Added task approve route

test/api/v3/integration/tasks/groups/POST-group_tasks_id_approve_userId.test.js

@@ -29,27 +29,35 @@ describe('POST /tasks/:id/approve/:userId', () => {
       type: 'todo',
       requiresApproval: true,
     });
-
-    await user.post(`/tasks/${task._id}/assign/${member._id}`);
   });
 
+  it('errors when user is not assigned', async () => {
+    await expect(user.post(`/tasks/${task._id}/approve/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 404,
+        error: 'NotFound',
+        message: t('taskNotFound'),
+      });
+  });
+
+  it('errors when user is not the group leader', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+    await expect(member.post(`/tasks/${task._id}/approve/${member._id}`))
+      .to.eventually.be.rejected.and.to.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('onlyGroupLeaderCanEditTasks'),
+      });
+  });
+
+
   it('approves an assigned user', async () => {
+    await user.post(`/tasks/${task._id}/assign/${member._id}`);
+    await user.post(`/tasks/${task._id}/approve/${member._id}`);
+
     let memberTasks = await member.get('/tasks/user');
     let syncedTask = find(memberTasks, findAssignedTask);
 
-    await expect(user.post(`/tasks/${task._id}/approve/${member._id}`))
+    expect(syncedTask.approved).to.be.true;
-      .to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('taskRequiresApproval'),
   });
-  });
-
-  // it('prevents user from scoring a task that needs to be approved', async () => {
-  //   await user.post(`/tasks/${task._id}/score/up`);
-  //   let task = await user.get(`/tasks/${todo._id}`);
-  //
-  //   expect(task.completed).to.equal(true);
-  //   expect(task.dateCompleted).to.be.a('string'); // date gets converted to a string as json doesn't have a Date type
-  // });
 });

website/server/controllers/api-v3/tasks/groups.js

@@ -196,32 +196,31 @@ api.approveTask = {
   middlewares: [ensureDevelpmentMode, authWithHeaders()],
   async handler (req, res) {
     req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
-    req.checkParams('assignedUserId', res.t('userIdRequired')).notEmpty().isUUID();
+    req.checkParams('userId', res.t('userIdRequired')).notEmpty().isUUID();
 
     let reqValidationErrors = req.validationErrors();
     if (reqValidationErrors) throw reqValidationErrors;
 
     let user = res.locals.user;
-    let assignedUserId = req.params.assignedUserId;
+    let assignedUserId = req.params.userId;
-    let assignedUser = await User.findById(assignedUserId);
 
     let taskId = req.params.taskId;
-    let task = await Tasks.Task.findByIdOrAlias(taskId, user._id);
+    let task = await Tasks.Task.findOne({
+      'group.taskId': taskId,
+      'userId': assignedUserId,
+    });
 
     if (!task) {
       throw new NotFound(res.t('taskNotFound'));
     }
 
-    if (!task.group.id) {
-      throw new NotAuthorized(res.t('onlyGroupTasksCanBeAssigned'));
-    }
-
     let group = await Group.getGroup({user, groupId: task.group.id, fields: requiredGroupFields});
     if (!group) throw new NotFound(res.t('groupNotFound'));
 
     if (group.leader !== user._id) throw new NotAuthorized(res.t('onlyGroupLeaderCanEditTasks'));
 
-    await group.unlinkTask(task, assignedUser);
+    task.approved = true;
+    await task.save();
 
     res.respond(200, task);
   },