From 88d2eee519ad2df96b30f0a1cc0937aad56bf3ea Mon Sep 17 00:00:00 2001 From: Tyler Renelle Date: Fri, 12 Apr 2013 15:53:44 -0400 Subject: [PATCH] start adding tests for user.put --- src/server/api.coffee | 21 ++++++++++++------ test/api.mocha.coffee | 51 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 7 deletions(-) diff --git a/src/server/api.coffee b/src/server/api.coffee index 3e655962d3..b7b8af798b 100644 --- a/src/server/api.coffee +++ b/src/server/api.coffee @@ -73,16 +73,23 @@ router.put '/user', auth, (req, res) -> user = req.user partialUser = req.body.user - protectedAttrs = ['id', 'apiToken', 'auth', 'dailyIds', 'habitIds', 'rewardIds', 'todoIds', 'update__'] - protectedAttrs.push 'tasks' # we'll be handling tasks separately + # REVISIT is this the best way of handling protected v acceptable attr mass-setting? Possible pitfalls: (1) we have to remember + # to update here when we add new schema attrs in the future, (2) developers can't assign random variables (which + # is currently beneficial for Kevin & Paul). Pros: protects accidental or malicious user data corruption - _.each partialUser, (val, key) -> - user.set(key, val) unless key in protectedAttrs + # TODO - this accounts for single-nested items (stats.hp, stats.exp) but will clobber any other depth. + # See http://stackoverflow.com/a/6394168/362790 for when we need to cross that road - tasks = updateTasks partialUser.tasks, req.user, req.getModel() + acceptableAttrs = ['flags', 'history', 'items', 'preferences', 'profile', 'stats'] + user.set 'lastCron', partialUser.lastCron if partialUser.lastCron? + _.each acceptableAttrs, (attr) -> + _.each partialUser[attr], (val, key) -> user.set("#{attr}.#{key}", val) - userObj = req.user.get() - res.json 201, req.userObj + updateTasks partialUser.tasks, req.user, req.getModel() if partialUser.tasks? + + userObj = user.get() + userObj.tasks = _.toArray(userObj.tasks) # FIXME figure out how we're going to consistently handle this. should always be array + res.json 201, userObj ### GET /user/task/:id diff --git a/test/api.mocha.coffee b/test/api.mocha.coffee index 0716d099e9..0a488d57df 100644 --- a/test/api.mocha.coffee +++ b/test/api.mocha.coffee @@ -339,4 +339,55 @@ describe 'API', -> expect(user.get("tasks.#{res.body[1].id}")).to.eql id: res.body[1].id, text: 'new task', notes: 'notes!' done() + it 'PUT /api/v1/user', (done) -> + userBefore = {} + query = model.query('users').withIdAndToken(currentUser.id, currentUser.apiToken) + query.fetch (err, user) -> userBefore = user.get() + + habitId = currentUser.habitIds[0] + dailyId = currentUser.dailyIds[0] + userUpdates = + stats: + hp: 30 + flags: + itemsEnabled: true + tasks: [{ + id: habitId + text: 'hello2' + notes: 'note2' + },{ + text: 'new task2' + notes: 'notes2' + },{ + id: dailyId + del: true + }] + + request.put("#{baseURL}/user") + .set('Accept', 'application/json') + .set('X-API-User', currentUser.id) + .set('X-API-Key', currentUser.apiToken) + .send(user: userUpdates) + .end (res) -> + expect(res.body.err).to.be undefined + expect(res.statusCode).to.be 201 + tasks = res.body.tasks + + expect(_.findWhere(tasks,{id:habitId})).to.eql {id: habitId,text: 'hello2',notes: 'note2'} + + foundNewTask = _.findWhere(tasks,{text:'new task2'}) + expect(foundNewTask.text).to.be 'new task2' + expect(foundNewTask.notes).to.be 'notes2' + + found = _.findWhere(res.body.tasks, {id:dailyId}) + expect(found).to.not.be.ok() + + query.fetch (err, user) -> + expect(user.get("tasks.#{habitId}")).to.eql {id: habitId, text: 'hello2',notes: 'note2'} + expect(user.get("tasks.#{dailyId}")).to.be undefined + tasks = res.body.tasks + expect(user.get("tasks.#{foundNewTask.id}")).to.eql id: foundNewTask.id, text: 'new task2', notes: 'notes2' + done() + +