From c04e53b5a587caefe3a05535401ee41c553d64cb Mon Sep 17 00:00:00 2001
From: Keith Holliday <krh121791@gmail.com>
Date: Sat, 12 Mar 2016 21:00:43 -0600
Subject: [PATCH] Added initial delete challenge tasks tests

---
 ...ETE-tasks_id_challenge_challengeId.test.js | 55 +++++++++++++++++++
 website/src/controllers/api-v3/tasks.js       |  2 +-
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 test/api/v3/integration/tasks/challenges/DELETE-tasks_id_challenge_challengeId.test.js

diff --git a/test/api/v3/integration/tasks/challenges/DELETE-tasks_id_challenge_challengeId.test.js b/test/api/v3/integration/tasks/challenges/DELETE-tasks_id_challenge_challengeId.test.js
new file mode 100644
index 0000000000..9ec2a65f8e
--- /dev/null
+++ b/test/api/v3/integration/tasks/challenges/DELETE-tasks_id_challenge_challengeId.test.js
@@ -0,0 +1,55 @@
+import {
+  generateUser,
+  generateGroup,
+  generateChallenge,
+  translate as t,
+} from '../../../../../helpers/api-integration/v3';
+import { v4 as generateUUID } from 'uuid';
+
+describe('DELETE /tasks/:id', () => {
+  let user;
+  let guild;
+  let challenge;
+  let task;
+
+  before(async () => {
+    user = await generateUser();
+    guild = await generateGroup(user);
+    challenge = await generateChallenge(user, guild);
+  });
+
+  beforeEach(async () => {
+    task = await user.post(`/tasks/challenge/${challenge._id}`, {
+      text: 'test habit',
+      type: 'habit',
+    });
+  });
+
+  it('cannot delete a non-existant task', async () => {
+    await expect(user.del(`/tasks/${generateUUID()}`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+
+  it('returns error when user is not leader of the challenge', async () => {
+    let anotherUser = await generateUser();
+
+    await expect(anotherUser.del(`/tasks/${task._id}`)).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('onlyChalLeaderEditTasks'),
+    });
+  });
+
+  it('deletes a user\'s task', async () => {
+    await user.del(`/tasks/${task._id}`);
+
+    await expect(user.get(`/tasks/${task._id}`)).to.eventually.be.rejected.and.eql({
+      code: 404,
+      error: 'NotFound',
+      message: t('taskNotFound'),
+    });
+  });
+});
diff --git a/website/src/controllers/api-v3/tasks.js b/website/src/controllers/api-v3/tasks.js
index b78615e448..952076ab82 100644
--- a/website/src/controllers/api-v3/tasks.js
+++ b/website/src/controllers/api-v3/tasks.js
@@ -909,7 +909,7 @@ api.deleteTask = {
     if (!task) {
       throw new NotFound(res.t('taskNotFound'));
     } else if (!task.userId) { // If the task belongs to a challenge make sure the user has rights
-      challenge = await Challenge.find().selec({_id: task.challenge.id}).select('leader').exec();
+      challenge = await Challenge.findOne({_id: task.challenge.id}).exec();
       if (!challenge) throw new NotFound(res.t('challengeNotFound'));
       if (challenge.leader !== user._id) throw new NotAuthorized(res.t('onlyChalLeaderEditTasks'));
     } else if (task.userId !== user._id) { // If the task is owned by an user make it's the current one