diff --git a/server/classrooms/classroom_handler.coffee b/server/classrooms/classroom_handler.coffee index 32b6bfeb1..e756e9220 100644 --- a/server/classrooms/classroom_handler.coffee +++ b/server/classrooms/classroom_handler.coffee @@ -4,6 +4,7 @@ Handler = require '../commons/Handler' Classroom = require './Classroom' User = require '../users/User' sendwithus = require '../sendwithus' +utils = require '../lib/utils' ClassroomHandler = class ClassroomHandler extends Handler modelClass: Classroom @@ -77,6 +78,16 @@ ClassroomHandler = class ClassroomHandler extends Handler # join_link: "https://codecombat.com/courses/students?_ppc=" + prepaid.get('code') sendwithus.api.send context, _.noop return @sendSuccess(res, {}) + + get: (req, res) -> + if ownerID = req.query.ownerID + return @sendForbiddenError(res) unless req.user and (req.user.isAdmin() or ownerID is req.user.id) + return @sendBadInputError(res, 'Bad ownerID') unless utils.isID ownerID + Classroom.find {ownerID: mongoose.Types.ObjectId(ownerID)}, (err, classrooms) => + return @sendDatabaseError(res, err) if err + return @sendSuccess(res, (@formatEntity(req, classroom) for classroom in classrooms)) + else + super(arguments...) module.exports = new ClassroomHandler() diff --git a/test/server/functional/classrooms.spec.coffee b/test/server/functional/classrooms.spec.coffee index 0a24a46a9..9964c1d7a 100644 --- a/test/server/functional/classrooms.spec.coffee +++ b/test/server/functional/classrooms.spec.coffee @@ -5,13 +5,42 @@ mongoose = require 'mongoose' classroomsURL = getURL('/db/classroom') +describe 'GET /db/classrooms?ownerID=:id', -> + it 'clears database users and classrooms', (done) -> + clearModels [User, Classroom], (err) -> + throw err if err + done() + + it 'returns an array of classrooms with the given owner', (done) -> + loginNewUser (user1) -> + new Classroom({name: 'Classroom 1', ownerID: user1.get('_id') }).save (err, classroom) -> + expect(err).toBeNull() + loginNewUser (user2) -> + new Classroom({name: 'Classroom 2', ownerID: user2.get('_id') }).save (err, classroom) -> + expect(err).toBeNull() + url = getURL('/db/classroom?ownerID='+user2.id) + request.get { uri: url, json: true }, (err, res, body) -> + expect(res.statusCode).toBe(200) + expect(body.length).toBe(1) + expect(body[0].name).toBe('Classroom 2') + done() + + it 'returns 403 when a non-admin tries to get classrooms for another user', (done) -> + loginNewUser (user1) -> + loginNewUser (user2) -> + url = getURL('/db/classroom?ownerID='+user1.id) + request.get { uri: url }, (err, res, body) -> + expect(res.statusCode).toBe(403) + done() + + describe 'GET /db/classrooms/:id', -> - it 'Clear database users and clans', (done) -> + it 'clears database users and classrooms', (done) -> clearModels [User, Classroom], (err) -> throw err if err done() - it 'creates a new classroom for the given user', (done) -> + it 'returns the classroom for the given id', (done) -> loginNewUser (user1) -> data = { name: 'Classroom 1' } request.post {uri: classroomsURL, json: data }, (err, res, body) -> @@ -24,7 +53,7 @@ describe 'GET /db/classrooms/:id', -> describe 'POST /db/classrooms', -> - it 'Clear database users and clans', (done) -> + it 'clears database users and classrooms', (done) -> clearModels [User, Classroom], (err) -> throw err if err done() @@ -49,7 +78,7 @@ describe 'POST /db/classrooms', -> describe 'PUT /db/classrooms', -> - it 'Clear database users and clans', (done) -> + it 'clears database users and classrooms', (done) -> clearModels [User, Classroom], (err) -> throw err if err done()