Skip to content
Snippets Groups Projects
Normal view Permalink
capturer_test.go 4.42 KiB
Newer Older
  • Learn to ignore specific revisions
    • Alexis POYEN's avatar
    Resolve "API user capturer"
    Alexis POYEN committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
    package rootmux

import (
	"encoding/json"
	"testing"

	"forge.grandlyon.com/apoyen/elections/internal/auth"
	"forge.grandlyon.com/apoyen/sdk-go/pkg/tester"
)

/**
Banker TESTS (those tests are to check the bankers rights)
**/
func CapturerTests(t *testing.T) {
	// Create the tester
	ts, do, _ := createTester(t)
	defer ts.Close() // Close the tester
	tests := func() {
		// Get the XSRF Token
		response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
		token := auth.TokenData{}
		json.Unmarshal([]byte(response), &token)
		xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}

		// Create a capturer should fail with 405
		do("POST", "/api/Capturer", xsrfHeader, `{"userID":2,"name":"Capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get the capturer connected
		do("GET", "/api/Capturer/1", xsrfHeader, "", 200, `{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}`)
		// Get another capturer should fail with 405
		do("GET", "/api/Capturer/2", xsrfHeader, "", 403, `You can not access this ressource`)
		// Get all the capturer return only the capturer connected
		do("GET", "/api/Capturer/", xsrfHeader, "", 200, `[{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}]`)
		// Update a capturer should fail with 405
		do("PUT", "/api/Capturer/1", xsrfHeader, `{"ID":1,"UserID":2,"Name":"capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a capturer should fail with 405
		do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
    Alexis POYEN's avatar
    Resolve "Election API"  
    Alexis POYEN committed
    38 39 40 41 42 43 44 45 46 47 48 
    		// Create an election should fail with 405
		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get an Election should fail with 405
		do("GET", "/api/Election/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Get all the elections should fail with 405
		do("GET", "/api/Election/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Update an election should fail with 405
		do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete an election should fail with 405
		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
    Alexis POYEN's avatar
    Resolve "Areas API"  
    Alexis POYEN committed
    49 50 51 52 53 54 55 56 57 58 59 
    		// Create an area should fail with 405
		do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get an area should fail with 405
		do("GET", "/api/Area/1", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Get all the areas should fail with 405
		do("GET", "/api/Area/", xsrfHeader, "", 405, `You're not authorize to execute this method on this ressource.`)
		// Update an area should fail with 405
		do("PUT", "/api/Area/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete an area should fail with 405
		do("DELETE", "/api/Area/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
    Alexis POYEN's avatar
    Resolve "Sections API"  
    Alexis POYEN committed
    60 61 62 63 64 65 66 67 68 69 70 
    		// Create a section should fail with 405
		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Get a section
		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[]}`)
		// Get all the sections
		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[]}]`)
		// Update a section should fail with 405
		do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
		// Delete a section should fail with 405
		do("DELETE", "/api/Section/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
    Alexis POYEN's avatar
    Resolve "API user capturer"
    Alexis POYEN committed
    71 72 73 74 75 76 77 
    	}
	// Do a in memory login with an known admin
	do("POST", "/Login", noH, `{"login": "capturer","password": "password"}`, 200, "")
	tests()
	// Try to logout (must pass)
	do("GET", "/Logout", noH, "", 200, "Logout OK")
}