Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package rootmux
import (
"encoding/json"
"testing"
"forge.grandlyon.com/apoyen/elections/internal/auth"
"forge.grandlyon.com/apoyen/sdk-go/pkg/tester"
)
/**
Banker TESTS (those tests are to check the bankers rights)
**/
func CapturerTests(t *testing.T) {
// Create the tester
ts, do, _ := createTester(t)
defer ts.Close() // Close the tester
tests := func() {
// Get the XSRF Token
response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
token := auth.TokenData{}
json.Unmarshal([]byte(response), &token)
xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}
// Create a capturer should fail with 405
do("POST", "/api/Capturer", xsrfHeader, `{"userID":2,"name":"Capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get the capturer connected
do("GET", "/api/Capturer/1", xsrfHeader, "", 200, `{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}`)
// Get another capturer should fail with 405
do("GET", "/api/Capturer/2", xsrfHeader, "", 403, `You can not access this ressource`)
// Get all the capturer return only the capturer connected
do("GET", "/api/Capturer/", xsrfHeader, "", 200, `[{"ID":1,"UserID":2,"Name":"Capturer","DeskRounds":[]}]`)
// Update a capturer should fail with 405
do("PUT", "/api/Capturer/1", xsrfHeader, `{"ID":1,"UserID":2,"Name":"capturer"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a capturer should fail with 405
do("DELETE", "/api/Capturer/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Create an election should fail with 405
do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get an Election
do("GET", "/api/Election/1", xsrfHeader, "", 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}],"Rounds":null}`)
// Get all the elections
do("GET", "/api/Election/", xsrfHeader, "", 200, `[{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}],"Rounds":null}]`)
// Update an election should fail with 405
do("PUT", "/api/Election/1", xsrfHeader, `{"Name":"Grand Lyon 2020", "BallotType":"metropolitan-direct"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete an election should fail with 405
do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Create an area should fail with 405
do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get an area
do("GET", "/api/Area/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}`)
// Get all the areas
do("GET", "/api/Area/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}]`)
// Update an area should fail with 405
do("PUT", "/api/Area/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete an area should fail with 405
do("DELETE", "/api/Area/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Create a section should fail with 405
do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get a section
do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}`)
do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}]`)
// Update a section should fail with 405
do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a section should fail with 405
do("DELETE", "/api/Section/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Create a desk should fail with 405
do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get a desk
do("GET", "/api/Desk/1", xsrfHeader, "", 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
do("GET", "/api/Desk/", xsrfHeader, "", 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}]`)
// Update a desk should fail with 405
do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a desk should fail with 405
do("DELETE", "/api/Desk/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Create a round should fail with 405
do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get a desk
do("GET", "/api/Round/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
// Get all the desks
do("GET", "/api/Round/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}]`)
// Update a desk should fail with 405
do("PUT", "/api/Round/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Date":"2020-07-28","Round":2}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a desk should fail with 405
do("DELETE", "/api/Round/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
do("POST", "/api/DeskRound", xsrfHeader, `{"ID":1,"RoundID":1,"DeskID":1,"Validated":false}`, 400, `method not allowed`)
// Get a DeskRound
do("GET", "/api/DeskRound/1", xsrfHeader, ``, 200, `{"ID":1,"RoundID":1,"DeskID":1,"Capturers":[],"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":[]}`)
// Get DeskRounds
do("GET", "/api/DeskRound/", xsrfHeader, ``, 200, `[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":[],"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":[]}]`)
// Update a desk should fail with 405
do("PUT", "/api/DeskRound/1", xsrfHeader, `{"ID":1,"RoundID":1,"DeskID":1,"Validated":false}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a DeskRound should fail with 400
do("DELETE", "/api/DeskRound/1", xsrfHeader, ``, 400, `method not allowed`)
// Create a Party should fail with 405
do("POST", "/api/Party", xsrfHeader, `{"Name":"MyGreatParty","Color":"#FFFFFF"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Get a party
do("GET", "/api/Party/1", xsrfHeader, "", 200, `{"ID":1,"Name":"MyGreatParty","Color":"#FFFFFF","CandidateLists":[]}`)
// Get all the parties
do("GET", "/api/Party/", xsrfHeader, "", 200, `[{"ID":1,"Name":"MyGreatParty","Color":"#FFFFFF","CandidateLists":[]}]`)
// Update a party should fail with 405
do("PUT", "/api/Party/1", xsrfHeader, `{"ID":1,"Name":"MyBigParty","Color":"#000000"}`, 405, `You're not authorize to execute this method on this ressource.`)
// Delete a party should fail with 405
do("DELETE", "/api/Party/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
// Add deskround to capturer should fail with 405
do("POST", "/api/CapturerDeskRound", xsrfHeader, `{"CapturerID":1,"DeskRoundID":1}`, 405, `You're not authorize to execute this method on this ressource.`)
// Remove DeskRound to capturer
do("DELETE", "/api/CapturerDeskRound/1", xsrfHeader, `{"CapturerID":1,"DeskRoundID":1}`, 405, `You're not authorize to execute this method on this ressource.`)
}
// Do a in memory login with an known admin
do("POST", "/Login", noH, `{"login": "capturer","password": "password"}`, 200, "")
tests()
// Try to logout (must pass)
do("GET", "/Logout", noH, "", 200, "Logout OK")
}