diff --git a/sci-log-db/src/__tests__/acceptance/basesnippet.controller.acceptance.ts b/sci-log-db/src/__tests__/acceptance/basesnippet.controller.acceptance.ts index 6b4534b4..51baf5c0 100644 --- a/sci-log-db/src/__tests__/acceptance/basesnippet.controller.acceptance.ts +++ b/sci-log-db/src/__tests__/acceptance/basesnippet.controller.acceptance.ts @@ -690,7 +690,7 @@ describe('Basesnippet', function (this: Suite) { }, { input: { - deleteACL: ['basesnippetAcceptance', 'someNew'], + deleteACL: ['restrict', 'someNew'], token: 'adminToken', }, expected: 204, @@ -752,4 +752,14 @@ describe('Basesnippet', function (this: Suite) { throw err; }); }); + + [404, 204].forEach(t => { + it(`delete snippet should return ${t}`, async () => { + await client + .delete(`/basesnippets/${baseSnippetId}`) + .set('Authorization', `Bearer ${t === 404 ? token : adminToken}`) + .set('Content-Type', 'application/json') + .expect(t); + }); + }); }); diff --git a/sci-log-db/src/__tests__/acceptance/logbook.controller.acceptance.ts b/sci-log-db/src/__tests__/acceptance/logbook.controller.acceptance.ts index 33b6d3b1..aa0cfb0d 100644 --- a/sci-log-db/src/__tests__/acceptance/logbook.controller.acceptance.ts +++ b/sci-log-db/src/__tests__/acceptance/logbook.controller.acceptance.ts @@ -389,12 +389,12 @@ describe('Logbook', function (this: Suite) { .expect(401); }); - it('delete snippet by id with token should return 204', async () => { + it('delete snippet by id with token should return 404', async () => { await client .delete(`/logbooks/${logbookSnippetId}`) .set('Authorization', 'Bearer ' + token) .set('Content-Type', 'application/json') - .expect(204); + .expect(404); }); it('restore snippet by id without token should return 401', async () => { diff --git a/sci-log-db/src/repositories/autoadd.repository.base.ts b/sci-log-db/src/repositories/autoadd.repository.base.ts index e2b88f0b..929b8af7 100644 --- a/sci-log-db/src/repositories/autoadd.repository.base.ts +++ b/sci-log-db/src/repositories/autoadd.repository.base.ts @@ -316,11 +316,11 @@ export class AutoAddRepository< delete ctx.data.createdBy; delete ctx.data.expiresAt; if (currentUser?.roles?.includes('admin')) return; - const updateCondition = this.updateACLCondition( - currentUser, - 'updateACL', - ); - ctx.where = this.addACLToFilter(ctx.where, updateCondition); + let editCondition: Where; + if (ctx.data.deleted) + editCondition = this.updateACLCondition(currentUser, 'deleteACL'); + else editCondition = this.updateACLCondition(currentUser, 'updateACL'); + ctx.where = this.addACLToFilter(ctx.where, editCondition); if (this.acls.some(acl => acl !== 'readACL' && ctx.data[acl])) { const adminCondition = this.updateACLCondition( currentUser, @@ -378,6 +378,15 @@ export class AutoAddRepository< console.log('going to save:' + JSON.stringify(ctx, null, 3)); }); + modelClass.observe('before delete', async ctx => { + const currentUser = ctx.options.currentUser; + if (currentUser?.roles?.includes('admin')) return; + ctx.where = this.addACLToFilter( + ctx.where, + this.updateACLCondition(currentUser, 'deleteACL'), + ); + }); + modelClass.observe('access', async ctx => { // console.log("=========Access Observe:", ctx?.options) // eslint-disable-next-line no-prototype-builtins