Fix drafting

package.json

@@ -1,6 +1,6 @@
 {
   "name": "secretsanta",
-  "version": "5.1.2",
+  "version": "5.1.3",
   "description": "SecretSanta source code",
   "author": "Zaista",
   "license": "MIT",

public/admin/santaAdmin.js

@@ -233,6 +233,7 @@ $(async () => {
         success: (result) => {
           if (result.success) {
             $(this).prop('disabled', true);
+            $('#reveal').prop('disabled', false);
           }
           showAlert(result);
         },

public/history/year/santaYear.js

@@ -61,10 +61,10 @@ $(async () => {
     const giftElement = $.parseHTML(giftTemplate);
     let santaName = gift.santa;
     let childName = gift.child;
-    if (gift.santa === '') {
+    if (gift.santa === undefined || gift.santa === '') {
       santaName = gift.santaEmail;
     }
-    if (gift.child === '') {
+    if (gift.child === undefined || gift.child === '') {
       childName = gift.childEmail;
     }
     $(giftElement).find('[data-id="santa"]').text(santaName);

public/profile/santaProfile.js

@@ -11,6 +11,9 @@ $(async () => {
   $.get(`${apiUrl}/list?id=${searchParams.get('id')}`, (friend) => {
     if (friend.error) {
       showAlert(friend);
+      $('#image').removeClass('loading-image');
+      // TODO disable image click
+      $('#profileSaveButton').prop('disabled', true);
     } else {
       if (friend.imageUploaded) {
         lazyLoadImage(friend._id, $('#image')).then((image) => {

routers/admin-router.js

@@ -184,17 +184,19 @@ adminRouter.post('/api/forbidden', async (req, res) => {
     req.session.activeGroup._id,
     req.body
   );
-  if (result.insertedId) {
+  if (result === null) {
     return res.send({
-      success: 'Forbidden pair added',
-      id: result.insertedId,
+      error: 'Creating forbidden pair failed',
     });
   } else if (result.error) {
     return res.send(result);
-  } else {
+  } else if (result.insertedId) {
     return res.send({
-      error: 'Something went wrong while creating a forbidden pair',
+      success: 'Forbidden pair added',
+      id: result.insertedId,
     });
+  } else {
+    throw Error('Something went wrong');
   }
 });
 
@@ -267,7 +269,9 @@ adminRouter.put('/api/reveal', async (req, res) => {
   if (!req.user) return res.status(401).send({ error: 'User not logged in' });
 
   const history = await getYearsByGroup(req.session.activeGroup._id);
-  if (history[0].revealed) {
+  if (history.length === 0) {
+    return res.send({ error: 'Year not drafted yet' });
+  } else if (history[0].revealed) {
     return res.send({ error: 'Year already revealed' });
   }
 

routers/chat-router.js

@@ -67,14 +67,14 @@ chatRouter.post('/api/send', async (req, res) => {
         response.success = `Message posted in chat and email sent to ${emailTemplate.to}`;
         response.emailUrl = emailStatus.emailUrl;
       } else {
-        res.send({
+        return res.send({
           error: `Error sending email: ${emailStatus.error}`,
         });
       }
     }
-    res.send(response);
+    return res.send(response);
   } else {
-    res.send({
+    return res.send({
       error: 'Failed to ask the question. Contact the administrator',
     });
   }

routers/profile-router.js

@@ -30,13 +30,22 @@ profileRouter.get('/api/list', async (req, res) => {
   let userId = req.user._id;
   if (req.query.id !== 'null') {
     userId = ObjectId.createFromHexString(req.query.id);
+    const friend = await getProfile(userId);
+    if (
+      friend?.groups?.some((group) =>
+        group.groupId.equals(req.session.activeGroup._id)
+      )
+    ) {
+      return res.send(friend);
+    } else {
+      return res.send({ error: 'Profile not found' });
+    }
   }
-  const friend = await getProfile(userId);
-  if (friend === null) {
-    res.send({ error: 'Profile not found' });
-  } else {
-    res.send(friend);
+  const profile = await getProfile(userId);
+  if (profile === null) {
+    return res.send({ error: 'Profile not found' });
   }
+  return res.send(profile);
 });
 
 profileRouter.post('/api/update', async (req, res) => {

tests/admin.spec.js

@@ -8,6 +8,7 @@ import {
   addForbiddenPair,
   draftSantaPairs,
   revealSantaPairs,
+  removeForbiddenPair,
 } from './helpers/admin.js';
 import { createNewGroup, createDraftedGroup } from './helpers/setup.js';
 
@@ -115,7 +116,7 @@ test.describe('admin tests', () => {
     });
 
     test('admin cannot add forbidden pair again', async ({ page }) => {
-      const groupData = await createDraftedGroup(page.request);
+      const groupData = await createNewGroup(page.request);
       const forbiddenPair = {
         forbiddenUser1Id: groupData.users.user1.id,
         forbiddenUser2Id: groupData.users.user2.id,
@@ -135,24 +136,198 @@ test.describe('admin tests', () => {
         .selectOption(groupData.users.user2.id);
       await page.getByRole('button', { name: 'Forbid' }).click();
       await expect(page.locator('#footerAlert')).toHaveText(
-        'Forbidden pair already exists.'
+        'Forbidden pair already exists'
       );
     });
 
-    test('forbidden pairs should not draft each other', async ({ page }) => {
+    test('admin can remove a forbidden pair', async ({ page }) => {
       const groupData = await createNewGroup(page.request);
+      await login(
+        page.request,
+        groupData.users.admin.email,
+        groupData.users.admin.password
+      );
       const forbiddenPair = {
         forbiddenUser1Id: groupData.users.user1.id,
         forbiddenUser2Id: groupData.users.user2.id,
       };
       await addForbiddenPair(page.request, forbiddenPair);
-      await draftSantaPairs(page.request);
+      await login(
+        page.request,
+        groupData.users.admin.email,
+        groupData.users.admin.password
+      );
+      await page.goto('/admin');
+
+      await page.locator('[data-name="pairDelete"]').click();
+      await page.getByRole('button', { name: 'Delete pair' }).click();
+      await expect(page.locator('#footerAlert')).toHaveText(
+        'The forbidden pair was successfully deleted'
+      );
+    });
+
+    test('forbidden pairs should not draft each other', async ({ page }) => {
+      const groupData = await createNewGroup(page.request);
+      const forbiddenPair = {
+        forbiddenUser1Id: groupData.users.user1.id,
+        forbiddenUser2Id: groupData.users.user2.id,
+      };
+      const pairResult = await addForbiddenPair(page.request, forbiddenPair);
+      const draftFailedResult = await draftSantaPairs(page.request);
+      expect(draftFailedResult).toHaveProperty('error');
+      await removeForbiddenPair(page.request, pairResult.id);
+      const draftSuccessfulResult = await draftSantaPairs(page.request);
+      expect(draftSuccessfulResult).toHaveProperty('success');
+    });
+
+    test('multiple forbidden pairs should not draft each other', async ({
+      page,
+    }) => {
+      const groupData = {
+        users: {
+          admin: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user2: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user3: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user4: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user5: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user6: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user7: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user8: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user9: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+          user10: {
+            email: faker.internet.email(),
+            password: 'test',
+          },
+        },
+        group: {
+          name: faker.word.noun(),
+        },
+      };
+
+      await createNewGroup(page.request, groupData);
+      const forbiddenPair1 = {
+        forbiddenUser1Id: groupData.users.admin.id,
+        forbiddenUser2Id: groupData.users.user2.id,
+      };
+      const forbiddenPair2 = {
+        forbiddenUser1Id: groupData.users.user3.id,
+        forbiddenUser2Id: groupData.users.user4.id,
+      };
+      const forbiddenPair3 = {
+        forbiddenUser1Id: groupData.users.user5.id,
+        forbiddenUser2Id: groupData.users.user6.id,
+      };
+      const forbiddenPair4 = {
+        forbiddenUser1Id: groupData.users.user8.id,
+        forbiddenUser2Id: groupData.users.user7.id,
+      };
+      const forbiddenPair5 = {
+        forbiddenUser1Id: groupData.users.user10.id,
+        forbiddenUser2Id: groupData.users.user9.id,
+      };
+      await addForbiddenPair(page.request, forbiddenPair1);
+      await addForbiddenPair(page.request, forbiddenPair2);
+      await addForbiddenPair(page.request, forbiddenPair3);
+      await addForbiddenPair(page.request, forbiddenPair4);
+      await addForbiddenPair(page.request, forbiddenPair5);
+      let i = 0;
+      while (i < 10) {
+        const result = await draftSantaPairs(page.request);
+        if ('success' in result) {
+          break;
+        }
+        i++;
+      }
       await revealSantaPairs(page.request);
       await page.goto('/history');
       await page.getByText('N/A').click();
-      await expect(
-        page.getByRole('row', { name: groupData.users.user1.name }).first()
-      ).not.toHaveText(groupData.users.user2.name);
+
+      let santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.admin.email });
+      let parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user2.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user2.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.admin.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user3.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user4.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user4.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user3.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user5.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user6.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user6.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user5.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user7.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user8.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user8.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user7.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user9.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user10.email);
+
+      santa = page
+        .locator('*[data-id="santa"]')
+        .filter({ hasText: groupData.users.user10.email });
+      parent = page.getByRole('row').filter({ has: santa });
+      await expect(parent).not.toHaveText(groupData.users.user9.email);
     });
   });