OfficeAccessCard editing - backend changes #1909
Conversation
- Implemented a new endpoint to edit card aliases, including validation for input. - Updated the OfficeAccessCard utility to support alias editing. - Enhanced the CardReader component to allow users to edit card aliases directly in the UI. - Added corresponding tests to ensure proper functionality and error handling for the new feature. - Introduced a new audit log action for alias edits.
src/Pages/CardReader/CardReader.js
Outdated
| setCards(prevCards => | ||
| prevCards.map(card => | ||
| card._id === cardId | ||
| ? { ...card, alias: editedAlias.trim() } | ||
| : card |
There was a problem hiding this comment.
i think what we should do here is when the alias is successfully edited, we query mongodb for all cards again, so that way this alias isn't only client side
src/Pages/Overview/SVG.js
Outdated
| export function pencilSymbol(color = '#6b7280') { | ||
| return ( | ||
| <svg width='20' height='20' viewBox='0 0 24 24' fill='none' stroke={color} strokeWidth='2' strokeLinecap='round' strokeLinejoin='round'> | ||
| <path d='M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7'/> | ||
| <path d='m18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z'/> | ||
| </svg> | ||
| ); | ||
| } | ||
|
|
There was a problem hiding this comment.
this doesn't have to be put in this file, the trashCanSymbol function is only imported from here because it was already implemented here when card reader page was made. you can move this to CardReader.js
test/api/OfficeAccessCard.js
Outdated
| it('Should return 400 when both _id and alias are missing', async () => { | ||
| setTokenStatus(true); | ||
| const result = await test.sendPostRequestWithToken(token, | ||
| EDIT_API_PATH, {}); | ||
| expect(result).to.have.status(BAD_REQUEST); | ||
| }); |
| expect(updatedCard.alias).to.equal(NEW_ALIAS); | ||
| }); | ||
| }); | ||
|
|
There was a problem hiding this comment.
very impressive how thorough these tests are :)
| const decoded = decodeToken(req); | ||
| if (!decoded) { | ||
| return res.sendStatus(UNAUTHORIZED); | ||
| } |
There was a problem hiding this comment.
i think we realized this doesnt work anymore, need to merge #1877 first
ill work on it
|
adarshm11
changed the title
adarshm11
force-pushed
the
editalias
branch
2 times, most recently
from
003c142 to
a3cec14
Compare
adarshm11
changed the title
| const { _id, alias } = req.body; | ||
|
|
||
| if (!_id || !alias) { | ||
| return res.status(BAD_REQUEST).send('_id and alias are required in request body'); | ||
| } |
There was a problem hiding this comment.
we should do this approach, from the verify endpoint, alias.trim() can also be in the array
const required = [
{ value: apiKey, title: 'X-API-Key HTTP header', },
{ value: cardBytes, title: 'cardBytes query parameter', },
];
const missingValue = required.find(({ value }) => !value);
if (missingValue) {
writeLogToClient(req.method, {
statusCode: BAD_REQUEST,
message: `${missingValue.title} missing from request`
});
return res.status(BAD_REQUEST).send(`${missingValue.title} missing from request`);
}| if (!/^[0-9a-fA-F]{24}$/.test(_id)) { | ||
| return res.status(BAD_REQUEST).send('_id must be a valid ObjectId'); | ||
| } |
There was a problem hiding this comment.
you could even throw this in the missingFields thing
| const updatedCard = await editAlias(_id, alias); | ||
|
|
||
| if (!updatedCard) { | ||
| return res.status(NOT_FOUND).send('Card not found'); |
There was a problem hiding this comment.
we can just do sendStatus, 404 status implies that we didnt find it
| action: AuditLogActions.EDIT_CARD, | ||
| details: { | ||
| newAlias: alias, | ||
| oldAlias: updatedCard.alias !== alias ? 'unknown' : alias |
There was a problem hiding this comment.
why would updatedCard.alias not exist
also we could just do
details: {
newAlias: alias,
_id,
}
no need to say what the old one was
- Implemented a new endpoint to edit card aliases, including validation for input. - Updated the OfficeAccessCard utility to support alias editing. - Enhanced the CardReader component to allow users to edit card aliases directly in the UI. - Added corresponding tests to ensure proper functionality and error handling for the new feature. - Introduced a new audit log action for alias edits.
…into editalias
| if (!apiKey) { | ||
| writeLogToClient(req.method, { | ||
| statusCode: UNAUTHORIZED, | ||
| message: `Invalid API key: ${apiKey}`, | ||
| message: 'API key missing from request', | ||
| }); | ||
| return res.sendStatus(UNAUTHORIZED); | ||
| } |
There was a problem hiding this comment.
do we even need this? the required array already checks this i think
| const { _id, alias } = req.body; | ||
|
|
||
| const required = [ | ||
| { value: _id && /^[0-9a-fA-F]{24}$/.test(_id) ? _id : null, title: 'Card ID', }, |
There was a problem hiding this comment.
maybe have the title be valid, alphanumeric Card ID
| if (!result) { | ||
| const { description } = body; | ||
| logger.info(`Card:${description} not found in the database`); | ||
| logger.info('Card not found in the database'); |
There was a problem hiding this comment.
why did we change this line can we put it back
| expect(result).to.have.status(BAD_REQUEST); | ||
| }); | ||
|
|
||
| it('Should preserve other card properties when updating alias', async () => { |
There was a problem hiding this comment.
up to you, should we add a quick test ensuring that only officers and above can edit a card, not member role
| }); | ||
|
|
||
| router.post('/edit', async (req, res) => { | ||
| const decoded = await decodeToken(req); |
There was a problem hiding this comment.
i think we have to pass in access role officer here, otherwise anyone with a valid token at any role level can do this
adarshm11
force-pushed
the
editalias
branch
2 times, most recently
from
3cee241 to
a902e38
Compare
3 participants
-Created a post /edit, and a helper function for edit alias.
-Created edit mode in pencil/edit button, that edits the alias when clicked.
-Created test files for post /edit with dummy document.