diff --git a/app/controllers/accounts.js b/app/controllers/accounts.js index d1cc968..e26dd3e 100644 --- a/app/controllers/accounts.js +++ b/app/controllers/accounts.js @@ -252,11 +252,7 @@ module.exports = { list_entries : function(request, response) { return check_account(request, response, function(errors, account) { - Entry.find({ - account_id: account.id - }) - .sort('-date') - .exec(function(errors, entries) { + list_entries(account.id, null, function(errors, entries) { if( errors ) { return Handler.errorHandler(errors, 500, response); } diff --git a/test/accounts.js b/test/accounts.js index 7a130b3..b3f2d57 100644 --- a/test/accounts.js +++ b/test/accounts.js @@ -568,5 +568,48 @@ describe('API /accounts', function() { }); }); }); + + describe('* Retrieve', function() { + it('should retrieve all entries', function(done) { + request(globalServer) + .get('/api/accounts/' + account_id + '/entries') + .set('Authorization', 'JWT ' + token) + .expect('Content-Type', /json/) + .expect(200) + .end(function(errors, result) { + should.not.exist(errors); + + var entries = result.body.entries; + should.exist(entries); + entries.should.be.instanceof(Array); + + var balance = result.body.balance; + should.exist(balance); + balance.should.be.instanceof(Number); + done(); + }); + }); + + it('should fail to retrieve entries for unknown account', function(done) { + request(globalServer) + .get('/api/accounts/' + token + '/entries') + .set('Authorization', 'JWT ' + token) + .expect(404, done); + }); + + it('should fail to retrieve entries for invalid account', function(done) { + request(globalServer) + .get('/api/accounts/1/entries') + .set('Authorization', 'JWT ' + token) + .expect(404, done); + }); + + it('should fail to retrieve entries for the not owned given account', function(done) { + request(globalServer) + .get('/api/accounts/' + account_id + '/entries') + .set('Authorization', 'JWT ' + hacker_token) + .expect(401, done); + }); + }); }); }); \ No newline at end of file