Merge pull request #16 from GTBitsOfGood/tejaswini/update-partner-details

update partner details

Author: tejaswini-rb

src/app/api/partnerDetails/[userId]/route.test.ts

@@ -0,0 +1,128 @@
+import { testApiHandler } from "next-test-api-route-handler";
+import { authMock } from "@/test/authMock";
+import { dbMock } from "@/test/dbMock";
+import { expect, test, describe } from "@jest/globals";
+import { OrganizationType } from "@prisma/client";
+import * as appHandler from "./route";
+
+describe("POST /api/partnerDetails/[userId]", () => {
+  // No Valid Session (401)
+  test("returns 401 when there is no valid session", async () => {
+    authMock.mockReturnValueOnce(null); //no valid session
+
+    const formData = new FormData();
+    formData.append("numberOfPatients", "8");
+    formData.append("organizationType", "NON_PROFIT");
+
+    await testApiHandler({
+      appHandler,
+      params: { userId: "1" },
+      async test({ fetch }) {
+        const res = await fetch({
+          method: "POST",
+          body: formData,
+        });
+
+        expect(res.status).toBe(401);
+        const json = await res.json();
+        expect(json).toEqual({ message: "Session required" });
+      },
+    });
+  });
+
+  // PARTNER user tries to modify another user's details (session user ID does not match the request user ID) (403)
+  test("returns 403 when a PARTNER user tries to modify another user's record", async () => {
+    authMock.mockReturnValueOnce({
+      user: { id: "1", type: "PARTNER" },
+      expires: "",
+    });
+
+    const formData = new FormData();
+    formData.append("numberOfPatients", "8");
+    formData.append("organizationType", "NON_PROFIT");
+
+    await testApiHandler({
+      appHandler,
+      params: { userId: "2" }, //different user
+      async test({ fetch }) {
+        const res = await fetch({
+          method: "POST",
+          body: formData,
+        });
+
+        expect(res.status).toBe(403);
+        const json = await res.json();
+        expect(json).toEqual({ message: "You are not allowed to modify this record" });
+      },
+    });
+  });
+
+  // Invalid Form Data (400)
+  test("returns 400 when the form data is invalid", async () => {
+    authMock.mockReturnValueOnce({
+      user: { id: "1", type: "SUPER_ADMIN" },
+      expires: "",
+    });
+
+    // missing numberOfPatients
+    const formData = new FormData();
+    formData.append("organizationType", "NON_PROFIT");
+
+    await testApiHandler({
+      appHandler,
+      params: { userId: "1" },
+      async test({ fetch }) {
+        const res = await fetch({
+          method: "POST",
+          body: formData,
+        });
+
+        expect(res.status).toBe(400);
+        const json = await res.json();
+        expect(json).toEqual({ message: "Invalid form data" });
+      },
+    });
+  });
+
+  // Valid Request (200)
+  test("updates PartnerDetails and returns 200 for a valid request", async () => {
+    authMock.mockReturnValueOnce({
+      user: { id: "1", type: "SUPER_ADMIN" },
+      expires: "",
+    });
+
+    const existingPartnerDetails = {
+      userId: 1,
+      id: 1,
+      numberOfPatients: 8,
+      organizationType: "FOR_PROFIT" as OrganizationType,
+    };
+    dbMock.partnerDetails.findUnique.mockResolvedValueOnce(existingPartnerDetails);
+
+    const updatedPartnerDetails = {
+      ...existingPartnerDetails,
+      numberOfPatients: 5,
+      organizationType: "NON_PROFIT" as OrganizationType,
+    };
+    dbMock.partnerDetails.update.mockResolvedValueOnce(updatedPartnerDetails);
+
+    const formData = new FormData();
+    formData.append("numberOfPatients", "5");
+    formData.append("organizationType", "NON_PROFIT");
+
+    await testApiHandler({
+      appHandler,
+      params: { userId: "1" },
+      async test({ fetch }) {
+        const res = await fetch({
+          method: "POST",
+          body: formData,
+        });
+
+        expect(res.status).toBe(200);
+        const json = await res.json();
+        expect(json).toEqual(updatedPartnerDetails);
+      },
+    });
+  });
+});

src/app/api/partnerDetails/[userId]/route.ts

@@ -0,0 +1,70 @@
+import { authenticationError, authorizationError, argumentError } from "@/util/responses";
+import { auth } from "@/auth";
+import { NextResponse, NextRequest } from "next/server";
+import { z } from "zod";
+import { zfd } from "zod-form-data";
+import { db } from "@/db"; 
+
+// Zod schema
+const PartnerDetailsFormSchema = zfd.formData({
+  numberOfPatients: zfd.numeric(z.number().min(1, "Number of patients must be positive")),
+  organizationType: zfd.text(z.enum(["NON_PROFIT", "FOR_PROFIT", "RELIGIOUS"])),
+});
+
+/**
+ * Updates a user's partner details.
+ * Parameters are passed as form data.
+ * 
+ * @param numberOfPatients The number of patients associated with the partner
+ * @param organizationType The type of the organization (NON_PROFIT, FOR_PROFIT, RELIGIOUS)
+ * @param userId The ID of the user whose partner details are being updated
+ * 
+ * @returns 401 if the request is not authenticated
+ * @returns 403 if a PARTNER user attempts to modify another user's details
+ * @returns 404 if no PartnerDetails record is found
+ * @returns 200 with the updated partner details
+ */
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ userId: string }> }
+) {
+
+    // authenticate the user session
+    const session = await auth();
+    if (!session?.user) {
+      return authenticationError("Session required");
+    }
+    const { user } = session;
+
+    // await params and ensure params.userId exists
+    const { userId } = await params;
+    if (!userId) {
+      return argumentError("Missing user ID parameter");
+    }
+
+    // partner users can only modify their own details
+    if (user.type === "PARTNER" && user.id !== userId) {
+      return authorizationError("You are not allowed to modify this record");
+    }
+
+    // parse FormData
+    const formData = await req.formData();
+    const parsedData = PartnerDetailsFormSchema.safeParse(formData);
+    if (!parsedData.success) {
+      return argumentError("Invalid form data");
+    }
+
+    const { numberOfPatients, organizationType } = parsedData.data;
+
+    // update PartnerDetails record
+    const userIdNumber = Number(userId); //db schema accepts a number
+    const updatedPartnerDetails = await db.partnerDetails.update({
+      where: { userId: userIdNumber },
+      data: {
+        numberOfPatients,
+        organizationType,
+      },
+    });
+
+    return NextResponse.json(updatedPartnerDetails);
+}