From c4c0bfb8d937da08cc3caf4acbd442fac4637885 Mon Sep 17 00:00:00 2001
From: Jonsen-92 <jonsensiahaan@gmail.com>
Date: Mon, 14 Dec 2020 10:06:07 +0700
Subject: [PATCH] [#6] Update documentation ACL

---
 doc/acl.md | 157 ++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 120 insertions(+), 37 deletions(-)

diff --git a/doc/acl.md b/doc/acl.md
index eeee5fd..f1a739e 100644
--- a/doc/acl.md
+++ b/doc/acl.md
@@ -17,15 +17,12 @@ POST /access
 ### Database
 ![](./acl_model.png)
 
-
-*if need create new database, please write the sql script below* 
-
 ### Headers
 Key | Value 
 --- | ---
 Content-Type | application/json
 Accept | application/json
-Email | application/json
+Email | cdc_user@gmail.com
 
 
 ### Request Payloads
@@ -46,7 +43,7 @@ HTTP Code | Status | Description
 400 | Bad Request | Bad request payload  
 404 | Not Found | User not found in database  
 500 | Internal Server Error | some un-handle error in server 
-200 | OK | OK
+201 | Created | Success created new access
 ```
 {
     "status_code": "CDC-400",
@@ -57,34 +54,25 @@ HTTP Code | Status | Description
 
 ```
 {
-    "status_code": "CDC-200",
-    "status_message": "OK",
+    "status_code": "CDC-201",
+    "status_message": "Created",
      "data": {
+        "id":2,
         "parent_id": 1,
         "alias": "Groups",
-        "acos": [
-            {
-                "id": 1,
-                "_create" : 1,
-                "_read" : 1,
-                "_update" : 1,
-                "_delete" : 1
-                "created": "2020-10-28T08:58:13+00:00",
-                "modified": "2020-10-28T08:58:13+00:00"
-            }
-        ]
+        "created": "2020-10-28T08:58:13+00:00",
+        "modified": "2020-10-28T08:58:13+00:00"
     }
 }
 ```
 
 ### Logic
+ using <a href="https://book.cakephp.org/4/en/orm/behaviors/tree.html" rel="notfollow">cakephp tree</a> behavior to get lft and rght from parent_id
 
 #### Validation
 - parent_id: required and not empty
 - alias: required, not empty and unique
 
-*if any special logic, please write down the logic here. thanks*
-
 ### Scenario Test
 
 #### Case : Negative Case 1
@@ -181,7 +169,47 @@ Response Payload:
 }
 ```
 
+#### Case : Negative Case 6
 
+Request Payload :
+```
+{
+    "parent_id": 1,
+    "alias": "Groups"
+}
+```
+ 
+Response HTTP Status Code : 400
+
+Response Payload:
+```
+{
+    "status_code": "cdc-400",
+    "status_message": " alias is already exist in acos table",
+    "data": null
+}
+```
+
+#### Case : Negative Case 7
+
+Request Payload :
+```
+{
+    "parent_id": 1,
+    "alias": "Groups"
+}
+```
+ 
+Response HTTP Status Code : 404
+
+Response Payload:
+```
+{
+    "status_code": "cdc-404",
+    "status_message": " parent_id not found in acos table",
+    "data": null
+}
+```
 
 #### Case : Positive Case
 
@@ -189,32 +217,24 @@ Request Payload :
 ```
 {
     "parent_id": 1,
-    "alias": Groups
+    "alias": "Groups"
 
 }
 ```
 
-Response HTTP Status Code : 200
+Response HTTP Status Code : 201
 
 Response Payload :
 ```
 {
-    "status_code": "CDC-200",
-    "status_message": "OK",
+    "status_code": "CDC-201",
+    "status_message": "Created",
     "data": {
+        "id":2,
         "parent_id": 1,
         "alias": "Groups",
-        "acos": [
-            {
-                "id": 1,
-                "_create" : 1,
-                "_read" : 1,
-                "_update" : 1,
-                "_delete" : 1,
-                "created": "2020-10-28T08:58:13+00:00",
-                "modified": "2020-10-28T08:58:13+00:00"
-            }
-        ]
+        "created": "2020-10-28T08:58:13+00:00",
+        "modified": "2020-10-28T08:58:13+00:00"
     }
 }
 ```
@@ -224,6 +244,69 @@ Response Payload :
 ### Endpoint
 GET /access
 
+### Headers
+Key | Value 
+--- | ---
+Content-Type | application/json
+Accept | application/json
+Email | cdc_user@gmail.com
+
+### Response Payloads
+HTTP Code | Status | Description
+--- | --- | ---
+400 | Bad Request | Bad request payload  
+404 | Not Found | User not found in database  
+500 | Internal Server Error | some un-handle error in server 
+200 | OK | OK
+
+{
+    "status_code": "CDC-200",
+    "status_message": "OK",
+     "data": {
+         "acos": [
+             {
+                "id":1,
+                "parent_id": null,
+                "alias": "Controller",
+                "created": "2020-10-28T08:58:13+00:00",
+                "modified": "2020-10-28T08:58:13+00:00"
+             },
+             {
+                "id":2,
+                "parent_id": 1,
+                "alias": "Index",
+                "created": "2020-10-28T08:58:13+00:00",
+                "modified": "2020-10-28T08:58:13+00:00"
+             },
+             {
+                "id":3,
+                "parent_id": 1,
+                "alias": "Add",
+                "created": "2020-10-28T08:58:13+00:00",
+                "modified": "2020-10-28T08:58:13+00:00"
+             },
+             {
+                "id":4,
+                "parent_id": 1,
+                "alias": "View",
+                "created": "2020-10-28T08:58:13+00:00",
+                "modified": "2020-10-28T08:58:13+00:00"
+             },
+             {
+                "id":5,
+                "parent_id": 1,
+                "alias": "Edit",
+                "created": "2020-10-28T08:58:13+00:00",
+                "modified": "2020-10-28T08:58:13+00:00"
+             },
+         ]
+    }
+}
+
+### Logic
+- if there is no email header, you get all acos in tree.
+- if any email header, you get all acos which is grant to user login (you need join to aros_acos table).
+
 ## <a name="view"></a>View
 
 ### Endpoint
@@ -232,12 +315,12 @@ GET /access/:id
 ## <a name="edit"></a>Edit
 
 ### Endpoint
-POST /access/:id
+PUT /access/:id
 
 ## <a name="delete"></a>DELETE
 
 ### Endpoint
-DEL /access/:id
+DELETE /access/:id
 
 ## <a name="grant"></a>DELETE