add update challenge with tests

2025-12-19 15:48:04 +01:00 · 2016-01-27 12:22:24 +01:00
parent f225843cf6
commit f16b605c37
6 changed files with 130 additions and 8 deletions
--- a/website/src/controllers/api-v3/challenges.js
+++ b/website/src/controllers/api-v3/challenges.js
@@ -3,7 +3,9 @@ import _ from 'lodash';
 import cron from '../../middlewares/api-v3/cron';
 import { model as Challenge } from '../../models/challenge';
 import { model as Group } from '../../models/group';
-import { model as User } from '../../models/user';
+import {
+  model as User,
+} from '../../models/user';
 import {
  NotFound,
  NotAuthorized,
@@ -199,6 +201,43 @@ api.getChallenge = {
  },
 };

+/**
+ * @api {put} /challenges/:challengeId Update a challenge
+ * @apiVersion 3.0.0
+ * @apiName UpdateChallenge
+ * @apiGroup Challenge
+ *
+ * @apiParam {UUID} challengeId The challenge _id
+ *
+ * @apiSuccess {object} challenge The updated challenge object
+ */
+api.updateChallenge = {
+  method: 'PUT',
+  url: '/challenges/:challengeId',
+  middlewares: [authWithHeaders(), cron],
+  async handler (req, res) {
+    req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
+
+    let validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
+    let user = res.locals.user;
+    let challengeId = req.params.challengeId;
+
+    let challenge = await Challenge.findById(challengeId).exec();
+    if (!challenge) throw new NotFound(res.t('challengeNotFound'));
+
+    let group = await Group.getGroup({user, groupId: challenge.groupId, fields: '_id name type privacy', optionalMembership: true});
+    if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
+    if (!challenge.canModify(user)) throw new NotAuthorized(res.t('onlyLeaderUpdateChal'));
+
+    _.merge(challenge, Challenge.sanitizeUpdate(req.body));
+
+    let savedChal = await challenge.save();
+    res.respond(200, savedChal);
+  },
+};
+
 // TODO everything here should be moved to a worker
 // actually even for a worker it's probably just to big and will kill mongo
 function _closeChal (challenge, broken = {}) {
--- a/website/src/controllers/api-v3/tasks.js
+++ b/website/src/controllers/api-v3/tasks.js
@@ -302,7 +302,7 @@ api.updateTask = {
      delete req.body.tags;
    }

-    // TODO we have to convert task to an object because otherwise thigns doesn't get merged correctly, very bad for performances
+    // TODO we have to convert task to an object because otherwise thigns doesn't get merged correctly, bad for performances?
    // TODO regarding comment above make sure other models with nested fields are using this trick too
    _.assign(task, _.merge(task.toObject(), Tasks.Task.sanitizeUpdate(req.body)));
    // TODO console.log(task.modifiedPaths(), task.toObject().repeat === tep)
--- a/website/src/models/challenge.js
+++ b/website/src/models/challenge.js
@@ -10,9 +10,9 @@ let Schema = mongoose.Schema;

 let schema = new Schema({
  name: {type: String, required: true},
-  shortName: {type: String, required: true}, // TODO what is it?
+  shortName: {type: String, required: true},
  description: String,
-  official: {type: Boolean, default: false}, // TODO only settable by admin
+  official: {type: Boolean, default: false},
  tasksOrder: {
    habits: [{type: String, ref: 'Task'}],
    dailys: [{type: String, ref: 'Task'}],
@@ -20,16 +20,22 @@ let schema = new Schema({
    rewards: [{type: String, ref: 'Task'}],
  },
  leader: {type: String, ref: 'User', validate: [validator.isUUID, 'Invalid uuid.'], required: true},
-  groupId: {type: String, ref: 'Group', validate: [validator.isUUID, 'Invalid uuid.'], required: true}, // TODO no update, no set?
-  timestamp: {type: Date, default: Date.now, required: true}, // TODO what is this? use timestamps from plugin? not settable?
+  groupId: {type: String, ref: 'Group', validate: [validator.isUUID, 'Invalid uuid.'], required: true},
  memberCount: {type: Number, default: 1},
  prize: {type: Number, default: 0, min: 0}, // TODO no update?
 });

 schema.plugin(baseModel, {
-  noSet: ['_id', 'memberCount', 'challengeCount', 'tasksOrder'],
+  noSet: ['_id', 'memberCount', 'tasksOrder'],
+  timestamps: true,
 });

+// A list of additional fields that cannot be updated (but can be set on creation)
+let noUpdate = ['groupId', 'official', 'shortName', 'prize'];
+schema.statics.sanitizeUpdate = function sanitizeUpdate (updateObj) {
+  return this.sanitize(updateObj, noUpdate);
+};
+
 // Returns true if user is a member of the challenge
 schema.methods.isMember = function isChallengeMember (user) {
  return user.challenges.indexOf(this._id) !== -1;
--- a/website/src/models/user.js
+++ b/website/src/models/user.js
@@ -654,7 +654,7 @@ schema.methods.isSubscribed = function isSubscribed () {
  return !!this.purchased.plan.customerId; // eslint-disable-line no-implicit-coercion
 };

-// Unlink challenges tasks from user
+// Unlink challenges tasks (and the challenge itself) from user
 schema.methods.unlinkChallengeTasks = async function unlinkChallengeTasks (challengeId, keep) {
  let user = this;
  let findQuery = {