Add tests to check permissions for editing other servers' data.

1 month ago · 4a28708479
parent 3430693dac
commit 4a28708479
1 changed files with 91 additions and 0 deletions
--- a/test/decentralised_book_index_web/live/live_views_permission_for_other_servers_data_test.exs
+++ b/test/decentralised_book_index_web/live/live_views_permission_for_other_servers_data_test.exs
@ -0,0 +1,91 @@
+defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsForOtherServersDataTest do
+  use DecentralisedBookIndexWeb.LiveCase, async: true
+
+  alias DecentralisedBookIndex.TestEndpoints
+  @test_server_endpoint TestEndpoints.test_api_endpoint()
+
+  setup do
+    moderator = generate(user(role: :moderator))
+    admin = generate(user(role: :admin))
+    server = generate(dbi_server(url: @test_server_endpoint))
+
+    %{
+      server: server,
+      moderator: moderator,
+      admin: admin,
+      users: [moderator, admin]
+    }
+  end
+
+  describe "Book Edit /books/:id/edit" do
+    setup %{server: server} do
+      %{book: generate(book(dbi_server_id: server.id))}
+    end
+
+    test "can't edit other servers' data", %{conn: conn, users: users, book: book} do
+      for user <- users do
+        redirect_url = "/books/#{book.id}"
+
+        assert {:error,
+                {:redirect,
+                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
+                 conn
+                 |> log_in_user(user)
+                 |> live("/books/#{book.id}/edit")
+      end
+    end
+  end
+
+  describe "Author Edit /authors/:id/edit" do
+    setup %{server: server} do
+      %{author: generate(author(dbi_server_id: server.id))}
+    end
+
+    test "can't edit other servers' data", %{conn: conn, users: users, author: author} do
+      for user <- users do
+        redirect_url = "/authors/#{author.id}"
+
+        assert {:error,
+                {:redirect,
+                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
+                 conn
+                 |> log_in_user(user)
+                 |> live("/authors/#{author.id}/edit")
+      end
+    end
+  end
+
+  describe "Publisher Edit /publishers/:id/edit" do
+    setup %{server: server} do
+      %{publisher: generate(publisher(dbi_server_id: server.id))}
+    end
+
+    test "can't edit other servers' data", %{conn: conn, admin: admin, publisher: publisher} do
+      for user <- [admin] do
+        redirect_url = "/publishers/#{publisher.id}"
+
+        assert {:error,
+                {:redirect,
+                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
+                 conn
+                 |> log_in_user(user)
+                 |> live("/publishers/#{publisher.id}/edit")
+      end
+    end
+  end
+
+  describe "Server Edit /servers/:id/edit" do
+    setup %{server: server} do
+      %{dbi_server: generate(dbi_server(dbi_server_id: server.id))}
+    end
+
+    test "can edit other servers' data", %{conn: conn, admin: admin, dbi_server: dbi_server} do
+      for user <- [admin] do
+        assert {:ok, _view, _html} =
+                 conn
+                 |> log_in_user(user)
+                 |> live("/servers/#{dbi_server.id}/edit")
+      end
+    end
+  end
+end