Merge branch 'dev' into feat/add_more_checkin_forms

chingu-x · Jun 27, 2024 · 9378a28 · 9378a28
2 parents 68f60c3 + 77afad1
commit 9378a28
Show file tree

Hide file tree

Showing 5 changed files with 521 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,7 @@ Another example [here](https://co-pilot.dev/changelog)
 - Add voyages unit test, also had to update all files (seed, tests, services) to meet strict null rule due to prismaMock requirements ([#163](https://github.com/chingu-x/chingu-dashboard-be/pull/163))
 - Add e2e tests for users controller ([#165](https://github.com/chingu-x/chingu-dashboard-be/pull/165))
 - Add weekly sprint checkin forms for product owner and scrum master ([#167](https://github.com/chingu-x/chingu-dashboard-be/pull/167))
+- Add e2e test for features controller ([#168](https://github.com/chingu-x/chingu-dashboard-be/pull/168))
 
 ### Changed
 

diff --git a/src/features/dto/update-feature.dto.ts b/src/features/dto/update-feature.dto.ts
@@ -1,10 +1,12 @@
 import { PartialType } from "@nestjs/mapped-types";
 import { CreateFeatureDto } from "./create-feature.dto";
-import { IsNotEmpty, IsString } from "class-validator";
+import { IsNotEmpty, IsNumber, IsString } from "class-validator";
 import { ApiProperty } from "@nestjs/swagger";
 
 export class UpdateFeatureDto extends PartialType(CreateFeatureDto) {
     @ApiProperty({ example: 1 })
+    @IsNotEmpty()
+    @IsNumber()
     teamMemberId: number;
 
     @IsString()

diff --git a/src/features/features.controller.ts b/src/features/features.controller.ts
@@ -8,10 +8,9 @@ import {
     Delete,
     ParseIntPipe,
     Request,
-    HttpException,
     HttpStatus,
     NotFoundException,
-    UnauthorizedException,
+    ForbiddenException,
 } from "@nestjs/common";
 import { FeaturesService } from "./features.service";
 import { CreateFeatureDto } from "./dto/create-feature.dto";
@@ -26,6 +25,7 @@ import {
 import { Feature } from "./entities/feature.entity";
 import {
     BadRequestErrorResponse,
+    ForbiddenErrorResponse,
     NotFoundErrorResponse,
     UnauthorizedErrorResponse,
 } from "../global/responses/errors";
@@ -53,7 +53,7 @@ export class FeaturesController {
     })
     @ApiResponse({
         status: HttpStatus.UNAUTHORIZED,
-        description: "User is not authorized to perform this action.",
+        description: "Unauthorized when user is not logged in",
         type: UnauthorizedErrorResponse,
     })
     @ApiResponse({
@@ -91,6 +91,11 @@ export class FeaturesController {
         isArray: true,
         type: FeatureCategoriesResponse,
     })
+    @ApiResponse({
+        status: HttpStatus.UNAUTHORIZED,
+        description: "Unauthorized when user is not logged in",
+        type: UnauthorizedErrorResponse,
+    })
     @Get("/features/feature-categories")
     findFeatureCategory() {
         return this.featuresService.findFeatureCategories();
@@ -159,9 +164,14 @@ export class FeaturesController {
     })
     @ApiResponse({
         status: HttpStatus.UNAUTHORIZED,
-        description: "user is unauthorized to perform this action",
+        description: "unauthorized access - user is not logged in",
         type: UnauthorizedErrorResponse,
     })
+    @ApiResponse({
+        status: HttpStatus.FORBIDDEN,
+        description: "forbidden - user does not have the required permission",
+        type: ForbiddenErrorResponse,
+    })
     @ApiResponse({
         status: HttpStatus.BAD_REQUEST,
         description: "Invalid Req.body or featureId ",
@@ -194,9 +204,8 @@ export class FeaturesController {
             );
             return updatedFeature;
         } else {
-            throw new HttpException(
-                "user is unauthorized to perform this action",
-                HttpStatus.UNAUTHORIZED,
+            throw new ForbiddenException(
+                "Access denied: You do not have sufficient permissions to perform this action",
             );
         }
     }
@@ -229,7 +238,7 @@ export class FeaturesController {
     })
     @Patch("/features/:featureId/reorder")
     async updateFeatureOrderAndCategory(
-        @Request() req,
+        @Request() req: CustomRequest,
         @Param("featureId", ParseIntPipe) featureId: number,
         @Body() updateOrderAndCategoryDto: UpdateFeatureOrderAndCategoryDto,
     ) {
@@ -251,9 +260,14 @@ export class FeaturesController {
     })
     @ApiResponse({
         status: HttpStatus.UNAUTHORIZED,
-        description: "user is unauthorized to perform this action",
+        description: "unauthorized access - user is not logged in",
         type: UnauthorizedErrorResponse,
     })
+    @ApiResponse({
+        status: HttpStatus.FORBIDDEN,
+        description: "forbidden - user does not have the required permission",
+        type: ForbiddenErrorResponse,
+    })
     @ApiResponse({
         status: HttpStatus.OK,
         description: "Successfully deleted feature.",
@@ -278,7 +292,7 @@ export class FeaturesController {
                 await this.featuresService.deleteFeature(featureId);
             return deletedFeature;
         } else {
-            throw new UnauthorizedException(
+            throw new ForbiddenException(
                 `uuid ${req.user.userId} does not match addedBy teamMemberID ${feature.addedBy?.member.id}`,
             );
         }

diff --git a/src/features/features.service.ts b/src/features/features.service.ts
@@ -9,6 +9,7 @@ import { CreateFeatureDto } from "./dto/create-feature.dto";
 import { UpdateFeatureDto } from "./dto/update-feature.dto";
 import { UpdateFeatureOrderAndCategoryDto } from "./dto/update-feature-order-and-category.dto";
 import { GlobalService } from "../global/global.service";
+import { CustomRequest } from "../global/types/CustomRequest";
 
 @Injectable()
 export class FeaturesService {
@@ -18,7 +19,7 @@ export class FeaturesService {
     ) {}
 
     async createFeature(
-        req,
+        req: CustomRequest,
         teamId: number,
         createFeatureDto: CreateFeatureDto,
     ) {
@@ -81,6 +82,18 @@ export class FeaturesService {
 
     async findAllFeatures(teamId: number) {
         try {
+            //check for valid teamId
+            const team = await this.prisma.voyageTeam.findFirst({
+                where: {
+                    id: teamId,
+                },
+            });
+
+            if (!team) {
+                throw new NotFoundException(
+                    `TeamId (id: ${teamId}) does not exist.`,
+                );
+            }
             const allTeamFeatures = await this.prisma.projectFeature.findMany({
                 where: {
                     addedBy: {
@@ -116,12 +129,6 @@ export class FeaturesService {
                 orderBy: [{ category: { id: "asc" } }, { order: "asc" }],
             });
 
-            if (!allTeamFeatures) {
-                throw new NotFoundException(
-                    `TeamId (id: ${teamId}) does not exist.`,
-                );
-            }
-
             return allTeamFeatures;
         } catch (e) {
             throw e;
@@ -195,7 +202,7 @@ export class FeaturesService {
     }
 
     async updateFeatureOrderAndCategory(
-        req,
+        req: CustomRequest,
         featureId: number,
         updateOrderAndCategoryDto: UpdateFeatureOrderAndCategoryDto,
     ) {