({
where: { userId: userIdNumber },
data: {
numberOfPatients,
organizationType,
},
});
// update PartnerDetails record
const userIdNumber = Number(userId); //db schema accepts a number
const updatedPartnerDetails = await db.partnerDetails.update({
where: { userId: userIdNumber },
data: {
numberOfPatients,
organizationType,
},
});

return NextResponse.json(updatedPartnerDetails);
return NextResponse.json(updatedPartnerDetails);
}

0 comments on commit 50e1431

Please sign in to comment.