From 4020dc2882a69b45a5027710c5c3e1283ea47d9d Mon Sep 17 00:00:00 2001
From: Fuh Austin <austin047>
Date: Tue, 18 Jun 2019 22:31:55 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Client=20can=20create=20?=
 =?UTF-8?q?an=20order=20without=20userId=20in=20the=20body?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Client can create an order without passing the userId in the body of the
request, the serve collects the userId from the url and compares against
the authenticated user(Current User) and the creates the order for that
user.

✅ Closes: #43

refactor: 💡 remove debug console logs

Remove console logs created for debug purposes

Signed-off-by: austin047 <fuhaustin@gmail.com>
---
 .../user-order.controller.acceptance.ts       | 26 +++++++++++++++++++
 .../src/controllers/user-order.controller.ts  | 20 +++++++++-----
 2 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts b/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts
index 25894d2dd..55ecacb18 100644
--- a/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts
+++ b/packages/shopping/src/__tests__/acceptance/user-order.controller.acceptance.ts
@@ -89,6 +89,32 @@ describe('UserOrderController acceptance tests', () => {
       expect(res.body).to.deepEqual(order);
     });
 
+    it('creates an order for a user without a userId in the body', async () => {
+      const newUser = await userRepo.create(user);
+      const userId = newUser.id.toString();
+
+      const token = await jwtAuthService.getAccessTokenForUser({
+        email: newUser.email,
+        password: plainPassword,
+      });
+
+      const order = givenAOrder();
+
+      const res = await client
+        .post(`/users/${userId}/orders`)
+        .send(order)
+        .set('Authorization', 'Bearer ' + token)
+        .expect(200);
+      expect(res.body.orderId).to.be.a.String();
+      expect(res.body.userId).to.equal(userId);
+
+      delete res.body.orderId;
+      delete res.body.userId;
+      delete order.userId;
+
+      expect(res.body).to.deepEqual(order);
+    });
+
     it('throws an error when a userId in path does not match body', async () => {
       const newUser = await userRepo.create(user);
       const userId = newUser.id.toString();
diff --git a/packages/shopping/src/controllers/user-order.controller.ts b/packages/shopping/src/controllers/user-order.controller.ts
index fe8834f81..74d283a93 100644
--- a/packages/shopping/src/controllers/user-order.controller.ts
+++ b/packages/shopping/src/controllers/user-order.controller.ts
@@ -43,19 +43,25 @@ export class UserOrderController {
     @inject('authentication.currentUser') currentUser: UserProfile,
     @requestBody() order: Order,
   ): Promise<Order> {
-    if (currentUser.id !== order.userId) {
+    if (order.userId) {
+      if (currentUser.id !== order.userId) {
+        throw new HttpErrors.BadRequest(
+          `User id does not match looged in user: ${order.userId} !== ${
+            currentUser.id
+          }`,
+        );
+      }
+      delete order.userId;
+      return await this.userRepo.orders(userId).create(order);
+    }
+
+    if (currentUser.id !== userId) {
       throw new HttpErrors.BadRequest(
         `User id does not match looged in user: ${userId} !== ${
           currentUser.id
         }`,
       );
     }
-
-    if (userId !== order.userId) {
-      throw new HttpErrors.BadRequest(
-        `User id does not match: ${userId} !== ${order.userId}`,
-      );
-    }
     delete order.userId;
     return await this.userRepo.orders(userId).create(order);
   }