Issue Tracker

User Stories:

1. Prevent cross-site scripting (XSS) attacks.
2. I can POST /api/issues/{projectname} with form data containing required issue_title, issue_text, created_by, and optional assigned_to and status_text.
3. The object saved (and returned) will include all of those fields (blank for optional no input) and also include created_on (date & time), updated_on (date & time), open (boolean, true for open, false for closed), and id.
4. I can PUT /api/issues/{projectname} with an id and any fields in the object with a value to update said object. Returned will be 'successfully updated' or 'could not update'. This should always update updated_on. If no fields are sent return 'no update field(s) sent'.
5. I can DELETE /api/issues/{projectname} with an id to completely delete an issue. If no id is sent return 'missing id', success: 'successfully deleted', failed: 'could not delete'.
6. I can GET /api/issues/{projectname} for an array of all issues on that specific project with all the information for each issue as was returned when posted.
7. I can filter my GET request by also passing along any field and value in the query (for example: /api/issues/{project}?open=false). I can pass along as many fields and values as I want.
8. All 14 tests are complete and passing.

Example GET usage:

• /api/issues/{project}
• /api/issues/{project}?open=true&assigned_to=Joe
• /api/issues/apitest

Example return:

[{"id":"5871dda29faedc3491ff93bb","issue_title":"Fix error in posting data","issue_text":"When we post data it has an error.","created_on":"2017-01-08T06:35:14.240Z","updated_on":"2017-01-08T06:35:14.240Z","created_by":"Joe","assigned_to":"Joe","open":true,"status_text":"In QA"},...]

EXAMPLE: Go to /apitest/ project issues

API Tests: