8 年之前 · 8748801192
--- a/routes/category.js
+++ b/routes/category.js
@@ -149,7 +149,8 @@ router.all('*', (req, res, next) => {
 
				 router.post('/', async (req, res) => {
			
 
				 	try {
			
 
				 		let category = await Category.create({
			
 
				-			name: req.body.name
			
 
				+			name: req.body.name,
			
 
				+			color: req.body.color
			
 
				 		})
			
 
				 
			
 
				 		res.json(category.toJSON())
			
@@ -228,7 +229,10 @@ router.delete('/:id', async (req, res) => {
 
				 
			
 
				 		await category.destroy()
			
 
				 
			
 
				-		res.json({ success: true })
			
 
				+		res.json({
			
 
				+			success: true,
			
 
				+			otherCategoryCreated: otherCategory[1] ? otherCategory[0] : null
			
 
				+		})
			
 
				 	} catch (e) {
			
 
				 		if(e instanceof Sequelize.ValidationError) {
			
 
				 			res.status(400)
			
--- a/routes/user.js
+++ b/routes/user.js
@@ -257,4 +257,39 @@ router.delete('/:username', async (req, res) => {
 
				 	}
			
 
				 })
			
 
				 
			
 
				+router.all('*', (req, res, next) => {
			
 
				+	if(req.session.admin) {
			
 
				+		next()
			
 
				+	} else {
			
 
				+		res.status(401)
			
 
				+		res.json({
			
 
				+			errors: [Errors.requestNotAuthorized]
			
 
				+		})
			
 
				+	}
			
 
				+})
			
 
				+
			
 
				+router.get('/', async (req, res) => {
			
 
				+	try {
			
 
				+		console.log('here234')
			
 
				+
			
 
				+		if(req.query.admin) {
			
 
				+			let admins = await User.findAll({
			
 
				+				where: { admin: true },
			
 
				+				attributes: {
			
 
				+					exclude: ['hash']
			
 
				+				}
			
 
				+			})
			
 
				+
			
 
				+			res.json(admins)
			
 
				+		} else {
			
 
				+			res.json({})
			
 
				+		}
			
 
				+	} catch (e) {
			
 
				+		console.log(e)
			
 
				+		res.json({
			
 
				+			errors: [Errors.unknown]
			
 
				+		})
			
 
				+	}
			
 
				+})
			
 
				+
			
 
				 module.exports = router
			
--- a/test/user.js
+++ b/test/user.js
@@ -434,6 +434,45 @@ describe('User', () => {
 
				 		})
			
 
				 	})
			
 
				 
			
 
				+	describe('/?admin', () => {
			
 
				+		let admin1 = chai.request.agent(server)
			
 
				+		before(done => {
			
 
				+ 			admin1
			
 
				+				.post('/api/v1/user/adminaccount/login')
			
 
				+				.set('content-type', 'application/json')
			
 
				+				.send({
			
 
				+					password: 'password'
			
 
				+				})
			
 
				+				.then(_ =>  {
			
 
				+					done()
			
 
				+				})
			
 
				+				.catch(done)
			
 
				+		})
			
 
				+
			
 
				+		it('should return an array of admins', async () => {
			
 
				+			let res = await admin1.get('/api/v1/user?admin=true')
			
 
				+
			
 
				+			res.should.be.json
			
 
				+			res.should.have.status(200)
			
 
				+			res.body.should.contain.something.with.property('username', 'adminaccount')
			
 
				+			res.body.should.contain.something.with.property('username', 'adminaccount1')
			
 
				+			res.body.should.not.contain.something.with.property('hash')
			
 
				+			res.body.should.have.property('length', 2)
			
 
				+		})
			
 
				+
			
 
				+		it('should return an error if not admin', done => {
			
 
				+			chai.request(server)
			
 
				+				.get('/api/v1/user?admin=true')
			
 
				+				.end((err, res) => {
			
 
				+					res.should.have.status(401)
			
 
				+					res.body.should.have.property('errors')
			
 
				+					res.body.errors.should.contain.something.that.deep.equals(Errors.requestNotAuthorized)
			
 
				+
			
 
				+					done()
			
 
				+				})
			
 
				+		})
			
 
				+	})
			
 
				+
			
 
				 	describe('/:username/login POST user', () => {
			
 
				 		let agent = chai.request.agent(server)