Skip to content

Commit

Permalink
Merge #753: Tag context authorization tests
Browse files Browse the repository at this point in the history 
b7f2a61 test: tag context authorization tests for admin users (Mario)
082adf0 test: tag context authorization tests for registered users (Mario)
7883dcc test: tag context authorization tests for guest users (Mario)

Pull request description:

  Part of #615

ACKs for top commit:
  josecelano:
    ACK b7f2a61

Tree-SHA512: b779d3050e6766c5bc8e270aa22646d72afb77271e0f5de608cc15b53f0e1ee0fd460110ccb4ca5347bd0f1bd3bf289889f0d623f7315b6304213c2d4d298b38
  • Loading branch information
@josecelano
josecelano committed Oct 25, 2024
2 parents 53c320d + b7f2a61 commit d8af067
Showing 1 changed file with 174 additions and 34 deletions.
208 changes: 174 additions & 34 deletions tests/e2e/web/api/v1/contexts/tag/contract.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,22 +50,6 @@ async fn it_should_return_a_tag_list() {
assert_eq!(response.status, 200);
}

#[tokio::test]
async fn it_should_not_allow_adding_a_new_tag_to_unauthenticated_users() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

let response = client
.add_tag(AddTagForm {
name: "TAG NAME".to_string(),
})
.await;

assert_eq!(response.status, 401);
}

#[tokio::test]
async fn it_should_not_allow_adding_a_new_tag_to_non_admins() {
let mut env = TestEnv::new();
Expand Down Expand Up @@ -148,31 +132,187 @@ async fn it_should_allow_admins_to_delete_tags() {
assert_deleted_tag_response(&response, tag_id);
}

#[tokio::test]
async fn it_should_not_allow_non_admins_to_delete_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
mod authorization {
mod for_guests {
use torrust_index::web::api;

let logged_in_non_admin = new_logged_in_user(&env).await;
let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);
use crate::common::client::Client;
use crate::common::contexts::tag::fixtures::random_tag_name;
use crate::common::contexts::tag::forms::{AddTagForm, DeleteTagForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::tag::steps::{add_random_tag, add_tag};

let (tag_id, _tag_name) = add_random_tag(&env).await;
#[tokio::test]
async fn it_should_not_allow_guest_users_to_add_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let response = client.delete_tag(DeleteTagForm { tag_id }).await;
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

assert_eq!(response.status, 403);
}
let response = client
.add_tag(AddTagForm {
name: "TAG NAME".to_string(),
})
.await;

#[tokio::test]
async fn it_should_not_allow_guests_to_delete_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;
assert_eq!(response.status, 401);
}

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());
#[tokio::test]
async fn it_should_not_allow_guest_users_to_delete_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let (tag_id, _tag_name) = add_random_tag(&env).await;
let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

let response = client.delete_tag(DeleteTagForm { tag_id }).await;
let (tag_id, _tag_name) = add_random_tag(&env).await;

let response = client.delete_tag(DeleteTagForm { tag_id }).await;

assert_eq!(response.status, 401);
}

#[tokio::test]
async fn it_should_allow_guest_users_to_get_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let client = Client::unauthenticated(&env.server_socket_addr().unwrap());

// Add a tag
let tag_name = random_tag_name();
let response = add_tag(&tag_name, &env).await;
assert_eq!(response.status, 200);

let response = client.get_tags().await;

assert_eq!(response.status, 200);
}
}
mod for_authenticated_users {
use torrust_index::web::api;

use crate::common::client::Client;
use crate::common::contexts::tag::fixtures::random_tag_name;
use crate::common::contexts::tag::forms::{AddTagForm, DeleteTagForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::tag::steps::{add_random_tag, add_tag};
use crate::e2e::web::api::v1::contexts::user::steps::new_logged_in_user;

assert_eq!(response.status, 401);
#[tokio::test]
async fn it_should_not_allow_registered_users_to_add_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_non_admin = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);

let response = client
.add_tag(AddTagForm {
name: "TAG NAME".to_string(),
})
.await;

assert_eq!(response.status, 403);
}

#[tokio::test]
async fn it_should_not_allow_registered_users_to_delete_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_non_admin = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);

let (tag_id, _tag_name) = add_random_tag(&env).await;

let response = client.delete_tag(DeleteTagForm { tag_id }).await;

assert_eq!(response.status, 403);
}
#[tokio::test]
async fn it_should_allow_registered_users_to_get_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_non_admin = new_logged_in_user(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_non_admin.token);

// Add a tag
let tag_name = random_tag_name();
let response = add_tag(&tag_name, &env).await;
assert_eq!(response.status, 200);

let response = client.get_tags().await;

assert_eq!(response.status, 200);
}
}

mod for_admin_users {
use torrust_index::web::api;

use crate::common::client::Client;
use crate::common::contexts::tag::fixtures::random_tag_name;
use crate::common::contexts::tag::forms::{AddTagForm, DeleteTagForm};
use crate::e2e::environment::TestEnv;
use crate::e2e::web::api::v1::contexts::tag::steps::{add_random_tag, add_tag};
use crate::e2e::web::api::v1::contexts::user::steps::new_logged_in_admin;

#[tokio::test]
async fn it_should_allow_admins_to_add_new_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let tag_name = random_tag_name();

let response = client
.add_tag(AddTagForm {
name: tag_name.to_string(),
})
.await;

assert_eq!(response.status, 200);
}
#[tokio::test]
async fn it_should_allow_admins_to_delete_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

let (tag_id, _tag_name) = add_random_tag(&env).await;

let response = client.delete_tag(DeleteTagForm { tag_id }).await;

assert_eq!(response.status, 200);
}
#[tokio::test]
async fn it_should_allow_admin_users_to_get_tags() {
let mut env = TestEnv::new();
env.start(api::Version::V1).await;

let logged_in_admin = new_logged_in_admin(&env).await;

let client = Client::authenticated(&env.server_socket_addr().unwrap(), &logged_in_admin.token);

// Add a tag
let tag_name = random_tag_name();
let response = add_tag(&tag_name, &env).await;
assert_eq!(response.status, 200);

let response = client.get_tags().await;

assert_eq!(response.status, 200);
}
}
}

0 comments on commit d8af067

Please sign in to comment.