Skip to content

Commit

Permalink
test(api): Update users.contract.ts and add more custom-widgets tests
Browse files Browse the repository at this point in the history
  • Loading branch information
alepefe committed Nov 13, 2024
1 parent b45b1a5 commit dcab030
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 19 deletions.
85 changes: 67 additions & 18 deletions api/test/e2e/users/custom-widgets/custom-widget-crud.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -127,24 +127,6 @@ describe('Custom Widgets API', () => {
});

describe('Read API', () => {
it("Shouldn't allow anonymous users to read custom widgets", async () => {
// Given
await entityMocks.createCustomWidget({
name: 'custom-widget',
user: { id: testUser.id },
widget: { indicator: baseWidget.indicator },
});

// When
const res = await testManager
.request()
.get(`/users/${VALID_UUID}/widgets`);

// Then
expect(res.status).toBe(401);
expect(res.body.errors).toBeDefined();
});

it('Should allow authenticated users to read their custom widgets', async () => {
// Given
await entityMocks.createCustomWidget({
Expand Down Expand Up @@ -284,6 +266,73 @@ describe('Custom Widgets API', () => {
expect(res.status).toBe(403);
expect(res.body.errors).toBeDefined();
});

it("Shouldn't allow authenticated users to read other user's custom widgets by id", async () => {
// Given
// Other user's custom widgets
const { user: otherUser } = await testManager.setUpTestUser({
email: '[email protected]',
});
const createdCustomWidget = await entityMocks.createCustomWidget({
name: 'other-user-custom-widget1',
user: { id: otherUser.id },
widget: { indicator: baseWidget.indicator },
});

// When
const res = await testManager
.request()
.get(`/users/${otherUser.id}/widgets/${createdCustomWidget.id}`)
.set('Authorization', `Bearer ${authToken}`);

// Then
expect(res.status).toBe(403);
expect(res.body.errors).toBeDefined();
});

it("Shouldn't allow anonymous users to read other user's custom widgets", async () => {
// Given
// Other user's custom widgets
const { user: otherUser } = await testManager.setUpTestUser({
email: '[email protected]',
});
await entityMocks.createCustomWidget({
name: 'other-user-custom-widget1',
user: { id: otherUser.id },
widget: { indicator: baseWidget.indicator },
});

// When
const res = await testManager
.request()
.get(`/users/${otherUser.id}/widgets`);

// Then
expect(res.status).toBe(401);
expect(res.body.errors).toBeDefined();
});

it("Shouldn't allow anonymous users to read other user's custom widgets by id", async () => {
// Given
// Other user's custom widgets
const { user: otherUser } = await testManager.setUpTestUser({
email: '[email protected]',
});
const createdCustomWidget = await entityMocks.createCustomWidget({
name: 'other-user-custom-widget1',
user: { id: otherUser.id },
widget: { indicator: baseWidget.indicator },
});

// When
const res = await testManager
.request()
.get(`/users/${otherUser.id}/widgets/${createdCustomWidget.id}`);

// Then
expect(res.status).toBe(401);
expect(res.body.errors).toBeDefined();
});
});

describe('Update API', () => {
Expand Down
5 changes: 4 additions & 1 deletion shared/contracts/users.contract.ts
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,8 @@ export const usersContract = contract.router({
query: generateEntityQuerySchema(CustomWidget),
responses: {
200: contract.type<ApiPaginationResponse<CustomWidget>>(),
400: contract.type<JSONAPIError>(),
401: contract.type<JSONAPIError>(),
403: contract.type<JSONAPIError>(),
404: contract.type<JSONAPIError>(),
500: contract.type<JSONAPIError>(),
},
Expand All @@ -138,6 +139,8 @@ export const usersContract = contract.router({
responses: {
200: contract.type<ApiResponse<CustomWidget>>(),
400: contract.type<JSONAPIError>(),
401: contract.type<JSONAPIError>(),
403: contract.type<JSONAPIError>(),
404: contract.type<JSONAPIError>(),
500: contract.type<JSONAPIError>(),
},
Expand Down

0 comments on commit dcab030

Please sign in to comment.