update quest cancel routes

common/locales/en/api-v3.json

@@ -75,5 +75,7 @@
   "questLevelTooHigh": "You must be Level <%= level %> to begin this quest.",
   "questAlreadyUnderway": "Your party is already on a quest. Try again when the current quest has ended.",
   "questAlreadyAccepted": "You already accepted the quest invitation.",
-  "cantCancelActiveQuest": "You can not cancel an active quest, use the abort functionality."
+  "cantCancelActiveQuest": "You can not cancel an active quest, use the abort functionality.",
+  "onlyLeaderCancelQuest": "Only the group or quest leader can cancel the quest.",
+  "questInvitationDoesNotExist": "No quest invitation has been sent out yet."
 }

test/api/v3/integration/quests/POST-groups_groupid_quests_cancel.test.js

@@ -1,35 +1,37 @@
 import {
   createAndPopulateGroup,
   translate as t,
+  generateUser,
 } from '../../../../helpers/api-v3-integration.helper';
 import { v4 as generateUUID } from 'uuid';
 
-describe('POST /groups/:groupId/quests/leave', () => {
-  let questingGroup, member, leader;
-  const PET_QUEST = 'whale';
-  let userQuestUpdate = {
-    items: {
-      quests: {},
-    },
-    'party.quest.RSVPNeeded': true,
-    'party.quest.key': PET_QUEST,
-  };
+describe('POST /groups/:groupId/quests/cancel', () => {
+  let questingGroup;
+  let partyMembers;
+  let user;
+  let leader;
 
-  before(async () => {
+  const PET_QUEST = 'whale';
+
+  beforeEach(async () => {
     let { group, groupLeader, members } = await createAndPopulateGroup({
       groupDetails: { type: 'party', privacy: 'private' },
-      members: 1,
+      members: 2,
     });
 
-    leader = groupLeader;
     questingGroup = group;
-    member = members[0];
+    leader = groupLeader;
+    partyMembers = members;
 
-    userQuestUpdate.items.quests[PET_QUEST] = 1;
+    await leader.update({
+      [`items.quests.${PET_QUEST}`]: 1,
+    });
+    user = await generateUser();
   });
 
+  context('failure conditions', () => {
     it('returns an error when group is not found', async () => {
-    await expect(leader.post(`/groups/${generateUUID()}/quests/cancel`))
+      await expect(partyMembers[0].post(`/groups/${generateUUID()}/quests/cancel`))
         .to.eventually.be.rejected.and.eql({
           code: 404,
           error: 'NotFound',
@@ -37,25 +39,54 @@ describe('POST /groups/:groupId/quests/leave', () => {
         });
     });
 
-  it('cancels a quest', async () => {
-    await member.update(userQuestUpdate);
-    await questingGroup.update({'quest.key': PET_QUEST});
-
-    let questMembers = {};
-    questMembers[member._id] = true;
-    await questingGroup.update({'quest.members': questMembers});
-
-    await leader.post(`/groups/${questingGroup._id}/quests/cancel`);
-    let userThatCanceled = await member.get('/user');
-    let updatedGroup = await member.get(`/groups/${questingGroup._id}`);
-
-    expect(userThatCanceled.party.quest.key).to.be.null;
-    expect(userThatCanceled.party.quest.RSVPNeeded).to.be.false;
-    expect(updatedGroup.quest.members).to.be.empty;
+    it('does not reject quest for a group in which user is not a member', async () => {
+      await expect(user.post(`/groups/${questingGroup._id}/quests/cancel`))
+      .to.eventually.be.rejected.and.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('groupNotFound'),
+      });
     });
 
-  it('returns an error when quest is active', async () => {
-    await questingGroup.update({'quest.active': true});
+    it('returns an error when group is a guild', async () => {
+      let { group: guild, groupLeader: guildLeader } = await createAndPopulateGroup({
+        groupDetails: { type: 'guild', privacy: 'private' },
+      });
+
+      await expect(guildLeader.post(`/groups/${guild._id}/quests/cancel`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('guildQuestsNotSupported'),
+      });
+    });
+
+    it('returns an error when group is not on a quest', async () => {
+      await expect(partyMembers[0].post(`/groups/${questingGroup._id}/quests/cancel`))
+        .to.eventually.be.rejected.and.eql({
+          code: 404,
+          error: 'NotFound',
+          message: t('questInvitationDoesNotExist'),
+        });
+    });
+
+    it('only the leader can cancel the quest', async () => {
+      await leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);
+
+      await expect(partyMembers[0].post(`/groups/${questingGroup._id}/quests/cancel`))
+      .to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyLeaderCancelQuest'),
+      });
+    });
+
+    it('does not cancel a quest already underway', async () => {
+      await leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);
+      await partyMembers[0].post(`/groups/${questingGroup._id}/quests/accept`);
+      // quest will start after everyone has accepted
+      await partyMembers[1].post(`/groups/${questingGroup._id}/quests/accept`);
+
       await expect(leader.post(`/groups/${questingGroup._id}/quests/cancel`))
       .to.eventually.be.rejected.and.eql({
         code: 401,
@@ -64,3 +95,43 @@ describe('POST /groups/:groupId/quests/leave', () => {
       });
     });
   });
+
+  it('cancels a quest', async () => {
+    await leader.post(`/groups/${questingGroup._id}/quests/invite/${PET_QUEST}`);
+    await partyMembers[0].post(`/groups/${questingGroup._id}/quests/accept`);
+
+    await leader.post(`/groups/${questingGroup._id}/quests/cancel`);
+
+    await Promise.all([
+      leader.sync(),
+      partyMembers[0].sync(),
+      partyMembers[1].sync(),
+      questingGroup.sync(),
+    ]);
+
+    let clean = {
+      key: null,
+      progress: {
+        up: 0,
+        down: 0,
+        collect: {},
+      },
+      completed: null,
+      RSVPNeeded: false,
+    };
+
+    expect(leader.party.quest).eql(clean);
+    expect(partyMembers[1].party.quest).eql(clean);
+    expect(partyMembers[0].party.quest).eql(clean);
+
+    expect(questingGroup.quest).to.eql({
+      key: null,
+      active: false,
+      leader: null,
+      progress: {
+        collect: {},
+      },
+      members: {},
+    });
+  });
+});

website/src/controllers/api-v3/quests.js

@@ -190,7 +190,7 @@ api.acceptQuest = {
  *
  * @apiParam {string} groupId The group _id (or 'party')
  *
- * @apiSuccess {Object} Group Object
+ * @apiSuccess {Object} quest Quest Object
  */
 api.cancelQuest = {
   method: 'POST',
@@ -210,20 +210,22 @@ api.cancelQuest = {
 
     let group = await Group.getGroup({user, groupId, fields: 'type quest'});
     if (!group) throw new NotFound(res.t('groupNotFound'));
-
+    if (group.type !== 'party') throw new NotAuthorized(res.t('guildQuestsNotSupported'));
+    if (!group.quest.key) throw new NotFound(res.t('questInvitationDoesNotExist'));
+    if (user._id !== group.leader && group.quest.leader !== user._id) throw new NotAuthorized(res.t('onlyLeaderCancelQuest'));
     if (group.quest.active) throw new NotAuthorized(res.t('cantCancelActiveQuest'));
 
-    group.quest = {key: null, progress: {}, leader: null, members: {}};
+    group.quest = Group.cleanGroupQuest();
     group.markModified('quest');
     await group.save();
 
     await User.update(
       {'party._id': groupId},
-      {$set: {'party.quest.RSVPNeeded': false, 'party.quest.key': null}},
+      {$set: {'party.quest': Group.cleanQuestProgress()}},
       {multi: true}
     );
 
-    res.respond(200, group);
+    res.respond(200, group.quest);
   },
 };
 

website/src/models/group.js

@@ -300,6 +300,7 @@ schema.methods.startQuest = async function startQuest (user) {
   });
 };
 
+// return a clean object for user.quest
 function _cleanQuestProgress (merge) {
   // TODO clone? (also in sendChat message)
   let clean = {
@@ -321,8 +322,22 @@ function _cleanQuestProgress (merge) {
   return clean;
 }
 
+// TODO move to User.cleanQuestProgress?
 schema.statics.cleanQuestProgress = _cleanQuestProgress;
 
+// returns a clean object for group.quest
+schema.statics.cleanGroupQuest = function cleanGroupQuest () {
+  return {
+    key: null,
+    active: false,
+    leader: null,
+    progress: {
+      collect: {},
+    },
+    members: {},
+  };
+};
+
 // Participants: Grant rewards & achievements, finish quest
 // Returns the promise from update().exec()
 schema.methods.finishQuest = function finishQuest (quest) {