UN-2274: other costs #514

Kariamos · 2026-01-29T16:31:14Z

This pull request introduces new API endpoints and tests for managing campaign finance attachments and "other costs", along with minor dependency and utility improvements. The main changes include implementing GET and DELETE endpoints for campaign finance other costs, adding a POST endpoint for uploading finance attachments, and providing comprehensive tests for these new features.

New API Endpoints and Core Features:

Added a GET endpoint (_get/index.ts) for /campaigns/{campaignId}/finance/otherCosts that returns all "other costs" for a campaign, including their types, suppliers, and attachments with presigned S3 URLs.
Added a DELETE endpoint (_delete/index.ts) for /campaigns/{campaignId}/finance/otherCosts to delete a cost and its attachments from both the database and S3, with proper access and validation checks.
Implemented a POST endpoint (_post/index.ts) for /campaigns/{campaignId}/finance/attachments to upload finance-related attachments, with validation for file types and size.

Testing Improvements:

Added comprehensive tests for the GET endpoint, covering access control, data correctness, attachment presigned URLs, and edge cases such as costs without attachments or costs from other campaigns.
Added tests for the POST endpoint, verifying access control, file type and size validation, and correct response structure for failed uploads.

Utility and Dependency Updates:

Updated the getPresignedUrl utility to accept a custom expiration time, defaulting to 20 minutes.
Upgraded the @appquality/tryber-database dependency to version ^0.46.20 in package.json.

…date OpenAPI schema

….json and package-lock.json

UN-2283: get finance type

UN-2278-post-attachment

…ration

…eanup logic

… path

UN-2281: get finance suppliers

github-actions · 2026-01-29T16:32:18Z

Tests difference:

New Tests

< Authentication and Authorization - Should allow access with admin permissions
< Authentication and Authorization - Should allow access with olp permissions for the campaign
< Authentication and Authorization - Should return 200 if logged in as admin
< Authentication and Authorization - Should return 200 if logged in as olp with access to campaign
< Authentication and Authorization - Should return 403 if user does not have access to campaign
< Authentication and Authorization - Should return 403 if user has olp permissions for different campaign
< Authentication and Authorization - Should return 403 if user is not admin and does not have olp permissions
< Authentication and Authorization - Should return 403 if user is not authenticated
< Authentication and Authorization - Should return 403 if user is not logged in
< Campaign isolation - Should create cost only for specified campaign
< Enough permissions - admin - Should add new finance supplier
< Enough permissions - admin - Should not add existing supplier
< Enough permissions - admin - Should not add supplier with empty name
< Enough permissions - admin - Should return 200 if logged in as admin
< Enough permissions - olp - Should add supplier 
< Enough permissions - olp - Should not add existing supplier
< Error Handling - Should return 500 if S3 deletion fails
< GET /campaigns/campaignId/finance/otherCosts - Should call getPresignedUrl for each attachment
< GET /campaigns/campaignId/finance/otherCosts - Should not include costs from other campaigns
< GET /campaigns/campaignId/finance/otherCosts - Should return 200 if logged in as admin
< GET /campaigns/campaignId/finance/otherCosts - Should return 403 if logged in as not admin user
< GET /campaigns/campaignId/finance/otherCosts - Should return 403 if logged out
< GET /campaigns/campaignId/finance/otherCosts - Should return 403 if no access to the campaign
< GET /campaigns/campaignId/finance/otherCosts - Should return cost with empty attachments array if cost has no attachments
< GET /campaigns/campaignId/finance/otherCosts - Should return empty items array if no costs exist for campaign
< GET /campaigns/campaignId/finance/otherCosts - Should return finance other costs - admin
< GET /campaigns/campaignId/finance/otherCosts - Should return other costs - olp permissions
< GET /campaigns/campaignId/finance/supplier - Should return 200 if logged in as admin
< GET /campaigns/campaignId/finance/supplier - Should return 403 if logged in as not admin user
< GET /campaigns/campaignId/finance/supplier - Should return 403 if logged out
< GET /campaigns/campaignId/finance/supplier - Should return 403 if no access to the campaign
< GET /campaigns/campaignId/finance/supplier - Should return finance suppliers - admin
< GET /campaigns/campaignId/finance/supplier - Should return suppliers - olp permissions
< GET /campaigns/campaignId/finance/type - Should return 200 if logged in as admin
< GET /campaigns/campaignId/finance/type - Should return 403 if logged in as not admin user
< GET /campaigns/campaignId/finance/type - Should return 403 if logged out
< GET /campaigns/campaignId/finance/type - Should return 403 if no access to the campaign
< GET /campaigns/campaignId/finance/type - Should return finance types - admin
< GET /campaigns/campaignId/finance/type - Should return types - olp permissions
< Input Validation - Should return 400 if array is empty
< Input Validation - Should return 400 if attachments array item is missing mime_type
< Input Validation - Should return 400 if attachments array item is missing url
< Input Validation - Should return 400 if attachments is an empty array
< Input Validation - Should return 400 if attachments is missing
< Input Validation - Should return 400 if body is not an array
< Input Validation - Should return 400 if cost is missing
< Input Validation - Should return 400 if cost_id is missing
< Input Validation - Should return 400 if cost_id is missing
< Input Validation - Should return 400 if cost_id is negative
< Input Validation - Should return 400 if cost_id is negative
< Input Validation - Should return 400 if cost_id is not a number
< Input Validation - Should return 400 if cost_id is null
< Input Validation - Should return 400 if cost_id is null
< Input Validation - Should return 400 if cost_id is zero
< Input Validation - Should return 400 if cost_id is zero
< Input Validation - Should return 400 if description is missing
< Input Validation - Should return 400 if supplier_id is missing
< Input Validation - Should return 400 if type_id is missing
< Not Found  - Should return 404 if cost belongs to another campaign
< Not Found  - Should return 404 if cost does not exist
< Not enough permissions - Should return 403 if logged in as not admin user
< Not enough permissions - Should return 403 if logged in as not admin user
< Not enough permissions - Should return 403 if logged out
< Not enough permissions - Should return 403 if logged out
< Not enough permissions - Should return 403 if no access to the campaign
< Not enough permissions - Should return 403 if no access to the campaign
< Resource Validation - Should return 404 if cost belongs to another campaign
< Resource Validation - Should return 404 if cost_id does not exist
< Resource Validation - Should return 404 if supplier_id does not exist
< Resource Validation - Should return 404 if type_id does not exist
< Route POST /campaigns/{campaignId}/finance/attachments - Should answer 200 and mark as failed if try to send an oversized file
< Route POST /campaigns/{campaignId}/finance/attachments - Should answer 200 and mark as failed if try to send file as .bat, .sh and .exe
< Route POST /campaigns/{campaignId}/finance/attachments - Should answer 403 if not logged in
< S3 Deletion - Should call deleteFromS3 once for cost with one attachment
< S3 Deletion - Should call deleteFromS3 three times for cost with three attachments
< S3 Deletion - Should not call deleteFromS3 if cost has no attachments
< S3 Deletion - Should only delete S3 files for the specified cost, not others
< Success - admin permissions - Should accept decimal cost values
< Success - admin permissions - Should create attachments in database
< Success - admin permissions - Should create cost with multiple attachments
< Success - admin permissions - Should create cost with single attachment
< Success - admin permissions - Should create multiple costs in single request
< Success - admin permissions - Should create multiple costs independently
< Success - admin permissions - Should create other cost in database
< Success - admin permissions - Should delete correctly only one cost item
< Success - admin permissions - Should delete cost and all its attachments
< Success - admin permissions - Should delete cost from database
< Success - admin permissions - Should delete cost without attachments
< Success - admin permissions - Should delete multiple old attachments from S3 when updating
< Success - admin permissions - Should delete old attachments from S3 when updating
< Success - admin permissions - Should only delete attachments of the deleted cost
< Success - admin permissions - Should only delete specified cost, not others
< Success - admin permissions - Should only update specified cost, not others
< Success - admin permissions - Should return 201 if logged in as admin
< Success - admin permissions - Should update cost and replace attachments
< Success - admin permissions - Should update cost in database
< Success - admin permissions - Should update cost with empty attachments array
< Success - admin permissions - Should update cost without old attachments
< Success - admin permissions - Should update multiple costs in single request
< Success - olp permissions - Should create attachments with olp permissions
< Success - olp permissions - Should create other cost in database with olp permissions
< Success - olp permissions - Should delete correctly only one cost item
< Success - olp permissions - Should delete cost and attachments 
< Success - olp permissions - Should delete cost with olp permissions
< Success - olp permissions - Should return 201 if logged in as olp with access to campaign
< Success - olp permissions - Should return 403 if olp does not have access to campaign
< Success - olp permissions - Should update cost and replace attachments with olp permissions
< Success - olp permissions - Should update cost with olp permissions
< Validation errors - Should return 400 for second item with invalid data
< Validation errors - Should return 400 if attachment mime_type is empty
< Validation errors - Should return 400 if attachment url is empty
< Validation errors - Should return 400 if attachments array is empty
< Validation errors - Should return 400 if body is an empty array
< Validation errors - Should return 400 if body is not an array
< Validation errors - Should return 400 if cost is 0
< Validation errors - Should return 400 if cost is negative
< Validation errors - Should return 400 if description is empty
< Validation errors - Should return 400 if description is only whitespace
< Validation errors - Should return 400 if supplier_id does not exist
< Validation errors - Should return 400 if type_id does not exist

…e new_supplier_name

…andling in other costs patch

…n other costs patch

Patch other costs

…ne deletion and addition

…ire at least one attachment

…n operations

…with enhanced validation

…with improved validation and error handling

Other costs accept array

Add presign url get other costs

…ge.json and package-lock.json

… removed after S3 deletion

feat: update attachment deletion logic to ensure database records are…

it@app-quality.com and others added 29 commits January 23, 2026 15:41

Modified src/reference/openapi.yml

9d0109c

Modified src/reference/openapi.yml

777fcce

feat: add POST /campaigns/{campaign}/finance/attachments route and up…

11e9c13

…date OpenAPI schema

Modified src/reference/openapi.yml

39443da

Modified src/reference/openapi.yml

c2577d2

Modified src/reference/openapi.yml

c075223

feat: add endpoint to create a new campaign supplier

ee47019

feat: implement POST route for campaign finance supplier with validation

09288fd

fix: update @appquality/tryber-database version to 0.46.17 in package…

7e105f7

….json and package-lock.json

Modified src/reference/openapi.yml

e3163d5

fix: update @appquality/tryber-database dependency to version 0.46.17

d08d123

feat: add finance type endpoint for campaigns

f841044

feat: implement finance type retrieval for campaigns

3b762a7

Merge pull request #513 from AppQuality/UN-2283-get-finance-type

8f955c7

UN-2283: get finance type

Merge pull request #510 from AppQuality/UN-2278-post-attachment

1cedfdc

UN-2278-post-attachment

Modified src/reference/openapi.yml

40752e0

Modified src/reference/openapi.yml

67ef756

Modified src/reference/openapi.yml

adbc425

feat: add finance suppliers endpoints for campaigns

933e544

Modified src/reference/openapi.yml

2e12057

refactor: update finance suppliers endpoint and remove duplicated ope…

d1f9a38

…ration

feat: implement finance suppliers endpoint for campaigns

c9de030

refactor: enhance tests for finance suppliers endpoint and improve cl…

9dc4013

…eanup logic

Modified src/reference/openapi.yml

fab376b

refactor: remove redundant 'id' field from operations interface

d5d4c81

refactor: remove 'id' field from Supplier type and related queries

8780256

refactor: remove duplicated finance suppliers endpoint from campaigns…

963432e

… path

refactor: update finance supplier endpoint and adjust related operations

23cf049

Merge pull request #511 from AppQuality/UN-2281-get-finance-suppliers

476fc0d

UN-2281: get finance suppliers

Kariamos added 4 commits February 3, 2026 00:09

feat: update campaign finance schema to require supplier_id and remov…

dd2c745

…e new_supplier_name

refactor: simplify supplier validation and remove new_supplier_name h…

36fece4

…andling in other costs patch

refactor: streamline validation checks for cost, type, and supplier i…

fba0197

…n other costs patch

Merge pull request #519 from AppQuality/patch-other-costs

37ba13e

Patch other costs

Kariamos temporarily deployed to staging February 3, 2026 09:00 — with GitHub Actions Inactive

Kariamos temporarily deployed to staging February 3, 2026 09:38 — with GitHub Actions Inactive

refactor: update attachment handling in other costs patch to streamli…

8181f2e

…ne deletion and addition

Kariamos temporarily deployed to staging February 3, 2026 10:28 — with GitHub Actions Inactive

refactor: add validation for attachments in other costs patch to requ…

f28a094

…ire at least one attachment

Kariamos temporarily deployed to staging February 3, 2026 11:12 — with GitHub Actions Inactive

Kariamos and others added 10 commits February 3, 2026 13:12

refactor: update schema to support array of objects for attachments i…

1a82c85

…n operations

refactor: update other costs routes to accept an array of cost items …

a198b86

…with enhanced validation

refactor: update other costs routes to accept an array of cost items …

fd5866e

…with improved validation and error handling

Merge pull request #520 from AppQuality/other-costs-accept-array

26d19f4

Other costs accept array

Modified src/reference/openapi.yml

9e317d5

feat: add presigned_url field to operations cost items

d20a81e

feat: add expiration parameter to getPresignedUrl function

ec2ae10

feat: integrate presigned URLs for attachments in other costs retrieval

7c52a4d

feat: enhance presigned URL handling for other costs with error logging

d874ec5

Merge pull request #521 from AppQuality/add-presign-url-get-other-costs

0b64666

Add presign url get other costs

Kariamos temporarily deployed to staging February 4, 2026 10:29 — with GitHub Actions Inactive

chore: update @appquality/tryber-database to version 0.46.20 in packa…

59a75b3

…ge.json and package-lock.json

iDome89 temporarily deployed to staging February 4, 2026 14:53 — with GitHub Actions Inactive

iDome89 temporarily deployed to staging February 5, 2026 08:41 — with GitHub Actions Inactive

Kariamos added 2 commits February 5, 2026 12:04

feat: update attachment deletion logic to ensure database records are…

415c9aa

… removed after S3 deletion

Merge pull request #522 from AppQuality/update-delete-attachment-logic

ed3fd6b

feat: update attachment deletion logic to ensure database records are…

Kariamos deployed to staging February 5, 2026 11:22 — with GitHub Actions Active

Kariamos marked this pull request as ready for review February 5, 2026 11:25

Kariamos changed the title ~~Un 2274 other costs~~ UN-2274: other costs Feb 5, 2026

d-beezee merged commit 9db51ee into develop Feb 5, 2026
5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UN-2274: other costs #514

UN-2274: other costs #514

Uh oh!

Kariamos commented Jan 29, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Jan 29, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

UN-2274: other costs #514

UN-2274: other costs #514

Uh oh!

Conversation

Kariamos commented Jan 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jan 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Tests difference:

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Kariamos commented Jan 29, 2026 •

edited

Loading

github-actions bot commented Jan 29, 2026 •

edited

Loading