nwaughachukwuma · October 27, 2019 21:24
diff --git a/updateCustomerEntry-modified.ts b/updateCustomerEntry-modified.ts
 import * as functions from 'firebase-functions';
 import { validationResult } from 'express-validator/check';
 import { admin, getDocumentRef } from './admin'
 import { verifyUser } from './verifyUser'

 const acceptableStatus = [...]; // some validations. e.g. approve|decline|pending

 export const updateCustomerEntry = functions.https.onRequest(async (request, response) => {
    const errors = validationResult(request)
    if (!errors.isEmpty()) {
        console.warn('error updating the entry');
        return response.status(422).json({ errors: errors.array() })
    }
    const { customerId, orderId, productId, operation } = request.body
    
    // verify the user access here
    const isUserVerified = await verifyUser(oauthToken); // we call the method to check user authorization
    if (!isUserVerified) {
        return response.status(401).json({ error: 'Not permitted to perform operation' });
    }

    try {
        if (!acceptableStatus.includes(operation)) { // not an acceptable operation
            throw new Error('Please use an acceptable action: pending|approved|declined')
        }
        // ensure that the customer and the product are still existing in the system
        const customerRef = await getDocumentRef(`users`, customerId).get();
        const productRef = await getDocumentRef(`products`, productId).get();
        
        if (!customerRef) {
          return response.status(400).json({ error: 'No such customer in the system' })
        }
        
        if (!productRef) {
          return response.status(400).json({ error: 'No such product in the system' })
        }
        
        ...
        // Perform operations as unique to your setup
        
    } catch (err) {
        console.error(err)
        return response.status(400).json({ error: err.message })
    }
 })
	import * as functions from 'firebase-functions';
	import { validationResult } from 'express-validator/check';
	import { admin, getDocumentRef } from './admin'
	import { verifyUser } from './verifyUser'

	const acceptableStatus = [...]; // some validations. e.g. approve\|decline\|pending

	export const updateCustomerEntry = functions.https.onRequest(async (request, response) => {
	const errors = validationResult(request)
	if (!errors.isEmpty()) {
	console.warn('error updating the entry');
	return response.status(422).json({ errors: errors.array() })
	}
	const { customerId, orderId, productId, operation } = request.body

	// verify the user access here
	const isUserVerified = await verifyUser(oauthToken); // we call the method to check user authorization
	if (!isUserVerified) {
	return response.status(401).json({ error: 'Not permitted to perform operation' });
	}

	try {
	if (!acceptableStatus.includes(operation)) { // not an acceptable operation
	throw new Error('Please use an acceptable action: pending\|approved\|declined')
	}
	// ensure that the customer and the product are still existing in the system
	const customerRef = await getDocumentRef(`users`, customerId).get();
	const productRef = await getDocumentRef(`products`, productId).get();

	if (!customerRef) {
	return response.status(400).json({ error: 'No such customer in the system' })
	}

	if (!productRef) {
	return response.status(400).json({ error: 'No such product in the system' })
	}

	...
	// Perform operations as unique to your setup

	} catch (err) {
	console.error(err)
	return response.status(400).json({ error: err.message })
	}
	})