Add tests to check permission for Show and Edit LiveViews.

test/decentralised_book_index_web/live/live_views_permission.exs

@@ -1,8 +1,6 @@
 defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
   use DecentralisedBookIndexWeb.LiveCase, async: true
 
-  alias DecentralisedBookIndex.Metadata
-
   setup do
     user = generate(user(role: :user))
     moderator = generate(user(role: :moderator))
@@ -11,7 +9,8 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
     %{
       user: user,
       moderator: moderator,
-      admin: admin
+      admin: admin,
+      users: [nil, user, moderator, admin]
     }
   end
 
@@ -44,7 +43,72 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
     end
   end
 
-  describe "Author Index /author" do
+  describe "Book Show /books/:id" do
+    setup do
+      %{book: generate(book())}
+    end
+
+    test "can be accessed by any user", %{conn: conn, users: users, book: book} do
+      for user <- users do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/books/#{book.id}")
+
+        assert html =~ book.title
+      end
+    end
+  end
+
+  describe "Book Edit /books/:id/new" do
+    test "can't be accessed by regular user", %{conn: conn, user: user} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/books/new")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/books/new")
+
+        assert html =~ "New Book"
+      end
+    end
+  end
+
+  describe "Book Edit /books/:id/edit" do
+    setup do
+      %{book: generate(book())}
+    end
+
+    test "can't be accessed by regular user", %{conn: conn, user: user, book: book} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/books/#{book.id}/edit")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, book: book} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/books/#{book.id}/edit")
+
+        assert html =~ "Edit Book"
+      end
+    end
+  end
+
+  describe "Author Index /authors" do
     test "can be accessed by regular user", %{conn: conn, user: user} do
       {:ok, _view, html} =
         conn
@@ -73,6 +137,71 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
     end
   end
 
+  describe "Author Show /authors/:id" do
+    setup do
+      %{author: generate(author())}
+    end
+
+    test "can be accessed by any user", %{conn: conn, users: users, author: author} do
+      for user <- users do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/authors/#{author.id}")
+
+        assert html =~ author.name
+      end
+    end
+  end
+
+  describe "Author Edit /authors/:id/new" do
+    test "can't be accessed by regular user", %{conn: conn, user: user} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/authors/new")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/authors/new")
+
+        assert html =~ "New Author"
+      end
+    end
+  end
+
+  describe "Author Edit /authors/:id/edit" do
+    setup do
+      %{author: generate(author())}
+    end
+
+    test "can't be accessed by regular user", %{conn: conn, user: user, author: author} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/authors/#{author.id}/edit")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, author: author} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/authors/#{author.id}/edit")
+
+        assert html =~ "Edit Author"
+      end
+    end
+  end
+
   describe "Publisher Index /publishers" do
     test "can't be accessed by regular user", %{conn: conn, user: user} do
       assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} =
@@ -100,6 +229,80 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
     end
   end
 
+  describe "Publisher Show /publishers/:id" do
+    setup do
+      %{publisher: generate(publisher())}
+    end
+
+    test "can't be accessed by regular user", %{conn: conn, user: user, publisher: publisher} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/#{publisher.id}")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, publisher: publisher} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/#{publisher.id}")
+
+        assert html =~ publisher.name
+      end
+    end
+  end
+
+  describe "Publisher Edit /publishers/:id/new" do
+    test "can't be accessed by regular user", %{conn: conn, user: user} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/new")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/new")
+
+        assert html =~ "New Publisher"
+      end
+    end
+  end
+
+  describe "Publisher Edit /publishers/:id/edit" do
+    setup do
+      %{publisher: generate(publisher())}
+    end
+
+    test "can't be accessed by regular user", %{conn: conn, user: user, publisher: publisher} do
+      for user <- [nil, user] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/#{publisher.id}/edit")
+      end
+    end
+
+    test "can be accessed by moderator and admin", %{conn: conn, moderator: moderator, admin: admin, publisher: publisher} do
+      for user <- [moderator, admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/publishers/#{publisher.id}/edit")
+
+        assert html =~ "Edit Publisher"
+      end
+    end
+  end
+
   describe "Server Index /servers" do
     test "can't be accessed by regular user", %{conn: conn, user: user} do
       assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} =
@@ -125,6 +328,80 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
     end
   end
 
+  describe "Server Show /servers/:id" do
+    setup do
+      %{server: generate(dbi_server())}
+    end
+
+    test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator, server: server} do
+      for user <- [nil, user, moderator] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/servers/#{server.id}")
+      end
+    end
+
+    test "can be accessed by admin", %{conn: conn, admin: admin, server: server} do
+      for user <- [admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/servers/#{server.id}")
+
+        assert html =~ server.name
+      end
+    end
+  end
+
+  describe "Server Edit /servers/:id/new" do
+    test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator} do
+      for user <- [nil, user, moderator] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/servers/new")
+      end
+    end
+
+    test "can be accessed by admin", %{conn: conn, admin: admin} do
+      for user <- [admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/servers/new")
+
+        assert html =~ "New Server"
+      end
+    end
+  end
+
+  describe "Server Edit /servers/:id/edit" do
+    setup do
+      %{server: generate(dbi_server())}
+    end
+
+    test "can't be accessed by non-admin user", %{conn: conn, user: user, moderator: moderator, server: server} do
+      for user <- [nil, user, moderator] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/servers/#{server.id}/edit")
+      end
+    end
+
+    test "can be accessed by admin", %{conn: conn, admin: admin, server: server} do
+      for user <- [admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/servers/#{server.id}/edit")
+
+        assert html =~ "Edit Server"
+      end
+    end
+  end
+
   describe "ObanWeb /oban" do
     test "can't be accessed by regular user", %{conn: conn, user: user} do
       assert {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}} =
@@ -165,4 +442,49 @@ defmodule DecentralisedBookIndexWeb.LiveViewsPermissions do
       assert html =~ "Listing Users"
     end
   end
+
+  describe "User Show /users/:id" do
+    test "can't be accessed by non-admin user", %{conn: conn, user: regular_user, moderator: moderator} do
+      for user <- [nil, regular_user, moderator] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/users/#{regular_user.id}")
+      end
+    end
+
+    test "can be accessed by admin", %{conn: conn, admin: admin} do
+      for user <- [admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/users/#{user.id}")
+
+        assert html =~ user.email.string
+      end
+    end
+  end
+
+  describe "User Edit /users/:id/edit" do
+    test "can't be accessed by non-admin user", %{conn: conn, user: regular_user, moderator: moderator} do
+      for user <- [nil, regular_user, moderator] do
+        {:error, {:redirect, %{flash: %{"error" => "Unauthorized!"}, to: "/"}}}
+          conn
+          |> log_in_user(user)
+          |> live("/users/#{regular_user.id}/edit")
+      end
+    end
+
+    test "can be accessed by admin", %{conn: conn, admin: admin} do
+      for user <- [admin] do
+        {:ok, _view, html} =
+          conn
+          |> log_in_user(user)
+          |> live("/users/#{user.id}/edit")
+
+        assert html =~ "Edit User"
+      end
+    end
+  end
+
 end