test(attachmentV4): add api test for attachment v4 (#1853)

<!--
Follow semantic-release guidelines for the PR title, which is used in
the changelog.

Title should follow the format `<type>(<scope>): <subject>`, where
- Type is one of:
build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test|BREAKING
CHANGE
- Scope (optional) describes the place of the change (eg a particular
milestone) and is usually omitted
- subject should be a non-capitalized one-line description in present
imperative tense and not ending with a period

See
https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#-git-commit-guidelines
for more details.
-->

## Description
1. added API tests for attachments v4 service.
2. added isValid endpoint for attachment input validation
## Motivation
<!-- Background on use case, changes needed -->

## Fixes
<!-- Please provide a list of the issues fixed by this PR -->

* Bug fixed (#X)

## Changes:
<!-- Please provide a list of the changes implemented by this PR -->

* changes made

## Tests included

- [ ] Included for each change/fix?
- [ ] Passing? <!-- Merge will not be approved unless tests pass -->

## Documentation
- [ ] swagger documentation updated (required for API changes)
- [ ] official documentation updated

### official documentation info
<!-- If you have updated the official documentation, please provide PR #
and URL of the updated pages -->

Author: nitrosx

src/attachments/attachments.v4.controller.ts

@@ -13,6 +13,9 @@ import {
   ForbiddenException,
   NotFoundException,
   Patch,
+  Put,
+  ValidationError,
+  HttpCode,
 } from "@nestjs/common";
 import {
   ApiBearerAuth,
@@ -40,9 +43,15 @@ import { getSwaggerAttachmentFilterContent } from "./types/attachment-filter-con
 import { AttachmentFilterValidationPipe } from "./pipes/attachment-filter-validation.pipe";
 import { CreateAttachmentV4Dto } from "./dto/create-attachment.v4.dto";
 import { OutputAttachmentV4Dto } from "./dto/output-attachment.v4.dto";
-import { PartialUpdateAttachmentV4Dto } from "./dto/update-attachment.v4.dto";
+import {
+  PartialUpdateAttachmentV4Dto,
+  UpdateAttachmentV4Dto,
+} from "./dto/update-attachment.v4.dto";
 import { AttachmentsV4Service as AttachmentService } from "./attachments.v4.service";
 import { AllowAny } from "src/auth/decorators/allow-any.decorator";
+import { validate, ValidatorOptions } from "class-validator";
+import { plainToInstance } from "class-transformer";
+import { IsValidResponse } from "src/common/types";
 
 @ApiBearerAuth()
 @ApiTags("attachments v4")
@@ -350,6 +359,49 @@ export class AttachmentsV4Controller {
     );
   }
 
+  // PUT /attachments/:aid
+  @UseGuards(PoliciesGuard)
+  @CheckPolicies("attachments", (ability: AppAbility) =>
+    ability.can(Action.AttachmentUpdateEndpoint, Attachment),
+  )
+  @ApiOperation({
+    summary: "It updates the attachment.",
+    description: `It updates the attachment specified through the id specified. If optional fields are not provided they will be removed.
+      The PUT method is responsible for modifying an existing entity. The crucial part about it is that it is supposed to replace an entity.
+      Therefore, if we don’t send a field of an entity when performing a PUT request, the missing field should be removed from the document.
+      (Caution: This operation could result with data loss if all the attachment fields are not provided)`,
+  })
+  @ApiParam({
+    name: "aid",
+    description: "ID of the attachment to modify",
+    type: String,
+  })
+  @ApiBody({
+    type: UpdateAttachmentV4Dto,
+  })
+  @ApiResponse({
+    status: HttpStatus.OK,
+    type: Attachment,
+    description:
+      "Update an existing attachment. The whole attachment object with updated fields have to be passed in.",
+  })
+  @Put("/:aid")
+  async findOneAndReplace(
+    @Req() request: Request,
+    @Param("aid") aid: string,
+    @Body() updateAttachmentDto: UpdateAttachmentV4Dto,
+  ): Promise<OutputAttachmentV4Dto | null> {
+    await this.checkPermissionsForAttachment(
+      request,
+      aid,
+      Action.AttachmentUpdateEndpoint,
+    );
+    return this.attachmentsService.findOneAndReplace(
+      { _id: aid },
+      updateAttachmentDto,
+    );
+  }
+
   // POST /attachments
   @UseGuards(PoliciesGuard)
   @CheckPolicies("attachments", (ability: AppAbility) =>
@@ -374,7 +426,6 @@ export class AttachmentsV4Controller {
     @Req() request: Request,
     @Body() createAttachmentDto: CreateAttachmentV4Dto,
   ): Promise<OutputAttachmentV4Dto> {
-    //TODO: check user permission
     this.checkPermissionsForAttachmentCreate(
       request,
       createAttachmentDto,
@@ -383,6 +434,54 @@ export class AttachmentsV4Controller {
     return this.attachmentsService.create(createAttachmentDto);
   }
 
+  @UseGuards(PoliciesGuard)
+  @CheckPolicies("attachments", (ability: AppAbility) =>
+    ability.can(Action.AttachmentCreateEndpoint, Attachment),
+  )
+  @Post("/isValid")
+  @HttpCode(HttpStatus.OK)
+  @ApiOperation({
+    summary: "It validates the attachment provided as input.",
+    description:
+      "It validates the attachment provided as input, and returns true if the information is a valid attachment",
+  })
+  @ApiBody({
+    type: CreateAttachmentV4Dto,
+  })
+  @ApiResponse({
+    status: HttpStatus.OK,
+    type: IsValidResponse,
+    description:
+      "Check if the attachment provided pass validation. It return true if the validation is passed",
+  })
+  async isValid(
+    @Req() request: Request,
+    @Body() createAttachmentDto: object,
+  ): Promise<IsValidResponse> {
+    const validatorOptions: ValidatorOptions = {
+      whitelist: true,
+      forbidNonWhitelisted: true,
+    };
+    const CreateAttachmentDtoInstance = plainToInstance(
+      CreateAttachmentV4Dto,
+      createAttachmentDto,
+    );
+
+    this.checkPermissionsForAttachmentCreate(
+      request,
+      CreateAttachmentDtoInstance,
+      Action.AttachmentCreateEndpoint,
+    );
+    const errorsAttachment = await validate(
+      CreateAttachmentDtoInstance,
+      validatorOptions,
+    );
+
+    const valid = errorsAttachment.length == 0;
+
+    return { valid: valid, reason: errorsAttachment };
+  }
+
   // DELETE /attachments/:aid
   @UseGuards(PoliciesGuard)
   @CheckPolicies("attachments", (ability: AppAbility) =>

src/attachments/attachments.v4.service.ts

@@ -1,4 +1,4 @@
-import { Inject, Injectable, Scope } from "@nestjs/common";
+import { Inject, Injectable, NotFoundException, Scope } from "@nestjs/common";
 import { REQUEST } from "@nestjs/core";
 import { Request } from "express";
 import { InjectModel } from "@nestjs/mongoose";
@@ -90,6 +90,33 @@ export class AttachmentsV4Service {
     return result;
   }
 
+  async findOneAndReplace(
+    filter: FilterQuery<AttachmentDocument>,
+    updateAttachmentDto: PartialUpdateAttachmentV4Dto,
+  ): Promise<Attachment | null> {
+    const username = (this.request?.user as JWTUser).username;
+    const existingAttachment = await this.attachmentModel
+      .findOne({ aid: filter._id })
+      .exec();
+    if (!existingAttachment) {
+      throw new NotFoundException(`Attachment: ${filter._id} not found`);
+    }
+    const updatedAttachmentInput = {
+      ...updateAttachmentDto,
+      aid: existingAttachment.aid,
+      createdBy: existingAttachment.createdBy,
+    };
+    const result = await this.attachmentModel
+      .findOneAndReplace(
+        filter,
+        addUpdatedByField(updatedAttachmentInput, username),
+        { new: true },
+      )
+      .exec();
+
+    return result;
+  }
+
   async findOneAndDelete(
     filter: FilterQuery<AttachmentDocument>,
   ): Promise<unknown> {

src/attachments/dto/attachment-relationships.v4.dto.ts

@@ -0,0 +1,29 @@
+import { ApiPropertyOptional, ApiProperty } from "@nestjs/swagger";
+import { IsString, IsEnum, IsOptional } from "class-validator";
+import { AttachmentRelationTargetType } from "../types/relationship-filter.enum";
+
+export class AttachmentRelationshipsV4Dto {
+  @IsString()
+  @ApiProperty({
+    type: String,
+    description: "Array of entity target IDs.",
+  })
+  targetId: string;
+
+  @IsEnum(AttachmentRelationTargetType)
+  @ApiProperty({
+    enum: Object.values(AttachmentRelationTargetType),
+    description:
+      "Type of entity target. Can be one of the following: 'dataset','proposal','sample'.",
+  })
+  targetType: AttachmentRelationTargetType;
+
+  @IsOptional()
+  @IsString()
+  @ApiPropertyOptional({
+    type: String,
+    description: "Relationship type (defaults to 'is attached to').",
+    default: "is attached to",
+  })
+  relationType?: string;
+}

src/attachments/dto/update-attachment.v4.dto.ts

@@ -1,7 +1,13 @@
-import { IsBoolean, IsOptional, IsString } from "class-validator";
+import {
+  IsBoolean,
+  IsOptional,
+  IsString,
+  ValidateNested,
+} from "class-validator";
 import { OwnableDto } from "../../common/dto/ownable.dto";
 import { PartialType } from "@nestjs/swagger";
-import { AttachmentRelationshipClass } from "../schemas/relationship.schema";
+import { Type } from "class-transformer";
+import { AttachmentRelationshipsV4Dto } from "./attachment-relationships.v4.dto";
 
 export class UpdateAttachmentV4Dto extends OwnableDto {
   @IsOptional()
@@ -12,7 +18,9 @@ export class UpdateAttachmentV4Dto extends OwnableDto {
   readonly caption: string;
 
   @IsOptional()
-  readonly relationships?: AttachmentRelationshipClass[];
+  @ValidateNested({ each: true })
+  @Type(() => AttachmentRelationshipsV4Dto)
+  readonly relationships?: AttachmentRelationshipsV4Dto[];
 
   @IsBoolean()
   isPublished: boolean;

src/attachments/interfaces/attachment-filters.interface.ts

@@ -1,13 +1,13 @@
 import { FilterQuery } from "mongoose";
 import { ILimitsFilter } from "src/common/interfaces/common.interface";
-import { AttachmentRelationshipClass } from "../schemas/relationship.schema";
+import { AttachmentRelationshipsV4Dto } from "../dto/attachment-relationships.v4.dto";
 
 export interface IAttachmentFields {
   aid?: string;
   _id: string;
   thumbnail?: string;
   caption: string;
-  relationships?: AttachmentRelationshipClass[];
+  relationships?: AttachmentRelationshipsV4Dto[];
   ownerGroup: string;
   accessGroups: string[];
   isPublished: boolean;

src/attachments/pipes/attachment-filter-validation.pipe.ts

@@ -1,13 +1,13 @@
 import { PipeTransform, Injectable } from "@nestjs/common";
 import { BadRequestException } from "@nestjs/common/exceptions";
 import { flattenObject } from "src/common/utils";
-import { AttachmentRelationshipClass } from "../schemas/relationship.schema";
+import { AttachmentRelationshipsV4Dto } from "../dto/attachment-relationships.v4.dto";
 import { OutputAttachmentV4Dto } from "../dto/output-attachment.v4.dto";
 
 // Attachment specific keys that are allowed
 const ALLOWED_ATTACHMENT_KEYS = [
   ...Object.keys(new OutputAttachmentV4Dto()),
-  ...Object.keys(new AttachmentRelationshipClass()),
+  ...Object.keys(new AttachmentRelationshipsV4Dto()),
 ];
 
 // Allowed keys taken from mongoose QuerySelector.

src/common/types.ts

@@ -1,4 +1,5 @@
 import { ApiProperty, ApiPropertyOptional } from "@nestjs/swagger";
+import { ValidationError } from "class-validator";
 import { IFullFacets } from "src/elastic-search/interfaces/es-common.type";
 
 export class FullFacetFilters {
@@ -49,5 +50,7 @@ export class CountApiResponse {
 
 export class IsValidResponse {
   @ApiProperty({ type: Boolean })
-  isvalid: boolean;
+  valid: boolean;
+  @ApiPropertyOptional()
+  reason?: ValidationError[];
 }

src/datasets/datasets.v4.controller.ts

@@ -320,7 +320,7 @@ export class DatasetsV4Controller {
     @Req() request: Request,
     @Body(PidValidationPipe)
     createDatasetDto: object,
-  ) {
+  ): Promise<IsValidResponse> {
     const createDatasetDtoInstance = plainToInstance(
       CreateDatasetDto,
       createDatasetDto,