feat: 🎸 Client can create an order without userId in the body

Client can create an order without passing the userId in the body of the request, the serve collects the userId from the url and compares against the authenticated user(Current User) and the creates the order for that user. ✅ Closes: #43 refactor: 💡 remove debug console logs Remove console logs created for debug purposes Signed-off-by: austin047 <[email protected]>
loopbackio · Jun 19, 2019 · 4020dc2 · 4020dc2
1 parent a5bb9a3
commit 4020dc2
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 7 deletions.
diff --git a/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts b/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts
@@ -89,6 +89,32 @@ describe('UserOrderController acceptance tests', () => {
       expect(res.body).to.deepEqual(order);
     });
 
+    it('creates an order for a user without a userId in the body', async () => {
+      const newUser = await userRepo.create(user);
+      const userId = newUser.id.toString();
+
+      const token = await jwtAuthService.getAccessTokenForUser({
+        email: newUser.email,
+        password: plainPassword,
+      });
+
+      const order = givenAOrder();
+
+      const res = await client
+        .post(`/users/${userId}/orders`)
+        .send(order)
+        .set('Authorization', 'Bearer ' + token)
+        .expect(200);
+      expect(res.body.orderId).to.be.a.String();
+      expect(res.body.userId).to.equal(userId);
+
+      delete res.body.orderId;
+      delete res.body.userId;
+      delete order.userId;
+
+      expect(res.body).to.deepEqual(order);
+    });
+
     it('throws an error when a userId in path does not match body', async () => {
       const newUser = await userRepo.create(user);
       const userId = newUser.id.toString();

diff --git a/packages/shopping/src/controllers/user-order.controller.ts b/packages/shopping/src/controllers/user-order.controller.ts
@@ -43,19 +43,25 @@ export class UserOrderController {
     @inject('authentication.currentUser') currentUser: UserProfile,
     @requestBody() order: Order,
   ): Promise<Order> {
-    if (currentUser.id !== order.userId) {
+    if (order.userId) {
+      if (currentUser.id !== order.userId) {
+        throw new HttpErrors.BadRequest(
+          `User id does not match looged in user: ${order.userId} !== ${
+            currentUser.id
+          }`,
+        );
+      }
+      delete order.userId;
+      return await this.userRepo.orders(userId).create(order);
+    }
+
+    if (currentUser.id !== userId) {
       throw new HttpErrors.BadRequest(
         `User id does not match looged in user: ${userId} !== ${
           currentUser.id
         }`,
       );
     }
-
-    if (userId !== order.userId) {
-      throw new HttpErrors.BadRequest(
-        `User id does not match: ${userId} !== ${order.userId}`,
-      );
-    }
     delete order.userId;
     return await this.userRepo.orders(userId).create(order);
   }