nik/OMDSCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged PR 574: 未認証のAuthorIDは選択できないようにする

Browse Source 
## 概要
[Task2819: 未認証のAuthorIDは選択できないようにする](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/2819)

- Author取得APIではメール認証済みのユーザーのみ取得するように修正しました。
- Workflowの追加/編集APIでメール未認証のAuthorを指定して実行するとエラーとなるように修正しました。
- 修正APIに対応したテストケースを追加しました。

## レビューポイント
- 対応箇所は適切でしょうか?

## UIの変更
- なし

## 動作確認状況
- ローカルで確認
This commit is contained in:
makabe.t 2023-11-14 02:10:32 +00:00
parent ee161a405f
commit 5c0d5f6476
4 changed files with 185 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
dictation_server/src/features/accounts/accounts.service.spec.ts
View File

@ -5754,6 +5754,44 @@ describe('getAuthors', () => {
expect(authors[1].authorId).toBe('AUTHOR_ID_2');
}
});
it('アカウント内のAuthorユーザーの一覧を取得できる未認証ユーザー以外', async () => {
if (!source) fail();
const module = await makeTestingModule(source);
if (!module) fail();
// 第五階層のアカウント作成
const { account, admin } = await makeTestAccount(source, { tier: 5 });
const userId1 = await makeTestUser(source, {
account_id: account.id,
role: USER_ROLES.AUTHOR,
author_id: 'AUTHOR_ID_1',
});
const userId2 = await makeTestUser(source, {
account_id: account.id,
role: USER_ROLES.AUTHOR,
author_id: 'AUTHOR_ID_2',
email_verified: false,
});
// 作成したデータを確認
{
const users = await getUsers(source);
expect(users.length).toBe(3);
expect(users[1].id).toBe(userId1.id);
expect(users[2].id).toBe(userId2.id);
}
const service = module.get<AccountsService>(AccountsService);
const context = makeContext(admin.external_id);
const authors = await service.getAuthors(context, admin.external_id);
//実行結果を確認
{
expect(authors.length).toBe(1);
expect(authors[0].id).toBe(userId1.id);
expect(authors[0].authorId).toBe('AUTHOR_ID_1');
}
});
it('アカウント内のAuthorユーザーの一覧を取得できる0件', async () => {
if (!source) fail();
const module = await makeTestingModule(source);

137
dictation_server/src/features/workflows/workflows.service.spec.ts
View File

@ -588,6 +588,56 @@ describe('createWorkflows', () => {
}
});
it('Authorがメール未認証の場合、400エラーとなること', async () => {
if (!source) fail();
const module = await makeTestingModule(source);
if (!module) fail();
// 第五階層のアカウント作成
const { account, admin } = await makeTestAccount(source, { tier: 5 });
const { id: authorId } = await makeTestUser(source, {
external_id: 'author1',
author_id: 'AUTHOR1',
account_id: account.id,
role: USER_ROLES.AUTHOR,
email_verified: false,
});
const { id: typistId } = await makeTestUser(source, {
external_id: 'typist1',
account_id: account.id,
role: USER_ROLES.TYPIST,
});
//作成したデータを確認
{
const workflows = await getWorkflows(source, account.id);
const workflowTypists = await getAllWorkflowTypists(source);
expect(workflows.length).toBe(0);
expect(workflowTypists.length).toBe(0);
}
const service = module.get<WorkflowsService>(WorkflowsService);
const context = makeContext(admin.external_id);
//実行結果を確認
try {
await service.createWorkflow(
context,
admin.external_id,
authorId,
[{ typistId: typistId }],
undefined,
undefined,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
expect(e.getResponse()).toEqual(makeErrorResponse('E010204'));
} else {
fail();
}
}
});
it('DBにAuthorが存在しない場合、400エラーとなること', async () => {
if (!source) fail();
const module = await makeTestingModule(source);
@ -639,6 +689,7 @@ describe('createWorkflows', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -699,6 +750,7 @@ describe('createWorkflows', () => {
9999,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -758,6 +810,7 @@ describe('createWorkflows', () => {
worktypeId,
9999,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -819,6 +872,7 @@ describe('createWorkflows', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -880,6 +934,7 @@ describe('createWorkflows', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -950,6 +1005,7 @@ describe('createWorkflows', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1024,6 +1080,7 @@ describe('createWorkflows', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.INTERNAL_SERVER_ERROR);
@ -1514,6 +1571,78 @@ describe('updateWorkflow', () => {
}
});
it('Authorがメール未認証の場合、400エラーとなること', async () => {
if (!source) fail();
const module = await makeTestingModule(source);
if (!module) fail();
// 第五階層のアカウント作成
const { account, admin } = await makeTestAccount(source, { tier: 5 });
const { id: authorId1 } = await makeTestUser(source, {
external_id: 'author1',
author_id: 'AUTHOR1',
account_id: account.id,
role: USER_ROLES.AUTHOR,
});
const { id: authorId2 } = await makeTestUser(source, {
external_id: 'author2',
author_id: 'AUTHOR2',
account_id: account.id,
role: USER_ROLES.AUTHOR,
email_verified: false,
});
const { id: typistId1 } = await makeTestUser(source, {
external_id: 'typist1',
account_id: account.id,
role: USER_ROLES.TYPIST,
});
const preWorkflow = await createWorkflow(
source,
account.id,
authorId1,
undefined,
undefined,
);
await createWorkflowTypist(source, preWorkflow.id, typistId1);
//作成したデータを確認
{
const workflows = await getWorkflows(source, account.id);
const workflowTypists = await getAllWorkflowTypists(source);
expect(workflows.length).toBe(1);
expect(workflows[0].id).toBe(preWorkflow.id);
expect(workflows[0].account_id).toBe(account.id);
expect(workflows[0].author_id).toBe(authorId1);
expect(workflows[0].worktype_id).toBe(null);
expect(workflows[0].template_id).toBe(null);
expect(workflowTypists.length).toBe(1);
}
const service = module.get<WorkflowsService>(WorkflowsService);
const context = makeContext(admin.external_id);
//実行結果を確認
try {
await service.updateWorkflow(
context,
admin.external_id,
preWorkflow.id,
authorId2,
[{ typistId: typistId1 }],
undefined,
undefined,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
expect(e.getResponse()).toEqual(makeErrorResponse('E010204'));
} else {
fail();
}
}
});
it('DBにWorkflowが存在しない場合、400エラーとなること', async () => {
if (!source) fail();
const module = await makeTestingModule(source);
@ -1550,6 +1679,7 @@ describe('updateWorkflow', () => {
undefined,
undefined,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1623,6 +1753,7 @@ describe('updateWorkflow', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1691,6 +1822,7 @@ describe('updateWorkflow', () => {
9999,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1758,6 +1890,7 @@ describe('updateWorkflow', () => {
worktypeId,
9999,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1832,6 +1965,7 @@ describe('updateWorkflow', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1906,6 +2040,7 @@ describe('updateWorkflow', () => {
worktypeId,
templateId,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -1974,6 +2109,7 @@ describe('updateWorkflow', () => {
worktypeId1,
undefined,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.BAD_REQUEST);
@ -2050,6 +2186,7 @@ describe('updateWorkflow', () => {
undefined,
undefined,
);
fail();
} catch (e) {
if (e instanceof HttpException) {
expect(e.getStatus()).toEqual(HttpStatus.INTERNAL_SERVER_ERROR);

3
dictation_server/src/repositories/users/users.repository.service.ts
View File

@ -398,7 +398,7 @@ export class UsersRepositoryService {
}
/**
* Authorユーザーを取得する
* Email認証済みのAuthorユーザーを取得する
* @param accountId
* @returns author users
*/
@ -409,6 +409,7 @@ export class UsersRepositoryService {
where: {
account_id: accountId,
role: USER_ROLES.AUTHOR,
email_verified: true,
deleted_at: IsNull(),
},
});

12
dictation_server/src/repositories/workflows/workflows.repository.service.ts
View File

@ -69,10 +69,12 @@ export class WorkflowsRepositoryService {
// authorの存在確認
const userRepo = entityManager.getRepository(User);
const author = await userRepo.findOne({
where: { account_id: accountId, id: authorId },
where: { account_id: accountId, id: authorId, email_verified: true },
});
if (!author) {
throw new UserNotFoundError(`author not found. id: ${authorId}`);
throw new UserNotFoundError(
`author not found or email not verified. id: ${authorId}`,
);
}
// worktypeの存在確認
@ -198,10 +200,12 @@ export class WorkflowsRepositoryService {
// authorの存在確認
const userRepo = entityManager.getRepository(User);
const author = await userRepo.findOne({
where: { account_id: accountId, id: authorId },
where: { account_id: accountId, id: authorId, email_verified: true },
});
if (!author) {
throw new UserNotFoundError(`author not found. id: ${authorId}`);
throw new UserNotFoundError(
`author not found or email not verified. id: ${authorId}`,
);
}
// worktypeの存在確認