This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.
Signed-off-by: David Mehren <git@herrmehren.de>
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This ensures the folder is always deleted, even if there are still files (from previous broken tests) in it.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This way the tests can run in any order as some of the media tests rely on an empty (or non-existing) uploads directory.
Also the me e2e test was renamed to the correct name.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
split success and fail cases in separate tests for better readability
add the correct user to all notes created by service (instead of api) to make the permissions checks viable.
extracted test content of notes to a global variable.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit adds proper error handling and returns 404 when a note does not exist.
Previously, we leaked the `NotInDBError` and sent a 500 status code.
Signed-off-by: David Mehren <git@herrmehren.de>
Previously, this lead to locking errors, when multiple test runners accessed the same database and tried to clear it or tried to insert new test data.
Signed-off-by: David Mehren <git@herrmehren.de>