Add tests to check permissions for editing other servers' data.

1 month ago · 4a28708479
parent 3430693dac
commit 4a28708479
1 changed files with 91 additions and 0 deletions
--- a/test/decentralised_book_index_web/live/live_views_permission_for_other_servers_data_test.exs
+++ b/test/decentralised_book_index_web/live/live_views_permission_for_other_servers_data_test.exs
@ -0,0 +1,91 @@
 defmodule DecentralisedBookIndexWeb.LiveViewsPermissionsForOtherServersDataTest do
  use DecentralisedBookIndexWeb.LiveCase, async: true
  alias DecentralisedBookIndex.TestEndpoints
  @test_server_endpoint TestEndpoints.test_api_endpoint()
  setup do
    moderator = generate(user(role: :moderator))
    admin = generate(user(role: :admin))
    server = generate(dbi_server(url: @test_server_endpoint))
    %{
      server: server,
      moderator: moderator,
      admin: admin,
      users: [moderator, admin]
    }
  end
  describe "Book Edit /books/:id/edit" do
    setup %{server: server} do
      %{book: generate(book(dbi_server_id: server.id))}
    end
    test "can't edit other servers' data", %{conn: conn, users: users, book: book} do
      for user <- users do
        redirect_url = "/books/#{book.id}"
        assert {:error,
                {:redirect,
                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
                 conn
                 |> log_in_user(user)
                 |> live("/books/#{book.id}/edit")
      end
    end
  end
  describe "Author Edit /authors/:id/edit" do
    setup %{server: server} do
      %{author: generate(author(dbi_server_id: server.id))}
    end
    test "can't edit other servers' data", %{conn: conn, users: users, author: author} do
      for user <- users do
        redirect_url = "/authors/#{author.id}"
        assert {:error,
                {:redirect,
                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
                 conn
                 |> log_in_user(user)
                 |> live("/authors/#{author.id}/edit")
      end
    end
  end
  describe "Publisher Edit /publishers/:id/edit" do
    setup %{server: server} do
      %{publisher: generate(publisher(dbi_server_id: server.id))}
    end
    test "can't edit other servers' data", %{conn: conn, admin: admin, publisher: publisher} do
      for user <- [admin] do
        redirect_url = "/publishers/#{publisher.id}"
        assert {:error,
                {:redirect,
                 %{flash: %{"error" => "Can't edit other server's data!"}, to: ^redirect_url}}} =
                 conn
                 |> log_in_user(user)
                 |> live("/publishers/#{publisher.id}/edit")
      end
    end
  end
  describe "Server Edit /servers/:id/edit" do
    setup %{server: server} do
      %{dbi_server: generate(dbi_server(dbi_server_id: server.id))}
    end
    test "can edit other servers' data", %{conn: conn, admin: admin, dbi_server: dbi_server} do
      for user <- [admin] do
        assert {:ok, _view, _html} =
                 conn
                 |> log_in_user(user)
                 |> live("/servers/#{dbi_server.id}/edit")
      end
    end
  end
 end