diff --git a/test/api/v3/integration/tasks/groups/GET-approvals_group_id.test.js b/test/api/v3/integration/tasks/groups/GET-approvals_group_id.test.js new file mode 100644 index 0000000000..d8029bc68f --- /dev/null +++ b/test/api/v3/integration/tasks/groups/GET-approvals_group_id.test.js @@ -0,0 +1,55 @@ +import { + createAndPopulateGroup, + translate as t, +} from '../../../../../helpers/api-integration/v3'; +import { v4 as generateUUID } from 'uuid'; +import { find } from 'lodash'; + +describe('GET /approvals/group/:groupId', () => { + let user, guild, member, task, syncedTask; + + function findAssignedTask (memberTask) { + return memberTask.group.id === guild._id; + } + + beforeEach(async () => { + let {group, members, groupLeader} = await createAndPopulateGroup({ + groupDetails: { + name: 'Test Guild', + type: 'guild', + }, + members: 1, + }); + + guild = group; + user = groupLeader; + member = members[0]; + + task = await user.post(`/tasks/group/${guild._id}`, { + text: 'test todo', + type: 'todo', + requiresApproval: true, + }); + + await user.post(`/tasks/${task._id}/assign/${member._id}`); + + let memberTasks = await member.get('/tasks/user'); + syncedTask = find(memberTasks, findAssignedTask); + await member.post(`/tasks/${syncedTask._id}/score/up`); + }); + + it('errors when user is not the group leader', async () => { + await expect(member.get(`/approvals/group/${guild._id}`)) + .to.eventually.be.rejected.and.to.eql({ + code: 401, + error: 'NotAuthorized', + message: t('onlyGroupLeaderCanEditTasks'), + }); + }); + + it('gets a list of task that need approval', async () => { + let apporovals = await user.get(`/approvals/group/${guild._id}`); + + expect(apporovals[0]._id).to.equal(syncedTask._id); + }); +}); diff --git a/test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js b/test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js index a3a3e031f2..daf2a478ed 100644 --- a/test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js +++ b/test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js @@ -50,7 +50,6 @@ describe('POST /tasks/:id/approve/:userId', () => { }); }); - it('approves an assigned user', async () => { await user.post(`/tasks/${task._id}/assign/${member._id}`); await user.post(`/tasks/${task._id}/approve/${member._id}`); diff --git a/website/server/controllers/api-v3/tasks/groups.js b/website/server/controllers/api-v3/tasks/groups.js index f83d8c2a68..78d978f77a 100644 --- a/website/server/controllers/api-v3/tasks/groups.js +++ b/website/server/controllers/api-v3/tasks/groups.js @@ -233,5 +233,43 @@ api.approveTask = { }, }; +/** + * @api {get} /api/v3/approvals/group/:groupId Get a group's approvals + * @apiVersion 3.0.0 + * @apiName GetGroupApprovals + * @apiGroup Task + * @apiIgnore + * + * @apiParam {UUID} groupId The id of the group from which to retrieve the approvals + * + * @apiSuccess {Array} data An array of tasks + */ +api.getGroupApprovals = { + method: 'GET', + url: '/approvals/group/:groupId', + middlewares: [ensureDevelpmentMode, authWithHeaders()], + async handler (req, res) { + req.checkParams('groupId', res.t('groupIdRequired')).notEmpty().isUUID(); + + let validationErrors = req.validationErrors(); + if (validationErrors) throw validationErrors; + + let user = res.locals.user; + let groupId = req.params.groupId; + + let group = await Group.getGroup({user, groupId, fields: requiredGroupFields}); + if (!group) throw new NotFound(res.t('groupNotFound')); + + if (group.leader !== user._id) throw new NotAuthorized(res.t('onlyGroupLeaderCanEditTasks')); + + let approvals = await Tasks.Task.find({ + 'group.id': groupId, + approved: false, + approvalRequested: true, + }).exec(); + + res.respond(200, approvals); + }, +}; module.exports = api;