From f406239b16e2aca7717aa9d31f6c374a5163ef74 Mon Sep 17 00:00:00 2001 From: KKlochko Date: Thu, 15 May 2025 11:50:33 +0300 Subject: [PATCH] Add tests to check permission for Show and Edit LiveViews. --- .../live/live_views_permission.exs | 330 +++++++++++++++++- 1 file changed, 326 insertions(+), 4 deletions(-) diff --git a/test/decentralised_book_index_web/live/live_views_permission.exs b/test/decentralised_book_index_web/live/live_views_permission.exs index bb0bf71..e11d573 100644 --- a/test/decentralised_book_index_web/live/live_views_permission.exs +++ b/test/decentralised_book_index_web/live/live_views_permission.exs @@ -1,8 +1,6 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do use DecentralisedBookIndexWeb.LiveCase, async: true - alias DecentralisedBookIndex.Metadata - setup do user = generate(user(role: :user)) moderator = generate(user(role: :moderator)) @@ -11,7 +9,8 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do %{ user: user, moderator: moderator, - admin: admin + admin: admin, + users: [nil, user, moderator, admin] } end @@ -44,7 +43,72 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do end end - describe "Author Index /author" do + describe "Book Show /books/:id" do + setup do + %{book: generate(book())} + end + + test "can be accessed by any user", %{conn: conn, users: users, book: book} do + for user <- users do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/books/#{book.id}") + + assert html =~ book.title + end + end + end + + describe "Book Edit /books/:id/new" do + test "can't be accessed by regular user", %{conn: conn, user: user} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/books/new") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/books/new") + + assert html =~ "New Book" + end + end + end + + describe "Book Edit /books/:id/edit" do + setup do + %{book: generate(book())} + end + + test "can't be accessed by regular user", %{conn: conn, user: user, book: book} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/books/#{book.id}/edit") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, book: book} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/books/#{book.id}/edit") + + assert html =~ "Edit Book" + end + end + end + + describe "Author Index /authors" do test "can be accessed by regular user", %{conn: conn, user: user} do {:ok, _view, html} = conn @@ -73,6 +137,71 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do end end + describe "Author Show /authors/:id" do + setup do + %{author: generate(author())} + end + + test "can be accessed by any user", %{conn: conn, users: users, author: author} do + for user <- users do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/authors/#{author.id}") + + assert html =~ author.name + end + end + end + + describe "Author Edit /authors/:id/new" do + test "can't be accessed by regular user", %{conn: conn, user: user} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/authors/new") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/authors/new") + + assert html =~ "New Author" + end + end + end + + describe "Author Edit /authors/:id/edit" do + setup do + %{author: generate(author())} + end + + test "can't be accessed by regular user", %{conn: conn, user: user, author: author} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/authors/#{author.id}/edit") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, author: author} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/authors/#{author.id}/edit") + + assert html =~ "Edit Author" + end + end + end + describe "Publisher Index /publishers" do test "can't be accessed by regular user", %{conn: conn, user: user} do assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} = @@ -100,6 +229,80 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do end end + describe "Publisher Show /publishers/:id" do + setup do + %{publisher: generate(publisher())} + end + + test "can't be accessed by regular user", %{conn: conn, user: user, publisher: publisher} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/publishers/#{publisher.id}") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, publisher: publisher} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/publishers/#{publisher.id}") + + assert html =~ publisher.name + end + end + end + + describe "Publisher Edit /publishers/:id/new" do + test "can't be accessed by regular user", %{conn: conn, user: user} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/publishers/new") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/publishers/new") + + assert html =~ "New Publisher" + end + end + end + + describe "Publisher Edit /publishers/:id/edit" do + setup do + %{publisher: generate(publisher())} + end + + test "can't be accessed by regular user", %{conn: conn, user: user, publisher: publisher} do + for user <- [nil, user] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/publishers/#{publisher.id}/edit") + end + end + + test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, publisher: publisher} do + for user <- [moderator, admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/publishers/#{publisher.id}/edit") + + assert html =~ "Edit Publisher" + end + end + end + describe "Server Index /servers" do test "can't be accessed by regular user", %{conn: conn, user: user} do assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} = @@ -125,6 +328,80 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do end end + describe "Server Show /servers/:id" do + setup do + %{server: generate(dbi_server())} + end + + test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator, server: server} do + for user <- [nil, user, moderator] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/servers/#{server.id}") + end + end + + test "can be accessed by admin", %{conn: conn, admin: admin, server: server} do + for user <- [admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/servers/#{server.id}") + + assert html =~ server.name + end + end + end + + describe "Server Edit /servers/:id/new" do + test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator} do + for user <- [nil, user, moderator] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/servers/new") + end + end + + test "can be accessed by admin", %{conn: conn, admin: admin} do + for user <- [admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/servers/new") + + assert html =~ "New Server" + end + end + end + + describe "Server Edit /servers/:id/edit" do + setup do + %{server: generate(dbi_server())} + end + + test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator, server: server} do + for user <- [nil, user, moderator] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/servers/#{server.id}/edit") + end + end + + test "can be accessed by admin", %{conn: conn, admin: admin, server: server} do + for user <- [admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/servers/#{server.id}/edit") + + assert html =~ "Edit Server" + end + end + end + describe "ObanWeb /oban" do test "can't be accessed by regular user", %{conn: conn, user: user} do assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} = @@ -165,4 +442,49 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do assert html =~ "Listing Users" end end + + describe "User Show /users/:id" do + test "can't be accessed by non-admin user", %{conn: conn, user: regular_user, moderator: moderator} do + for user <- [nil, regular_user, moderator] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/users/#{regular_user.id}") + end + end + + test "can be accessed by admin", %{conn: conn, admin: admin} do + for user <- [admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/users/#{user.id}") + + assert html =~ user.email.string + end + end + end + + describe "User Edit /users/:id/edit" do + test "can't be accessed by non-admin user", %{conn: conn, user: regular_user, moderator: moderator} do + for user <- [nil, regular_user, moderator] do + {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} + conn + |> log_in_user(user) + |> live("/users/#{regular_user.id}/edit") + end + end + + test "can be accessed by admin", %{conn: conn, admin: admin} do + for user <- [admin] do + {:ok, _view, html} = + conn + |> log_in_user(user) + |> live("/users/#{user.id}/edit") + + assert html =~ "Edit User" + end + end + end + end