diff options
Diffstat (limited to 'server/src/tests.rs')
| -rw-r--r-- | server/src/tests.rs | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/server/src/tests.rs b/server/src/tests.rs index b6476a0..a658c33 100644 --- a/server/src/tests.rs +++ b/server/src/tests.rs @@ -365,3 +365,197 @@ async fn test_project_new_user() { assert_eq!(other_entry.default_role, api_model::UserReviewRole::Watcher); assert_eq!(other_entry.maintainer, true); } + +#[rocket::async_test] +async fn test_project_change_user() { + let client = async_client_with_private_database(function_name!().to_string()).await; + + login(&client).await; + + let project = new_project(&client).await; + let project_url = format!("/api/v1/project/{}", project.id); + + let users = get_users(&client).await; + let user = users.users.iter().find(|u| u.username == "user").unwrap(); + let other = users.users.iter().find(|u| u.username == "other").unwrap(); + + let new = client + .post(format!("{project_url}/user/new?userid={}", other.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Watcher), + maintainer: Some(true), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(new.status(), Status::Ok); + + let update = client + .post(format!("{project_url}/user/{}", user.id)) + .json(&api_model::ProjectUserEntryData { + default_role: None, + maintainer: Some(false), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(update.status(), Status::Ok); + + let updated_project = get_project_from(client.get(project_url)).await; + assert_eq!(updated_project.users.len(), 2); + let user_entry = updated_project + .users + .iter() + .find(|ue| ue.user.id == user.id) + .unwrap(); + assert_eq!(user_entry.user, *user); + assert_eq!(user_entry.default_role, api_model::UserReviewRole::Reviewer); + assert_eq!(user_entry.maintainer, false); +} + +#[rocket::async_test] +async fn test_project_check_maintainer() { + let client = async_client_with_private_database(function_name!().to_string()).await; + + login(&client).await; + + let project = new_project(&client).await; + let project_url = format!("/api/v1/project/{}", project.id); + + let users = get_users(&client).await; + let user = users.users.iter().find(|u| u.username == "user").unwrap(); + let other = users.users.iter().find(|u| u.username == "other").unwrap(); + + let new = client + .post(format!("{project_url}/user/new?userid={}", other.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Watcher), + maintainer: Some(true), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(new.status(), Status::Ok); + + let update = client + .post(format!("{project_url}/user/{}", user.id)) + .json(&api_model::ProjectUserEntryData { + default_role: None, + maintainer: Some(false), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(update.status(), Status::Ok); + + let try_update_project = client + .post(project_url.clone()) + .json(&api_model::ProjectData { + title: None, + description: Some("fool"), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(try_update_project.status(), Status::Unauthorized); + + let not_updated_project = get_project_from(client.get(project_url)).await; + assert_eq!(not_updated_project.description, "bar"); +} + +#[rocket::async_test] +async fn test_project_dont_check_maintainer() { + let client = async_client_with_private_database(function_name!().to_string()).await; + + login(&client).await; + + let project = new_project(&client).await; + let project_url = format!("/api/v1/project/{}", project.id); + + let users = get_users(&client).await; + let user = users.users.iter().find(|u| u.username == "user").unwrap(); + let other = users.users.iter().find(|u| u.username == "other").unwrap(); + + let new = client + .post(format!("{project_url}/user/new?userid={}", other.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Watcher), + maintainer: Some(true), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(new.status(), Status::Ok); + + let update_maintainer = client + .post(format!("{project_url}/user/{}", user.id)) + .json(&api_model::ProjectUserEntryData { + default_role: None, + maintainer: Some(false), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(update_maintainer.status(), Status::Ok); + + // Can still update default role for user ("me") + let update_default_role = client + .post(format!("{project_url}/user/{}", user.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Watcher), + maintainer: None, + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(update_default_role.status(), Status::Ok); + + // But updating default role for other is no longer allowed. + let update_other_default_role = client + .post(format!("{project_url}/user/{}", other.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Reviewer), + maintainer: None, + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(update_other_default_role.status(), Status::Unauthorized); +} + +#[rocket::async_test] +async fn test_project_delete_user() { + let client = async_client_with_private_database(function_name!().to_string()).await; + + login(&client).await; + + let project = new_project(&client).await; + let project_url = format!("/api/v1/project/{}", project.id); + + let users = get_users(&client).await; + let user = users.users.iter().find(|u| u.username == "user").unwrap(); + let other = users.users.iter().find(|u| u.username == "other").unwrap(); + + let new = client + .post(format!("{project_url}/user/new?userid={}", other.id)) + .json(&api_model::ProjectUserEntryData { + default_role: Some(api_model::UserReviewRole::Watcher), + maintainer: Some(true), + }) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(new.status(), Status::Ok); + + let delete = client + .delete(format!("{project_url}/user/{}", user.id)) + .header(&FAKE_IP) + .dispatch() + .await; + assert_eq!(delete.status(), Status::Ok); + + let updated_project = get_project_from(client.get(project_url)).await; + assert_eq!(updated_project.users.len(), 1); + let other_entry = updated_project.users.get(0).unwrap(); + assert_eq!(other_entry.user, *other); +} |