From e03421abb4cc695a2a27e52e3a8783a7491c5f08 Mon Sep 17 00:00:00 2001
From: Kenji Okamoto <kenjio@users.noreply.github.com>
Date: Wed, 22 Nov 2017 14:08:33 -0800
Subject: [PATCH] Don't delete customers with packages

---
 server/controllers/customer.js            | 14 +++++++---
 server/tests/integration/customer.spec.js | 32 +++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/server/controllers/customer.js b/server/controllers/customer.js
index 4a195666..1796f70f 100644
--- a/server/controllers/customer.js
+++ b/server/controllers/customer.js
@@ -3,6 +3,7 @@ import {extend, intersection, includes} from 'lodash'
 import {ForbiddenError, NotFoundError} from '../lib/errors'
 import {ADMIN_ROLE, clientRoles, volunteerRoles, customerStatus} from '../../common/constants'
 import Customer from '../models/customer'
+import Package from '../models/package'
 import mailer from '../lib/mail/mail-helpers'
 import User from '../models/user'
 import {updateFields} from '../lib/update-linked-fields'
@@ -70,10 +71,17 @@ export default {
   async delete(req, res) {
     const id = req.customer._id
 
-    await User.findByIdAndRemove(id)
-    await Customer.findByIdAndRemove(id)
+    // Check to see if the customer is associated with any packages
+    const packages = await Package.find({customer: id})
 
-    res.json(req.customer)
+    if (packages.length > 0) {
+      // Don't delete the customer since a package references its data
+      res.status(409).json({message: "This customer has packages and can't be deleted"})
+    } else {
+      await User.findByIdAndRemove(id)
+      await Customer.findByIdAndRemove(id)
+      res.json(req.customer)
+    }
   },
   /**
    * Customer middleware
diff --git a/server/tests/integration/customer.spec.js b/server/tests/integration/customer.spec.js
index d36f4086..b97c2b4c 100644
--- a/server/tests/integration/customer.spec.js
+++ b/server/tests/integration/customer.spec.js
@@ -8,6 +8,8 @@ import Customer from '../../models/customer'
 import {createUserSession, createTestUser} from '../helpers'
 import User from '../../models/user'
 import Questionnaire from '../../models/questionnaire'
+import Food, {FoodItem} from '../../models/food'
+import Package from '../../models/package'
 
 describe('Customer Api', function() {
   before(async function() {
@@ -197,6 +199,36 @@ describe('Customer Api', function() {
         .expect(200)
     })
 
+    it('Won\'t delete a customer that has packages', async function () {
+      const foodItems = [new FoodItem({ name: 'Apple', quantity: 100, startDate: '2017-06-25', frequency: 1 })]
+      const food = await Food.create({ category: 'test', items: foodItems })
+
+      const customer = await Customer.create({
+        _id: 1,
+        firstName: 'George',
+        lastName: 'Washington',
+        email: 'gw@example.com',
+      })
+
+      await Package.create({
+        customer: customer._id,
+        status: 'Packed',
+        packedBy: 0,
+        contents: food.items.map(item => item._id.toString())
+      })
+
+      const testAdmin = createTestUser('admin', ADMIN_ROLE)
+      const session = await createUserSession(testAdmin)
+      const request = supertest.agent(session.app)
+
+      // delete the customer associated with the package
+      return request.delete(`/api/admin/customers/${customer._id}`)
+        .expect(409)
+        .expect(function(res) {
+          expect(res.body).to.have.property('message', 'This customer has packages and can\'t be deleted')
+        })
+    })
+
     it('assigns customers', async function() {
       const newAdmin = createTestUser('admin', ADMIN_ROLE)
       const newCustomer = createTestUser('customer', clientRoles.CUSTOMER)