Merge branch '2-election-api' into 'master'

Resolve "Election API" Closes #2 See merge request apoyen/elections!6

Merge branch '2-election-api' into 'master'
f36ad439 · Alexis POYEN · 80d7d309 · 19f01ddd · f36ad439 · f36ad439
Commit f36ad439 authored 4 years ago by Alexis POYEN
--- a/internal/models/election.go
+++ b/internal/models/election.go
+package models
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"forge.grandlyon.com/apoyen/elections/internal/auth"
+)
+
+func (d *DataHandler) HandleElection(w http.ResponseWriter, r *http.Request) {
+	id, _ := strconv.Atoi(strings.TrimPrefix(r.URL.Path, "/api/Election/"))
+	switch method := r.Method; method {
+	case "GET":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.getElectionAdmin(w, r, id)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	case "POST":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.postElectionAdmin(w, r)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+
+	case "PUT":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.putElectionAdmin(w, r, id)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	case "DELETE":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.deleteElectionAdmin(w, r, id)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	default:
+		http.Error(w, "method not allowed", 400)
+	}
+}
+
+func (d *DataHandler) getElectionAdmin(w http.ResponseWriter, r *http.Request, id int) {
+	if id != 0 {
+		var o Election
+		if err := d.db.Preload("Areas").First(&o, id).Error; err != nil {
+			http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+			return
+		}
+		json.NewEncoder(w).Encode(o)
+	} else {
+		var o []Election
+		d.db.Preload("Areas").Find(&o)
+		json.NewEncoder(w).Encode(o)
+	}
+}
+
+func (d *DataHandler) postElectionAdmin(w http.ResponseWriter, r *http.Request) {
+	var o Election
+	err := json.NewDecoder(r.Body).Decode(&o)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+	d.db.Create(&o)
+	d.db.Last(&o)
+	json.NewEncoder(w).Encode(o)
+
+}
+
+func (d *DataHandler) putElectionAdmin(w http.ResponseWriter, r *http.Request, id int) {
+	var o Election
+	if err := d.db.Preload("Areas").First(&o, id).Error; err != nil {
+		http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+		return
+	}
+	var election Election
+	err := json.NewDecoder(r.Body).Decode(&election)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+	o.Name = election.Name
+	o.BallotType = election.BallotType
+	d.db.Save(&o)
+	json.NewEncoder(w).Encode(o)
+
+}
+
+func (d *DataHandler) deleteElectionAdmin(w http.ResponseWriter, r *http.Request, id int) {
+	if id != 0 {
+		var o Election
+		if err := d.db.First(&o, id).Error; err != nil {
+			http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+			return
+		}
+		d.db.Delete(&o)
+	} else {
+		http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+	}
+}
--- a/internal/models/models.go
+++ b/internal/models/models.go
@@ -216,6 +216,8 @@ func (d *DataHandler) ProcessAPI(w http.ResponseWriter, r *http.Request) {
 	switch api {
 	case "Capturer":
 		d.HandleCapturer(w, r)
+	case "Election":
+		d.HandleElection(w, r)
 	}

 }

--- a/internal/rootmux/admin_test.go
+++ b/internal/rootmux/admin_test.go
@@ -33,6 +33,17 @@ func AdminTests(t *testing.T) {
 		// Delete a capturer
 		do("DELETE", "/api/Capturer/3", xsrfHeader, ``, 200, ``)

+		// Create an Election
+		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":null,"Rounds":null}`)
+		// Get the election
+		do("GET", "/api/Election/1", xsrfHeader, ``, 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[],"Rounds":null}`)
+		// Get all the elections
+		do("GET", "/api/Election/", xsrfHeader, ``, 200, `[{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[],"Rounds":null}]`)
+		// Update a election
+		do("PUT", "/api/Election/1", xsrfHeader, `{"ID":1,"Name":"Grand-Lyon 2020", "BallotType":"metropolitan-direct"}`, 200, `{"ID":1,"Name":"Grand-Lyon 2020","BallotType":"metropolitan-direct","Areas":[],"Rounds":null}`)
+		// Delete a election
+		do("DELETE", "/api/Election/1", xsrfHeader, ``, 200, ``)
+
 	}
 	// Do a in memory login with an known admin
 	do("POST", "/Login", noH, `{"login": "admin","password": "password"}`, 200, "")

--- a/internal/rootmux/capturer_test.go
+++ b/internal/rootmux/capturer_test.go
@@ -35,6 +35,17 @@ func CapturerTests(t *testing.T) {
 		// Delete a capturer should fail with 405
 		do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

+		// Create an election should fail with 405
+		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Get an Election should fail with 405
+		do("GET", "/api/Election/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
+		// Get all the elections should fail with 405
+		do("GET", "/api/Election/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
+		// Update an election should fail with 405
+		do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Delete an election should fail with 405
+		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
+
 	}
 	// Do a in memory login with an known admin
 	do("POST", "/Login", noH, `{"login": "capturer","password": "password"}`, 200, "")

--- a/internal/rootmux/visualizer_test.go
+++ b/internal/rootmux/visualizer_test.go
@@ -33,6 +33,17 @@ func VisualizerTests(t *testing.T) {
 		// Delete a capturer should fail with 405
 		do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

+		// Create an election should fail with 405
+		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Get an Election should fail with 405
+		do("GET", "/api/Election/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
+		// Get all the elections should fail with 405
+		do("GET", "/api/Election/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
+		// Update an election should fail with 405
+		do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Delete an election should fail with 405
+		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
+
 	}
 	// Do a in memory login with an known admin
 	do("POST", "/Login", noH, `{"login": "visualizer","password": "password"}`, 200, "")