diff --git a/bin/testdata.json b/bin/testdata.json index 80914f2..e83f171 100644 --- a/bin/testdata.json +++ b/bin/testdata.json @@ -98,11 +98,18 @@ ], "users": [ { - "usersName" : "test", - "userEmail" : "test@test.com", + "usersName" : "Owner user", + "userEmail" : "owner@test.com", "userPassword" : "$2a$10$7jQx/hQOWrRni531b/dHRuH8o1ZP8Yo8g..GpTOF4M7RrEH/pzTMy", "isAdmin" : true, "isOwner": true + }, + { + "usersName" : "Non Owner", + "userEmail" : "nonowner@test.com", + "userPassword" : "$2a$10$7jQx/hQOWrRni531b/dHRuH8o1ZP8Yo8g..GpTOF4M7RrEH/pzTMy", + "isAdmin" : false, + "isOwner": false } ], "orders": [ diff --git a/lib/schemas/editUser.json b/lib/schemas/editUser.json index 118e754..0f4bfdf 100644 --- a/lib/schemas/editUser.json +++ b/lib/schemas/editUser.json @@ -15,10 +15,5 @@ "isAdmin": { "type": "boolean" } - }, - "required": [ - "usersName", - "userEmail", - "isAdmin" - ] + } } \ No newline at end of file diff --git a/routes/user.js b/routes/user.js index a8cdfe8..5ce6675 100644 --- a/routes/user.js +++ b/routes/user.js @@ -208,7 +208,12 @@ router.post('/admin/user/update', restrict, async (req, res) => { // create the update doc const updateDoc = {}; updateDoc.isAdmin = isAdmin; - updateDoc.usersName = req.body.usersName; + if(req.body.usersName){ + updateDoc.usersName = req.body.usersName; + } + if(req.body.userEmail){ + updateDoc.userEmail = req.body.userEmail; + } if(req.body.userPassword){ updateDoc.userPassword = bcrypt.hashSync(req.body.userPassword); } @@ -227,14 +232,17 @@ router.post('/admin/user/update', restrict, async (req, res) => { } try{ - await db.users.updateOne( + const updatedUser = await db.users.findOneAndUpdate( { _id: common.getId(req.body.userId) }, { $set: updateDoc - }, { multi: false } + }, { multi: false, returnOriginal: false } ); if(req.apiAuthenticated){ - res.status(200).json({ message: 'User account updated' }); + const returnUser = updatedUser.value; + delete returnUser.userPassword; + delete returnUser.apiKey; + res.status(200).json({ message: 'User account updated', user: updatedUser.value }); return; } // show the view @@ -242,11 +250,11 @@ router.post('/admin/user/update', restrict, async (req, res) => { req.session.messageType = 'success'; res.redirect('/admin/user/edit/' + req.body.userId); }catch(ex){ + console.error(colors.red('Failed updating user: ' + ex)); if(req.apiAuthenticated){ res.status(400).json({ message: 'Failed to update user' }); return; } - console.error(colors.red('Failed updating user: ' + ex)); req.session.message = 'Failed to update user'; req.session.messageType = 'danger'; res.redirect('/admin/user/edit/' + req.body.userId); diff --git a/test/specs/users.js b/test/specs/users.js index b362f35..ef72468 100644 --- a/test/specs/users.js +++ b/test/specs/users.js @@ -90,3 +90,22 @@ test('[Fail] Create new user with invalid email', async t => { .expect(400); t.deepEqual(res.body[0].message, 'should match format "emailAddress"'); }); + +test('[Success] Update user', async t => { + const user = { + userId: g.users[1]._id, + usersName: 'Jim Smith', + userEmail: 'jim.smith@gmail.com', + userPassword: 'test', + isAdmin: false + }; + const res = await g.request + .post('/admin/user/update') + .send(user) + .set('apiKey', g.users[0].apiKey) + .expect(200); + t.deepEqual(res.body.user._id, g.users[1]._id.toString()); + t.deepEqual(res.body.user.usersName, 'Jim Smith'); + t.deepEqual(res.body.user.userEmail, 'jim.smith@gmail.com'); + t.deepEqual(res.body.message, 'User account updated'); +});