Enhancement : Restrict Task Status Change to Available for Task assig…

…ned to Self (#1785)

middlewares/validators/tasks.js

@@ -1,4 +1,5 @@
 const joi = require("joi");
+const { BadRequest } = require("http-errors");
 const { DINERO, NEELAM } = require("../../constants/wallets");
 const { TASK_STATUS, TASK_STATUS_OLD, MAPPED_TASK_STATUS, tasksUsersStatus } = require("../../constants/tasks");
 const { RQLQueryParser } = require("../../utils/RQLParser");
@@ -118,22 +119,30 @@ const updateTask = async (req, res, next) => {
 };
 
 const updateSelfTask = async (req, res, next) => {
+  const validStatus = [...TASK_STATUS_ENUM, ...Object.values(TASK_STATUS_OLD)].filter(
+    (item) => item !== TASK_STATUS.AVAILABLE
+  );
   const schema = joi
     .object()
     .strict()
     .keys({
       status: joi
         .string()
-        .valid(...TASK_STATUS_ENUM, ...Object.values(TASK_STATUS_OLD))
-        .optional(),
+        .valid(...validStatus)
+        .optional()
+        .error(new BadRequest(`The value for the 'status' field is invalid.`)),
       percentCompleted: joi.number().integer().min(0).max(100).optional(),
     });
   try {
     await schema.validateAsync(req.body);
     next();
   } catch (error) {
     logger.error(`Error validating updateSelfTask payload : ${error}`);
-    res.boom.badRequest(error.details[0].message);
+    if (error instanceof BadRequest) {
+      res.boom.badRequest(error.message);
+    } else {
+      res.boom.badRequest(error.details[0].message);
+    }
   }
 };
 

test/integration/tasks.test.js

@@ -921,7 +921,26 @@ describe("Tasks", function () {
       isNoteworthy: true,
     };
 
+    it("Should throw 400 Bad Request if the user tries to update the status of a task to AVAILABLE", function (done) {
+      chai
+        .request(app)
+        .patch(`/tasks/self/${taskId1}`)
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send(taskStatusData)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+          expect(res).to.have.status(400);
+          expect(res.body).to.be.a("object");
+          expect(res.body.error).to.equal("Bad Request");
+          expect(res.body.message).to.equal("The value for the 'status' field is invalid.");
+          return done();
+        });
+    });
+
     it("Should update the task status for given self taskid", function (done) {
+      taskStatusData.status = "IN_PROGRESS";
       chai
         .request(app)
         .patch(`/tasks/self/${taskId1}`)
@@ -1002,6 +1021,7 @@ describe("Tasks", function () {
     });
 
     it("Should return 404 if task doesnt exist", function (done) {
+      taskStatusData.status = "IN_PROGRESS";
       chai
         .request(app)
         .patch("/tasks/self/wrongtaskId")
@@ -1043,6 +1063,7 @@ describe("Tasks", function () {
     });
 
     it("Should give 403 if status is already 'VERIFIED' ", async function () {
+      taskStatusData.status = "IN_PROGRESS";
       taskId = (await tasks.updateTask({ ...taskData, assignee: appOwner.username })).taskId;
       const res = await chai
         .request(app)

test/unit/middlewares/tasks-validator.test.js

@@ -2,6 +2,7 @@ const Sinon = require("sinon");
 const {
   getTasksValidator,
   createTask,
+  updateSelfTask,
   getUsersValidator,
   updateTask: updateTaskValidator,
 } = require("../../../middlewares/validators/tasks");
@@ -706,4 +707,22 @@ describe("getTasks validator", function () {
       expect(res.boom.badRequest.callCount).to.be.equal(1);
     });
   });
+
+  describe("updateSelfTask Validator", function () {
+    it("should not pass the request when status is AVAILABLE", async function () {
+      const req = {
+        body: {
+          status: "AVAILABLE",
+        },
+      };
+      const res = {
+        boom: {
+          badRequest: Sinon.spy(),
+        },
+      };
+      const nextMiddlewareSpy = Sinon.spy();
+      await updateSelfTask(req, res, nextMiddlewareSpy);
+      expect(nextMiddlewareSpy.callCount).to.be.equal(0);
+    });
+  });
 });