Add PUT method and tests

3 files changed, 81 insertions, 57 deletions

diff --git a/opendc/api/v2/users/userId/authorizations/endpoint.py b/opendc/api/v2/users/userId/authorizations/endpoint.py
index 161034e1..75bde5fb 100644
--- a/opendc/api/v2/users/userId/authorizations/endpoint.py
+++ b/opendc/api/v2/users/userId/authorizations/endpoint.py
@@ -10,7 +10,7 @@ def GET(request):
     # Make sure required parameters are there
 
     try:
-        request.check_required_parameters(path={'userId': 'int'})
+        request.check_required_parameters(path={'userId': 'string'})
 
     except exceptions.ParameterError as e:
         return Response(400, str(e))
diff --git a/opendc/api/v2/users/userId/endpoint.py b/opendc/api/v2/users/userId/endpoint.py
index b7519973..bfed3fe5 100644
--- a/opendc/api/v2/users/userId/endpoint.py
+++ b/opendc/api/v2/users/userId/endpoint.py
@@ -1,78 +1,61 @@
 from opendc.models.user import User
 from opendc.util import exceptions
+from opendc.util.database import DB
 from opendc.util.rest import Response
 
 
-def DELETE(request):
-    """Delete this user."""
-
-    # Make sure required parameters are there
+def GET(request):
+    """Get this User."""
 
     try:
-        request.check_required_parameters(path={'userId': 'int'})
-
+        request.check_required_parameters(path={'userId': 'string'})
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
+    user = DB.fetch_one({'_id': request.params_path['userId']}, 'users')
 
-    user = User.from_primary_key((request.params_path['userId'], ))
+    if user is None:
+        return Response(404, f'User with ID {request.params_path["userId"]} not found.')
 
-    if not user.exists():
-        return Response(404, '{} not found'.format(user))
+    return Response(200, f'Successfully retrieved {user}.', user)
 
-    # Make sure this User is allowed to delete this User
-
-    if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from deleting {}.'.format(user))
-
-    # Delete this User
-
-    user.delete()
-
-    # Return this User
-
-    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())
-
-
-def GET(request):
-    """Get this User."""
 
-    # Make sure required parameters are there
+def PUT(request):
+    """Update this User's given name and/or family name."""
 
     try:
-        request.check_required_parameters(path={'userId': 'int'})
-
+        request.check_required_parameters(body={'user': {
+            'givenName': 'string',
+            'familyName': 'string'
+        }},
+                                          path={'userId': 'string'})
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
+    user_id = request.params_path['userId']
+    user = DB.fetch_one({'_id': user_id}, 'users')
 
-    user = User.from_primary_key((request.params_path['userId'], ))
+    if user is None:
+        return Response(404, f'User with ID {user_id} not found.')
 
-    if not user.exists():
-        return Response(404, '{} not found.'.format(user))
+    if user['googleId'] != request.google_id:
+        return Response(403, f'Forbidden from editing {user}.')
 
-    # Return this User
+    user['givenName'] = request.params_body['user']['givenName']
+    user['familyName'] = request.params_body['user']['familyName']
 
-    return Response(
-        200,
-        'Successfully retrieved {}'.format(user),
-        user.to_JSON(),
-    )
+    DB.update(user_id, user, 'users')
 
+    return Response(200, f'Successfully updated {user}.', user)
 
-def PUT(request):
-    """Update this User's given name and/ or family name."""
 
-    # Make sure the required parameters are there
+def DELETE(request):
+    """Delete this user."""
+
+    # Make sure required parameters are there
 
     try:
-        request.check_required_parameters(body={'user': {
-            'givenName': 'string',
-            'familyName': 'string'
-        }},
-                                          path={'userId': 'int'})
+        request.check_required_parameters(path={'userId': 'string'})
 
     except exceptions.ParameterError as e:
         return Response(400, str(e))
@@ -82,20 +65,17 @@ def PUT(request):
     user = User.from_primary_key((request.params_path['userId'], ))
 
     if not user.exists():
-        return Response(404, '{} not found.'.format(user))
+        return Response(404, '{} not found'.format(user))
 
-    # Make sure this User is allowed to edit this User
+    # Make sure this User is allowed to delete this User
 
     if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from editing {}.'.format(user))
-
-    # Update this User
+        return Response(403, 'Forbidden from deleting {}.'.format(user))
 
-    user.given_name = request.params_body['user']['givenName']
-    user.family_name = request.params_body['user']['familyName']
+    # Delete this User
 
-    user.update()
+    user.delete()
 
     # Return this User
 
-    return Response(200, 'Successfully updated {}.'.format(user), user.to_JSON())
+    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())
diff --git a/opendc/api/v2/users/userId/test_endpoint.py b/opendc/api/v2/users/userId/test_endpoint.py
new file mode 100644
index 00000000..4ba6d9af
--- /dev/null
+++ b/opendc/api/v2/users/userId/test_endpoint.py
@@ -0,0 +1,44 @@
+from opendc.util.database import DB
+
+
+def test_get_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.get('/api/v2/users/1').status
+
+
+def test_get_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'email': 'test@test.com'})
+    res = client.get('/api/v2/users/1')
+    assert 'email' in res.json['content']
+    assert '200' in res.status
+
+
+def test_update_user_missing_parameter(client):
+    assert '400' in client.put('/api/v2/users/1').status
+
+
+def test_update_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}}).status
+
+
+def test_update_user_different_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.put('/api/v2/users/1',
+                               json={
+                                   'user': {
+                                       'givenName': 'A',
+                                       'familyName': 'B'
+                                   }
+                               },
+                               headers={
+                                   'google_id': 'other_token'
+                               }).status
+
+
+def test_update_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'googleId': 'test'})
+    mocker.patch.object(DB, 'update', return_value=None)
+    res = client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}})
+    assert 'givenName' in res.json['content']
+    assert '200' in res.status